tmkms icon indicating copy to clipboard operation
tmkms copied to clipboard
verified publisher icon tendermint

Detect chain ID mismatches between KMS and validators

Open tarcieri opened this issue 6 years ago • 1 comments

When the chain_id is configured incorrectly in tmkms.toml, this manifests in practice as the following error (on gaiad / tendermint side):

Error attempting to add vote
module=consensus err="Failed to verify vote with ChainID game_of_stakes_3 and PubKey PubKeyEd25519{4A25C6640A1F72B9C975338294EF51B6D1C33158BB6ECBA69FBC3FB5A33C9DCE}: Invalid signature"

Ideally either side (or both) would notice the other is advertising an unexpected chain_id and print a (potentially fatal) error message

tarcieri avatar Jan 03 '19 19:01 tarcieri

The problem here is that the chain_id currently is not send around between the kms <-> tendemint. So both sides currently do not know of the other's chain_id (hence can't check if they differ). There is an open issue about sending along the chain_id with the vote: https://github.com/tendermint/tendermint/issues/2665#issuecomment-433632585

liamsi avatar Jan 03 '19 19:01 liamsi