-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrading to v0.44 breaks vested accounts #10591
Comments
@AmauryM can you take a look at this? |
The summary sounds correct. Good work @RiccardoM. It's not clear to me why we didn't address the concern raised in #10189 (comment)? Do you know why? |
If you are asking me, honestly I have no clue. Maybe it was too complicated or overlooked by error?
|
We've already addressed the fix for chains that are about to upgrade. E.g.: https://github.com/cosmos/gaia/blob/0dd70958a10b24703c09c43745611779f0e7970f/app/app.go#L572-L593 However, this is still alarming due to the nature of how fragile these upgrades are in terms of order of operations. A trivial approach would be to allow developers to state what order they want the migrations to happen in (per module). |
I remember having no strong intuition/understanding on which one between Anyways, for a SDK-side quick fix, I can think of 2 solutions:
While 2 seems more flexible, I think we would need to rely on the fact that all app developers knows that auth should go last, which is risky. For now, I prefer 1. Note: this fix is not state-machine breaking, and can be backported. |
On Monday I was discussing to add change the migration map and add a priority parameter. Map is good because it allows easily to self register the modules. |
Here is a list of tasks we are planning to do now:
|
No, it happened inside our mainnet which caused 289 investors having their accounts locked. I have already found out how to solve it though. |
@RiccardoM ouch, sorry for that :( I was thinking about a migration function which will query an old state and recreate the accounts. |
Closed by: #10608 @RiccardoM please reopen if you need support to this issue. |
@robert-zaremba Recovery it's as simple as re-running the I think you should change the release notes from:
to
|
Summary of Bug
Upgrading a chain to
v0.44
breaks all the vested accounts that delegated some tokens.Version
v0.44.3
Steps to Reproduce
v0.42.9
that has some vested accounts3 Perform an on-chain upgrade to
v0.44.3
All the vested accounts will now be unusable due to the now empty
delegated_vesting
field.Breakdown
After our mainnet upgrade, some people from the community came to us saying that all their operations were failing with the following error:
They also noticed that their vesting accounts had an empty
delegated_vesting
field even though, previous to the upgrade, they used to have some of their vesting tokens delegated.After digging things for a while, I think I was able to reconstruct the whole history of this bug.
With PR #8865 the
v0.44
migration script for vesting accounts was added to the codebase . This migration script runs through all the vesting accounts and, for each account, it reads all the delegations and unbonding delegations for such account. The pecularity here is that this is done using the gRPC querier of thex/staking
module (see here and here).Now, when upgrading to
v0.44
one other thing that is migrated is thex/staking
state. Particularly, as we can see here, we migrate the delegation, redelegation and unbonding delegations keys.This causes a major problem: if the
x/auth
module is migrated before thex/staking
module, during the migration process we will not be able to query the delegations and unbonding delegations due to the fact that they would be still stored using the old keys. But if thex/auth
is upgraded after thex/staking
module, then everything would work properly.Initially I thought that the bug could then be caused by non-determinism while iterating over the module upgrades map. But then I found out that some work on the subject had already been done inside PR #10189. Reading though the PR, I noticed that this same problem related to the
x/auth
andx/staking
migrations already came up inside a comment (#10189 (comment)):Unfortunately, during that discussion, it was decided that this was not important even though it was clearly stated that it could represent a problem (#10189 (comment)):
This has lead to the current situation: all chains upgrading to
v0.44
will break their state and have no vesting account working anymore.The solution for chains to fix this is to have a second on-chain upgrade (after the first one) that iterates all the vesting accounts and runs the
MigrateAccount
method once again. This would theoretically fix the problems as thex/staking
state is already migrated and thus the delegations and unbonding delegations can be queried properly.For Admin Use
The text was updated successfully, but these errors were encountered: