feat!: only distribute rewards to validators that have been validating a consumer chain for some time

[insumity]

Description

Closes: (partially) #1926 and https://github.com/informalsystems/interchain-security/issues/27

Problem
A validator might opt in to a consumer chain simply to retrieve rewards without validating the consumer chain for too long.

Solution
We introduce a height field in ConsumerValidators. This height corresponds to the block height of the provider chain when the consumer validator first became a consumer validator. The set height of a ConsumerValidator remains stable as long as the validator remains a consumer validator. The height of a ConsumerValidator only resets if a validator stops being a consumer validator and later becomes again a consumer validator.

We introduce a new param NumberOfEpochsToStartReceivingRewards and a validator can only start receiving rewards after being a consumer validator for NumberOfEpochsToStartReceivingRewards epochs or after NumberOfEpochsToStartReceivingRewards * BlocksPerEpoch blocks.

Note that at the beginning of a provider chain (e.g., when the block height of the provider is still small), no validator could have been a consumer validator for more than NumberOfEpochsToStartReceivingRewards epochs and hence in this case we distribute rewards to validators, even though they might have not been validating the consumer chain for more than a single epoch.

Finally, note that in a consumer chain that just starts, no validator would receive rewards during the first NumberOfEpochsToStartReceivingRewards epochs. During this time, any rewards sent to the provider from the consumer chain through IBC transfers will be allocated to the community pool.

Testing
Two main things are being tested:

• the height of a consumer validator is not being reset if the validator remains a consumer validator (unit test TestQueueVSCPacketsDoesNotResetConsumerValidatorsHeights);
• that validators only receive rewards if they have been consumer validators for some time (integration test TestAllocateTokensToConsumerValidatorsWithDifferentValidatorHeights).

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• Included the correct type prefix in the PR title
• Added ! to the type prefix if the change is state-machine breaking
• Confirmed this PR does not introduce changes requiring state migrations, OR migration code has been added to consumer and/or provider modules
• Targeted the correct branch (see PR Targeting)
• Provided a link to the relevant issue or specification
• Followed the guidelines for building SDK modules
• Included the necessary unit and integration tests
• Added a changelog entry to CHANGELOG.md
• Included comments for documenting Go code
• Updated the relevant documentation or specification
• Reviewed "Files changed" and left comments if necessary
• Confirmed all CI checks have passed
• If this PR is library API breaking, bump the go.mod version string of the repo, and follow through on a new major release

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed ! the type prefix if the change is state-machine breaking
• confirmed this PR does not introduce changes requiring state migrations, OR confirmed migration code has been added to consumer and/or provider modules
• confirmed all author checklist items have been addressed
• reviewed state machine logic
• reviewed API design and naming
• reviewed documentation is accurate
• reviewed tests and test coverage

Summary by CodeRabbit

• New Features

  • Implemented a new reward distribution mechanism where validators receive rewards only after validating for a specific number of blocks.
  • Introduced a new parameter, NumberOfEpochsToStartReceivingRewards, to configure reward eligibility.

• Documentation

  • Updated documentation to include a warning about validator rewards eligibility and revised instructions for withdrawing rewards.

• Tests

  • Added tests to validate the new reward eligibility criteria and ensure accurate token allocation based on validator heights.

• Migration

  • Implemented functions for migrating provider chain parameters and ensuring compatibility with the new reward distribution system.

[insumity]

This test was practically testing AllocateTokensToConsumerValidators so renamed it.

[sainoe]

Maybe it's safer to log an error like "fail to get consumer validator info" and then return false. In this scenario, the consumer validator would just have its height reset, right?

[insumity]

Yes, that is correct, the height would reset. This implies that the validator would never get rewards but this seems better than halting the provider chain. Fixed it.

[coderabbitai]

Warning

Rate limit exceeded

@insumity has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 5 minutes and 40 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Commits

Files that changed from the base of the PR and between 3954091 and d28aba5.

Walkthrough

This update introduces a new parameter, NumberOfEpochsToStartReceivingRewards, which delays reward distribution to validators until they have been validating for a specified number of blocks. The integration also encompasses adjustments to documentation, tests, and migration scripts to incorporate this parameter and ensure the system correctly reflects validation duration in reward allocations.

Changes

Files	Change Summary
.changelog/unreleased/improvements/provider/...	Added a summary for changes related to distributing rewards to long-term validating validators.
.changelog/unreleased/state-breaking/provider/...	Summarized state-breaking changes related to reward distribution based on validation duration.
docs/docs/validators/withdraw_rewards.md	Updated title and added warning about validator reward eligibility based on validation duration.
proto/interchain_security/ccv/provider/v1/provider.proto	Introduced new fields in Params and ConsumerValidator messages for reward eligibility and validator height.
tests/integration/distribution.go	Renamed and added functions to test reward allocation among validators with different heights.
x/ccv/provider/keeper/distribution.go	Added IsEligibleForConsumerRewards function and integrated it into reward allocation and total power computation.
x/ccv/provider/keeper/distribution_test.go	Added tests for IsEligibleForConsumerRewards and setting of BlocksPerEpoch parameter in total power computation.
x/ccv/provider/keeper/relay_test.go	Added a test to ensure consumer validator heights are maintained during packet queuing.
x/ccv/provider/migrations/migrator.go	Updated Migrate5to6 function to call new migration functions for parameters and minimum power.
x/ccv/provider/migrations/v6/migration_test.go	Added test to verify parameter migration related to epochs.
x/ccv/provider/migrations/v6/migrations.go	Added new function for migrating provider chain parameters.
x/ccv/provider/types/params.go	Added and validated new parameter NumberOfEpochsToStartReceivingRewards in Params struct along with default values and key constants.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

Outside diff range and nitpick comments (8)

.changelog/unreleased/improvements/provider/1929-distribute-rewards-to-long-term-validating-validators.md (2)

2-2: Consider using a markdown link description for the bare URL to improve readability.

- for a fixed number of blocks. ([PR #1929](https://github.com/cosmos/interchain-security/pull/1929))

---

3-3: Ensure the file ends with a single newline character to adhere to common markdown practices.

.changelog/unreleased/state-breaking/provider/1929-distribute-rewards-to-long-term-validating-validators.md (2)

2-2: Consider using a markdown link description for the bare URL to improve readability.

- for a fixed number of blocks. ([PR #1929](https://github.com/cosmos/interchain-security/pull/1929))

---

3-3: Ensure the file ends with a single newline character to adhere to common markdown practices.

docs/docs/validators/withdraw_rewards.md (4)

10-10: Remove trailing spaces to adhere to markdown best practices.

`NumberOfEpochsToStartReceivingRewards * BlocksPerEpoch` blocks (run `interchain-security-pd query provider params` for

---

14-14: Reduce multiple consecutive blank lines to a single blank line to adhere to markdown best practices.

Also applies to: 53-53

---

15-15: Ensure headings are surrounded by blank lines for better readability and to adhere to markdown best practices.

Also applies to: 38-38, 56-56, 63-63

---

Line range hint 57-57: Ensure fenced code blocks are surrounded by blank lines for proper formatting.

[sainoe]

This comment is slightly confusing. What does it imply if the provider chain hasn't reached GetNumberOfEpochsToStartReceivingRewards * GetBlocksPerEpoch? Why should the validators get rewards based on that?

[insumity]

I have a comment in this PR's description that I slightly updated about this:

Note that at the beginning of a provider chain (e.g., when the block height of the provider is still small), no validator could have been a consumer validator for more than NumberOfEpochsToStartReceivingRewards epochs and hence in this case we distribute rewards to validators, even though they might have not been validating the consumer chain for more than a single epoch.

I introduced the IsEligibleForConsumerRewards as you suggested and added that comment there as well to make it clear. If this did not clarify things, let me know and I'll update this.

[p-offtermatt]

If I get it correctly, the UX for chains with a validator set size cap is pretty bad.
Small validators that get pushed in/out of the set might not be in consumer validators long enough to get any rewards, even though they might actually be validating on the consumer chain and stay opted in all the time, right?

A large validator could even cause this maliciously, opting in/out so that they a) never stay opted in long enough to get jailed for downtime b) validators around the border get pushed in/out, but never stay in the set long enough to obtain any rewards

The bad thing is that the large validator doesn't even have to run a consumer node for this, they just opt out before they would be punished for non-signing, so it doesn't actually cost them anything to do this attack.
(This behaviour is even possible today, but this change makes it worse for validators, I assume. Maybe it's not a big deal though, hard to judge)

[sainoe]

LGTM

[mpoke]

Does this mean that a validator not being eligible results in the other validators getting more rewards?

[insumity]

Yes, this could potentially happen. For instance, consider you have 2 validators A and B with powers 100 and 400 respectively, so the totalPower would have been 500. If both validators are eligible, then A would get 100/500 of the tokens, while B would get 400 / 500 of the tokens. However, if validator B is not eligible for rewards, this would mean that totalPower is only 100 and hence A gets all (i.e,. 100/100) the tokens.

Added this comment:

// if a validator is not eligible, this means that the other eligible validators would get more rewards

in AllocateTokensToConsumerValidators.

[mpoke]

Blocking merging this before we address this comment

Dismissing as discussed, this should not be blocked anymore

[coderabbitai]

Actionable comments posted: 3

Outside diff range and nitpick comments (2)

docs/docs/validators/withdraw_rewards.md (2)

Line range hint 24-24: Consider revising "Prior to" to a more concise form to enhance readability.

- Prior to withdrawing rewards, query balances for self-delegation address:
+ Before withdrawing rewards, query balances for self-delegation address:

Tools

Markdownlint

10-10: Expected: 0 or 2; Actual: 1 (MD009, no-trailing-spaces)
Trailing spaces

---

14-14: Expected: 1; Actual: 2 (MD012, no-multiple-blanks)
Multiple consecutive blank lines

---

15-15: Expected: 1; Actual: 0; Below (MD022, blanks-around-headings)
Headings should be surrounded by blank lines

---

Line range hint 64-64: Add a comma after "withdrawal" for grammatical correctness.

- After withdrawing rewards self-delegation address balance to confirm rewards were withdrawn:
+ After withdrawing rewards, self-delegation address balance to confirm rewards were withdrawn:

Tools

Markdownlint

10-10: Expected: 0 or 2; Actual: 1 (MD009, no-trailing-spaces)
Trailing spaces

---

14-14: Expected: 1; Actual: 2 (MD012, no-multiple-blanks)
Multiple consecutive blank lines

---

15-15: Expected: 1; Actual: 0; Below (MD022, blanks-around-headings)
Headings should be surrounded by blank lines

[coderabbitai]

The explanation is clear and concise. However, consider revising "run interchain-security-pd query provider params" to explicitly state where or how to run this command for clarity.

- run `interchain-security-pd query provider params` for the actual values
+ use the command `interchain-security-pd query provider params` in the appropriate command line interface to retrieve the actual values

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	:::tip
	A validator can only receive rewards from a consumer chain if the validator has been validating the consumer chain
	for some time. Specifically, the validator has to be a consumer validator of the consumer chain for at least
	`NumberOfEpochsToStartReceivingRewards * BlocksPerEpoch` blocks (run `interchain-security-pd query provider params` for
	the actual values of the `NumberOfEpochsToStartReceivingRewards` and `BlocksPerEpoch` params).
	:::tip
	A validator can only receive rewards from a consumer chain if the validator has been validating the consumer chain
	for some time. Specifically, the validator has to be a consumer validator of the consumer chain for at least
	`NumberOfEpochsToStartReceivingRewards * BlocksPerEpoch` blocks (use the command `interchain-security-pd query provider params` in the appropriate command line interface to
	retrieve the actual values of the `NumberOfEpochsToStartReceivingRewards` and `BlocksPerEpoch` params).

Tools

Markdownlint

10-10: Expected: 0 or 2; Actual: 1 (MD009, no-trailing-spaces)
Trailing spaces

[coderabbitai]

There's a typo in the error message: "received" should be "receiving".

- return fmt.Errorf("number of epochs to start received rewards is invalid: %s", err)
+ return fmt.Errorf("number of epochs to start receiving rewards is invalid: %s", err)

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	return fmt.Errorf("number of epochs to start received rewards is invalid: %s", err)
	return fmt.Errorf("number of epochs to start receiving rewards is invalid: %s", err)

[coderabbitai]

The documentation for DefaultNumberOfEpochsToStartReceivingRewards is comprehensive and clearly explains its purpose. However, the word "stat" in line 47 should be corrected to "start".

- // `NumberOfEpochsToStartReceivingRewards * BlocksPerEpoch` on a consumer chain to stat receiving rewards from the chain.
+ // `NumberOfEpochsToStartReceivingRewards * BlocksPerEpoch` on a consumer chain to start receiving rewards from the chain.

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// DefaultNumberOfEpochsToStartReceivingRewards defines the default minimum number of epochs required by a validator to validate
	// during so that the validator can start receiving rewards. This would mean that a validator has to be a consumer validator for at least
	// `NumberOfEpochsToStartReceivingRewards * BlocksPerEpoch` on a consumer chain to stat receiving rewards from the chain.
	// Note that after a validator starts receiving rewards, the validator would keep receiving rewards every time the
	// consumer chain sends an IBC transfer over to the provider. This value only sets a constraint on when a validator
	// can first start receiving rewards to avoid cases where a validator just opts in to receive rewards and then opts out
	// immediately afterward.
	// Current default values for blocks per epoch corresponds to about 1 hour, so with 24 being the
	// minimum amount of epochs, this would imply that a validator has to validate at least for 1 day to receive rewards.
	DefaultNumberOfEpochsToStartReceivingRewards = int64(24)
	// DefaultNumberOfEpochsToStartReceivingRewards defines the default minimum number of epochs required by a validator to validate
	// during so that the validator can start receiving rewards. This would mean that a validator has to be a consumer validator for at least
	// `NumberOfEpochsToStartReceivingRewards * BlocksPerEpoch` on a consumer chain to start receiving rewards from the chain.
	// Note that after a validator starts receiving rewards, the validator would keep receiving rewards every time the
	// consumer chain sends an IBC transfer over to the provider. This value only sets a constraint on when a validator
	// can first start receiving rewards to avoid cases where a validator just opts in to receive rewards and then opts out
	// immediately afterward.
	// Current default values for blocks per epoch corresponds to about 1 hour, so with 24 being the
	// minimum amount of epochs, this would imply that a validator has to validate at least for 1 day to receive rewards.
	DefaultNumberOfEpochsToStartReceivingRewards = int64(24)

[coderabbitai]

Actionable comments posted: 4

Outside diff range and nitpick comments (5)

docs/docs/validators/withdraw_rewards.md (5)

7-11: Clarify the calculation for the number of blocks needed for reward eligibility.

Consider providing an example calculation to illustrate how long a validator needs to be active to qualify for rewards, based on typical values for NumberOfEpochsToStartReceivingRewards and BlocksPerEpoch.

---

Line range hint 38-38: Add a blank line above the heading for better Markdown formatting.

+
## Querying validator rewards

Tools

Markdownlint

14-14: Expected: 1; Actual: 2 (MD012, no-multiple-blanks)
Multiple consecutive blank lines

---

15-15: Expected: 1; Actual: 0; Below (MD022, blanks-around-headings)
Headings should be surrounded by blank lines

---

Line range hint 56-56: Add a blank line above the heading for better Markdown formatting.

+
## Withdrawing rewards and commission

Tools

Markdownlint

14-14: Expected: 1; Actual: 2 (MD012, no-multiple-blanks)
Multiple consecutive blank lines

---

15-15: Expected: 1; Actual: 0; Below (MD022, blanks-around-headings)
Headings should be surrounded by blank lines

---

Line range hint 63-63: Add a blank line above the heading for better Markdown formatting.

+
### 1. Withdraw rewards

Tools

Markdownlint

14-14: Expected: 1; Actual: 2 (MD012, no-multiple-blanks)
Multiple consecutive blank lines

---

15-15: Expected: 1; Actual: 0; Below (MD022, blanks-around-headings)
Headings should be surrounded by blank lines

---

Line range hint 57-57: Add blank lines around the fenced code block for correct Markdown formatting.

+
```bash
gaiad tx distribution withdraw-rewards cosmosvaloper1e5yfpc8l6g4808fclmlyd38tjgxuwshnmjkrq6 --from cosmos1e5yfpc8l6g4808fclmlyd38tjgxuwshn7xzkvf --commission --chain-id provider --gas auto --fees 500uatom -b block -y

<details>
<summary>Tools</summary>

<details>
<summary>Markdownlint</summary><blockquote>

14-14: Expected: 1; Actual: 2 (MD012, no-multiple-blanks)
Multiple consecutive blank lines

---

15-15: Expected: 1; Actual: 0; Below (MD022, blanks-around-headings)
Headings should be surrounded by blank lines

</blockquote></details>

</details>

</blockquote></details>

</blockquote></details>



<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

Tip

Codebase Verification

The search results did not reveal any specific migration logic for the new height field in consumer validators. This confirms that there is no existing migration strategy to handle this new field.

• The introduction of the new height field in consumer validators requires a state migration to populate this field for existing validators.
• Ensure a migration strategy is implemented to handle this new field during the upgrade process.

Analysis chain

The concern about migrating all consumer validator state is valid. It's important to ensure that there is a migration strategy in place to populate the new height field for existing validators. This might involve a script or a one-time migration function during the upgrade process.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify the migration logic for consumer validators' height.

# Search for migration logic in Go files.
rg --type go 'Migrate.*ConsumerValidator'

Length of output: 43

---

---

Script:

#!/bin/bash
# Description: Verify the migration logic for consumer validators' height.

# Search for migration logic in Go files using broader search terms.
rg --type go 'migrate|migration|upgrade|update' --glob '*.go'

Length of output: 62506

[coderabbitai]

The function MigrateMinPowerInTopN is called twice, which might be redundant unless intentional for specific migration correctness.

  v6.MigrateMinPowerInTopN(ctx, m.providerKeeper)
- v6.MigrateMinPowerInTopN(ctx, m.providerKeeper)

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	v6.MigrateMinPowerInTopN(ctx, m.providerKeeper)
	v6.MigrateParams(ctx, m.paramSpace)
	v6.MigrateMinPowerInTopN(ctx, m.providerKeeper)
	v6.MigrateParams(ctx, m.paramSpace)

[coderabbitai]

Add a blank line above the heading for better Markdown formatting.

+ 
## Withdrawing rewards

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	## Withdrawing rewards
	+
	## Withdrawing rewards

Tools

Markdownlint

15-15: Expected: 1; Actual: 0; Below (MD022, blanks-around-headings)
Headings should be surrounded by blank lines

[coderabbitai]

Consider handling unmarshal errors without panicking to improve chain stability.

- panic(fmt.Errorf("failed to unmarshal ConsumerValidator: %w", err))
+ return types.ConsumerValidator{}, fmt.Errorf("failed to unmarshal ConsumerValidator: %w", err)

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	panic(fmt.Errorf("failed to unmarshal ConsumerValidator: %w", err))
	}
	return types.ConsumerValidator{}, fmt.Errorf("failed to unmarshal ConsumerValidator: %w", err)

Tools

GitHub Check: CodeQL

[warning] 86-86: Panic in BeginBock or EndBlock consensus methods
Possible panics in BeginBock- or EndBlock-related consensus methods could cause a chain halt

[coderabbitai]

Actionable comments posted: 3

Outside diff range and nitpick comments (1)

tests/integration/distribution.go (1)

708-712: Consider adding a comment above the block height calculation to explain its purpose.

Adding a brief comment here would enhance the readability and maintainability of the code by explaining why the block height is set to this specific value.

[coderabbitai]

Tip

Codebase Verification

The calculation of validatorsExpRewards involves multiple operations, including MulDecTruncate and MulDec. However, there is no explicit check for overflow in these calculations.

• validatorsExpRewards := rewardsPerConsumerDec.MulDecTruncate(math.LegacyOneDec().Sub(communityTax)).MulDec(sdk.NewDec(int64(consuNum)))
• perValExpReward := validatorsExpRewards.QuoDec(sdk.NewDec(int64(valNum)))

These calculations could potentially lead to overflow issues if the values involved are large enough. It is advisable to add explicit overflow checks or handle potential overflow scenarios to ensure robustness.

• [tests/integration/distribution.go:768]

Analysis chain

Check the calculation of validatorsExpRewards for potential overflow issues.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify the calculation of `validatorsExpRewards` for overflow.
# Test: Search for overflow checks in the calculation.
ast-grep --lang go --pattern $'$_ = $_.MulDecTruncate($_).MulDec($_)' --lang go

Length of output: 241

---

---

Script:

#!/bin/bash
# Description: Verify the calculation of `validatorsExpRewards` for overflow.
# Test: Search for overflow checks in the calculation.
ast-grep --lang go --pattern $'$_ = $_.MulDecTruncate($_).MulDec($_)'

Length of output: 70

---

---

Script:

#!/bin/bash
# Locate the definition and calculation of `validatorsExpRewards` in the codebase.
rg 'validatorsExpRewards'

Length of output: 341

---

---

Script:

#!/bin/bash
# Extract and display the lines around the definition and calculation of `validatorsExpRewards` for detailed examination.
rg -A 10 -B 10 'validatorsExpRewards' tests/integration/distribution.go

Length of output: 1629

[coderabbitai]

Tip

Codebase Verification

The BeginBlockRD function in x/ccv/provider/keeper/distribution.go does perform a state update by calling k.AllocateTokens(ctx) if the block height is greater than 1. However, there is no explicit exception handling within the function.

• x/ccv/provider/keeper/distribution.go:22-24: The function checks the block height and calls k.AllocateTokens(ctx) for state updates.
• There is no explicit exception handling code present in the function.

Please ensure that BeginBlockRD includes proper exception handling mechanisms to manage any potential errors during execution.

• Add exception handling in BeginBlockRD in x/ccv/provider/keeper/distribution.go.

Analysis chain

Ensure that BeginBlockRD properly updates relevant state and handles any exceptions.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify that `BeginBlockRD` updates state and handles exceptions.
# Test: Search for state updates and exception handling in `BeginBlockRD`.
ast-grep --lang go --pattern $'func (providerKeeper *ProviderKeeper) BeginBlockRD($_, $_) { $$$ }'

Length of output: 99

---

---

Script:

#!/bin/bash
# Searching for the function `BeginBlockRD` in the Go codebase
rg 'BeginBlockRD' --type go

Length of output: 622

---

---

Script:

#!/bin/bash
# Extract the implementation of `BeginBlockRD` from `x/ccv/provider/keeper/distribution.go`
ast-grep --lang go --pattern $'func (k Keeper) BeginBlockRD(ctx sdk.Context, req abci.RequestBeginBlock) { $$$ }' x/ccv/provider/keeper/distribution.go

Length of output: 667

[coderabbitai]

Tip

Codebase Verification

The SetConsumerRewardsAllocation method in x/ccv/provider/keeper/distribution.go does not appear to handle any edge cases explicitly. It simply marshals the pool object and stores it using the chainID as the key. There is no error handling or validation of the input parameters.

• x/ccv/provider/keeper/distribution.go:236-240

Category:

Analysis chain

Ensure that the SetConsumerRewardsAllocation method handles edge cases appropriately.

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify the handling of edge cases in `SetConsumerRewardsAllocation`.
# Test: Search for error handling in the method implementation.
ast-grep --lang go --pattern $'func (providerKeeper *ProviderKeeper) SetConsumerRewardsAllocation($_, $_, $_) { $$$ }'

Length of output: 119

---

---

Script:

#!/bin/bash
# Locate the `SetConsumerRewardsAllocation` method definition in the codebase.
rg 'func (providerKeeper \*ProviderKeeper) SetConsumerRewardsAllocation' --no-heading --line-number --color=never

Length of output: 115

---

---

Script:

#!/bin/bash
# Search for methods related to consumer rewards allocation in the codebase.
rg 'func .*ConsumerRewards' --no-heading --line-number --color=never

Length of output: 3381

---

---

Script:

#!/bin/bash
# Retrieve the implementation of the `SetConsumerRewardsAllocation` method in `x/ccv/provider/keeper/distribution.go`.
sed -n '236,256p' x/ccv/provider/keeper/distribution.go

Length of output: 912

[mpoke]

Great work @insumity. I approved the main logic. Left some comments though. See below.

[mpoke]

What happens here when a new consumer chain is added? Are all the validators ineligible? If so, is it safe for ComputeConsumerTotalVotingPower to return zero? Also, what happens with the rewads for the first warmup period?

[insumity]

See above in the PR description:

Finally, note that in a consumer chain that just starts, no validator would receive rewards during the first NumberOfEpochsToStartReceivingRewards epochs. During this time, any rewards sent to the provider from the consumer chain through IBC transfers will be allocated to the community pool.

If no validator is eligible, then rewards would go to the community pool. The same applies for the first warmup period. No validator would get rewards and the rewards would end up in the community pool.