feat(x/staking): implement RotateConsPubKey method

[atheeshp]

Description

ref: #18141

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title
• added ! to the type prefix if API or client breaking change
• targeted the correct branch (see PR Targeting)
• provided a link to the relevant issue or specification
• followed the guidelines for building modules
• included the necessary unit and integration tests
• added a changelog entry to CHANGELOG.md
• included comments for documenting Go code
• updated the relevant documentation or specification
• reviewed "Files changed" and left comments if necessary
• run make lint and make test
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed ! in the type prefix if API or client breaking change
• confirmed all author checklist items have been addressed
• reviewed state machine logic
• reviewed API design and naming
• reviewed documentation is accurate
• reviewed tests and test coverage
• manually tested (if applicable)

Summary by CodeRabbit

• New Features

  • Implemented a new search functionality with a user interface for fetching and displaying results.
  • Introduced a search bar in the main view for quick access to search.

• Style

  • Added new styles to enhance the appearance of the search bar.

• Documentation

  • Updated documentation to reflect the new search feature and user interface elements.

[coderabbitai]

Walkthrough

Walkthrough

The changes revolve around the introduction and management of consensus public key rotation for validators within the Cosmos SDK's staking module. New functions and data structures have been added to handle rotation history, enforce rotation limits, and manage fees associated with key rotation. The protobuf definitions have been updated to reflect these changes, and mock implementations have been adjusted to accommodate the new context parameters and methods.

Changes

File(s)	Change Summary
baseapp/testutil/mock/mocks.go	Added context.Context parameter to MockTxSelector functions.
proto/cosmos/staking/v1beta1/tx.proto	Updated cosmos-sdk library version and modified RotateConsPubKey operation.
store/mock/cosmos_cosmos_db_DB.go	Introduced a mock implementation of the DB interface.
x/slashing/testutil/expected_keepers_mocks.go, x/staking/testutil/expected_keepers_mocks.go	Added new methods AddressCodec and SendCoinsFromAccountToModule to mock structs.
x/staking/keeper/cons_pubkey.go, x/staking/keeper/msg_server.go	Added functions for consensus key rotation history and limits, and updated RotateConsPubKey logic.
x/staking/keeper/keeper.go	Added new data structures for managing validator consensus key rotation.
x/staking/types/codec.go	Registered new message type MsgRotateConsPubKey in the legacy Amino codec.
x/staking/types/errors.go	Introduced new error variables related to consensus keys.
x/staking/types/expected_keepers.go	Added new exported function SendCoinsFromAccountToModule to the BankKeeper interface.
x/staking/types/keys.go	Introduced new global variables for prefixing related to key rotation management.
proto/cosmos/staking/v1beta1/staking.proto, api/cosmos/staking/v1beta1/staking.pulsar.go	Changed data types from string to bytes for certain fields and updated related structs and functions.
x/group/testutil/expected_keepers_mocks.go	Updated import paths and function signatures to reflect new types.
collections/indexes/multi_test.go	Corrected a typo in a comment.
x/staking/keeper/msg_server.go	Added import statements, modified function signatures, and implemented new key rotation logic.

---

Tips

Chat with CodeRabbit Bot (@coderabbitai)

• If you reply to a review comment from CodeRabbit, the bot will automatically respond.
• To engage with CodeRabbit bot directly around the specific lines of code in the PR, mention @coderabbitai in your review comment
• Note: Review comments are made on code diffs or files, not on the PR overview.
• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Note: For conversation with the bot, please use the review comments on code diffs or files.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

[github-actions]

@atheeshp your pull request is missing a changelog!

[coderabbitai]

Review Status

Actionable comments generated: 4

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 39c9641 and 43923ce.

Files ignored due to filter (2)

• store/go.mod
• store/go.sum

Files selected for processing (12)

• baseapp/testutil/mock/mocks.go (1 hunks)
• proto/cosmos/staking/v1beta1/tx.proto (1 hunks)
• store/mock/cosmos_cosmos_db_DB.go (1 hunks)
• x/slashing/testutil/expected_keepers_mocks.go (1 hunks)
• x/staking/keeper/cons_pubkey.go (1 hunks)
• x/staking/keeper/keeper.go (2 hunks)
• x/staking/keeper/msg_server.go (2 hunks)
• x/staking/testutil/expected_keepers_mocks.go (1 hunks)
• x/staking/types/codec.go (1 hunks)
• x/staking/types/errors.go (1 hunks)
• x/staking/types/expected_keepers.go (1 hunks)
• x/staking/types/keys.go (1 hunks)

Files skipped from review due to trivial changes (6)

• proto/cosmos/staking/v1beta1/tx.proto
• store/mock/cosmos_cosmos_db_DB.go
• x/slashing/testutil/expected_keepers_mocks.go
• x/staking/types/codec.go
• x/staking/types/errors.go
• x/staking/types/expected_keepers.go

Additional comments: 9

x/staking/types/keys.go (1)

• 62-66: The new keys introduced are for managing the rotation of consensus public keys. They are used to track the rotation history, set the unbonding period time on each rotation, restrict the validator's next rotation within the waiting (unbonding) period, and map rotated consensus addresses to new consensus addresses. Ensure that these keys are used appropriately in the rest of the codebase and that they are unique to avoid any potential conflicts.

x/staking/testutil/expected_keepers_mocks.go (1)

• 230-242: The new method SendCoinsFromAccountToModule and its corresponding recorder method have been added to the MockBankKeeper struct. This method is used to mock the transfer of coins from an account to a module. Ensure that this method is used correctly in the tests and that the expected behavior is properly defined.

baseapp/testutil/mock/mocks.go (4)

• 210-215: The method signature of SelectTxForProposal has been updated to include a context.Context parameter. Ensure that all calls to this function throughout the codebase have been updated to match the new signature.

• 218-221: The method signature of SelectTxForProposal in the MockTxSelectorMockRecorder has been updated to include a context.Context parameter. Ensure that all calls to this function throughout the codebase have been updated to match the new signature.

• 224-229: The method signature of SelectedTxs has been updated to include a context.Context parameter. Ensure that all calls to this function throughout the codebase have been updated to match the new signature.

• 232-234: The method signature of SelectedTxs in the MockTxSelectorMockRecorder has been updated to include a context.Context parameter. Ensure that all calls to this function throughout the codebase have been updated to match the new signature.

x/staking/keeper/keeper.go (2)

• 96-105: The new fields added to the Keeper struct are related to the rotation of consensus public keys. These fields are used to store the rotation history of consensus public keys by validator and by block height, to restrict the next rotation of a validator's consensus key within the unbonding period, to set the unbonding period time on each rotation, and to map rotated consensus addresses to new consensus addresses. These changes are in line with the PR summary and seem to be necessary for the new functionality being introduced.

• 239-278: The NewKeeper function has been updated to initialize the new fields added to the Keeper struct. The key formats for these fields are specified and the corresponding collections are created using the collections.NewMap and collections.NewItem functions. The key formats and collection types seem to be appropriate for the data being stored. However, it's important to ensure that these changes are compatible with the rest of the codebase and that the new keys do not conflict with existing keys.

x/staking/keeper/msg_server.go (1)

• 19-19: The import distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types" has been added. Ensure that this import is used in the new code and is necessary.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between b44de9d and 4d5e362.

Files ignored due to filter (1)

• x/staking/types/staking.pb.go

Files selected for processing (2)

• api/cosmos/staking/v1beta1/staking.pulsar.go (22 hunks)
• proto/cosmos/staking/v1beta1/staking.proto (2 hunks)

Additional comments: 22

proto/cosmos/staking/v1beta1/staking.proto (2)

• 415-421: The operator_address field in ConsPubKeyRotationHistory has been changed from type string to type bytes. This change may impact data encoding and handling of validator addresses. Ensure that all parts of the codebase that interact with this field are updated to handle the new data type.

• 429-433: The addresses field in ValAddrsOfRotatedConsKeys has been changed from type string to type bytes. This change may impact data encoding and handling of validator addresses. Ensure that all parts of the codebase that interact with this field are updated to handle the new data type.

api/cosmos/staking/v1beta1/staking.pulsar.go (20)

• 13412-13415: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 13458-13458: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 13484-13484: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 13511-13511: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 13545-13545: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 13607-13607: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 13850-13874: > Note: This review was outside of the patch, so it was mapped to the patch with the greatest overlap. Original lines [13843-13867]

The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 14038-14038: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 14049-14059: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 14073-14073: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 14266-14266: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 14284-14284: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 14356-14357: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 14459-14481: > Note: This review was outside of the patch, so it was mapped to the patch with the greatest overlap. Original lines [14452-14478]

The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 15940-15940: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 15971-15975: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 16013-16013: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 16036-16036: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 16421-16421: The OperatorAddress field is now a byte slice instead of a string. Ensure that all usages of this field are updated to handle bytes instead of strings.

• 16442-16442: The Addresses field is now a slice of byte slices instead of a slice of strings. Ensure that all usages of this field are updated to handle bytes instead of strings.

[testinginprod]

lgtm, I would investigate why distr started leaking in all modules before merging though.

[coderabbitai]

Review Status

Actionable comments generated: 3

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 4d5e362 and 45d97ef.

Files selected for processing (1)

• x/staking/keeper/msg_server.go (3 hunks)

Additional comments: 4

x/staking/keeper/msg_server.go (4)

• 2-16: The import section has been updated to include new dependencies. Ensure that these new dependencies are properly managed and that their versions are compatible with the project.

• 25-26: The msgServer struct is correctly embedding the Keeper struct, allowing it to call methods defined on Keeper. This is a common pattern in Go for composition.

• 28-31: The comment explains the reason for duplicating the distribution module's name. It's important to ensure that this name is kept in sync with the actual module name to avoid future issues.

• 615-692: This hunk introduces the RotateConsPubKey function, which contains several logical steps for rotating a validator's consensus public key. The function performs type assertions, checks for existing keys, validates the validator status, deducts fees, and updates rotation history. Each of these steps should be carefully reviewed for correctness and security, especially the error handling and state-changing operations.

[coderabbitai]

The error message could be more descriptive as previously suggested. It should clearly state that the issue is with the public key being already present in the rotation history.

- return nil, errorsmod.Wrap(sdkerrors.ErrInvalidAddress,
-			"the address is already present in rotation history, please try with new one")
+ return nil, errorsmod.Wrap(sdkerrors.ErrInvalidAddress,
+			"the new public key is already present in rotation history, please try with a different one")

---

Commitable suggestion

[!IMPORTANT]
Carefully review the code before committing. Make sure it correctly replaces the highlighted code, has no missing lines and indentaion issues.

Suggested change

	if err != nil && !errors.Is(err, collections.ErrNotFound) {
	return nil, err
	}
	if rotatedTo != nil {
	return nil, errorsmod.Wrap(sdkerrors.ErrInvalidAddress,
	"the address is already present in rotation history, please try with new one")
	}
	if err != nil && !errors.Is(err, collections.ErrNotFound) {
	return nil, err
	}
	if rotatedTo != nil {
	return nil, errorsmod.Wrap(sdkerrors.ErrInvalidAddress,
	"the new public key is already present in rotation history, please try with a different one")
	}

[coderabbitai]

The validator variable is being redeclared, which could lead to confusion. It's important to ensure that the variable names are clear and distinct to avoid potential bugs.

- validator, err = k.Keeper.GetValidator(ctx, valAddr)
+ validator2, err := k.Keeper.GetValidator(ctx, valAddr)

---

Commitable suggestion

[!IMPORTANT]
Carefully review the code before committing. Make sure it correctly replaces the highlighted code, has no missing lines and indentaion issues.

Suggested change

	validator, err = k.Keeper.GetValidator(ctx, valAddr)
	if err != nil {
	return nil, types.ErrNoValidatorFound
	}
	validator2, err := k.Keeper.GetValidator(ctx, valAddr)
	if err != nil {
	return nil, types.ErrNoValidatorFound
	}

[coderabbitai]

The error message should be improved to provide more context as previously suggested. It should clearly indicate the failure in casting the validator.

- if !ok {
-		return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "Expecting types.Validator, got %T", validator)
-	}
+ if !ok {
+		return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "failed to cast validator to types.Validator, got %T", validator)
+	}

---

Commitable suggestion

[!IMPORTANT]
Carefully review the code before committing. Make sure it correctly replaces the highlighted code, has no missing lines and indentaion issues.

Suggested change

	val, ok := validator.(types.Validator)
	if !ok {
	return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "Expecting types.Validator, got %T", validator)
	}
	val, ok := validator.(types.Validator)
	if !ok {
	return nil, errorsmod.Wrapf(sdkerrors.ErrInvalidType, "failed to cast validator to types.Validator, got %T", validator)
	}

[facundomedica]

lgtm, I assume tests will come in a follow up pr

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 45d97ef and fe857a2.

Files selected for processing (2)

• x/staking/keeper/msg_server.go (2 hunks)
• x/staking/types/keys.go (2 hunks)

Additional comments: 10

x/staking/types/keys.go (2)

• 24-32: The addition of DistributionModuleName is to avoid a cyclic dependency, as explained in the comment. This is a common practice when modules need to reference each other's names but cannot import them directly due to dependency cycles. Ensure that this constant remains in sync with the actual module name in the x/distribution module.

• 63-71: The new global variables introduced here are related to the consensus public key rotation feature. They are used as prefixes for different aspects of the rotation history and record management. It's important to ensure that these prefixes are unique and do not collide with existing store prefixes to avoid data corruption.

x/staking/keeper/msg_server.go (8)

• 3-16: The import section has been updated to include new packages. Ensure that these new dependencies are properly managed (e.g., using go modules) and that their versions are compatible with the rest of the project.

• 610-681: The RotateConsPubKey function has been implemented with several checks and operations. Here are some points to consider:

• 618-626: The check for the new public key in the rotation history is good for preventing reuse of keys. However, the error message on line 624-625 could be more specific about the nature of the error (e.g., "public key reuse is not allowed").

• 630-633: The check to ensure the new public key is not already associated with a validator is important for the uniqueness of consensus keys.

• 646-647: The check for the validator's status is crucial to ensure that only bonded validators can rotate keys.

• 652-655: The function exceedsMaxRotations is used to enforce limits on the number of rotations, which is a good practice to prevent abuse of the rotation feature.

• 664-667: Sending coins from the account to the module as a fee for key rotation is a good economic measure to prevent spamming the network with rotation requests. Ensure that the SendCoinsFromAccountToModule function has proper error handling and that the transaction is atomic.

• 670-678: Recording the rotation history is essential for auditability and tracking purposes. Ensure that the setConsPubKeyRotationHistory function handles errors appropriately and that the history is stored securely.
  Overall, the function seems to cover the necessary checks and operations for rotating a consensus public key. Ensure that all new keeper functions called within this method (RotatedConsKeyMapIndex.Get, exceedsMaxRotations, setConsPubKeyRotationHistory) are thoroughly tested and handle edge cases properly.