feat!: deprecate soft opt-out

[insumity]

Description

Closes: #1927

Problem
After the release of Partial Set Security in Gaia v17, the Soft Opt-Out feature is not needed anymore because the only registered consumer chains (i.e., Stride and Neutron) have become Top 95% consumer chains. This means that the last 5% of the Cosmos Hub validators do not have to validate a consumer chain unless they choose to do so by sending a MsgOptIn message. Nevertheless, Soft Opt-Out is still functional in Gaia v17, and as a result, the last 5% of the top 95% validators could choose to not validate Stride or Neutron without getting jailed.

Solution
This PR removes the Soft Opt-Out feature.

The soft_opt_out_threshold is used as a parameter in the consumer genesis files, so to be backwards compatible with older-version consumer modules, we do not rename or remove the soft_opt_out_threshold and just set it to 0.

We also deprecate the storage under SmallestNonOptOutPowerByteKey on the consumer module but we do not delete the values that were stored for Stride and Neutron. To actually delete the stored soft opt-out values, we would need migration code and it did not seem that is worth it to introduce migration code to reclaim 2 * size(int64) = 16 bytes. If there are concerns, I can add the migration code for this.

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• Included the correct type prefix in the PR title
• Added ! to the type prefix if the change is state-machine breaking
• Confirmed this PR does not introduce changes requiring state migrations, OR migration code has been added to consumer and/or provider modules
• Targeted the correct branch (see PR Targeting)
• Provided a link to the relevant issue or specification
• Followed the guidelines for building SDK modules
• Included the necessary unit and integration tests
• Added a changelog entry to CHANGELOG.md
• Included comments for documenting Go code
• Updated the relevant documentation or specification
• Reviewed "Files changed" and left comments if necessary
• Confirmed all CI checks have passed
• If this PR is library API breaking, bump the go.mod version string of the repo, and follow through on a new major release

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed ! the type prefix if the change is state-machine breaking
• confirmed this PR does not introduce changes requiring state migrations, OR confirmed migration code has been added to consumer and/or provider modules
• confirmed all author checklist items have been addressed
• reviewed state machine logic
• reviewed API design and naming
• reviewed documentation is accurate
• reviewed tests and test coverage

Summary by CodeRabbit

• Deprecations

  • Deprecated the Soft Opt-Out feature due to redundancy after the release of PSS.

• Bug Fixes

  • Adjusted module initialization order in the consumer application.
  • Set the SoftOptOutThreshold parameter to zero in the consumer app genesis.

• Documentation

  • Updated documentation to reflect the deprecation of Soft Opt-Out.

• Tests

  • Updated various test scenarios to reflect the deprecation of Soft Opt-Out.
  • Modified validator power values and configuration settings in multiple test files.

[insumity]

Removed this function because it did not add much because we could use stepsRedelegate in its place.

[insumity]

Those and similar changes stem from running make format.

[coderabbitai]

Walkthrough

Walkthrough

The changes focus on the deprecation of the "soft opt-out" feature, which is redundant following the release of Partial Set Security (PSS). This involves removing related code across various files, adjusting initialization logic, updating documentation, and modifying tests to reflect the deprecated feature.

Changes

Path	Summary
.changelog/unreleased/improvements/...	Deprecation notice of the "soft opt-out" feature due to redundancy after PSS release.
app/consumer/app.go, genesis.go, genesis_test.go	Reordering module initialization and setting the SoftOptOutThreshold parameter to zero.
app/sovereign/app.go	Removed an outdated import statement.
docs/...	Updated documentation to reflect the deprecation.
proto/interchain_security/.../shared_consumer.proto	Deprecated the soft_opt_out_threshold field in protocol buffer messages.
tests/e2e/...	Removed or adjusted test cases, configurations, and references to the "soft opt-out" feature.
tests/mbt/driver/setup.go	Removed parameter related to soft opt-out from the consumer genesis configuration.
testutil/integration/debug_test.go	Removed the TestSoftOptOut function.
x/ccv/consumer/types/validator.go	Simplified CrossChainValidator struct initialization by removing the OptedOut field assignment.

Sequence Diagram(s)

Diagram generation is not deemed necessary for this specific set of changes as they are straightforward and involve deprecating a feature and updating related configurations and tests.

Assessment against linked issues

Objective	Addressed	Explanation
Deprecate soft opt-out feature (#1927)	✅
Remove as much code as possible related to soft opt-out (#1927)	✅

Note: This assessment is based solely on the code changes. Non-coding tasks, such as manual testing, are not considered here.

---

Recent review details

Configuration used: .coderabbit.yml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 59e46f9 and 82f5763.

Files selected for processing (1)

• tests/e2e/actions.go (4 hunks)

Additional context used

Path-based instructions (1)

tests/e2e/actions.go (2)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

---

Pattern tests/e2e/*: "Assess the e2e test code assessing sufficient code coverage for the changes associated in the pull request"

golangci-lint

tests/e2e/actions.go

2179-2179: string auto has 3 occurrences, make it a constant (goconst)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

Outside diff range and nitpick comments (11)

docs/docs/adrs/intro.md (2)

Line range hint 6-6: Consider using only one top-level heading to comply with Markdown best practices.

- # Architecture Decision Records (ADR)
+ ## Architecture Decision Records (ADR)

---

Line range hint 22-22: Add the missing article for grammatical correctness.

- The spec is much more compressed and streamlined summary of everything as it is or should be.
+ The spec is a much more compressed and streamlined summary of everything as it is or should be.

docs/docs/adrs/adr-009-soft-opt-out.md (2)

Line range hint 25-25: Consider revising the verb form for clarity.

- a function is ran which determines
+ a function is run which determines

---

Line range hint 25-25: Add the definite article for grammatical correctness.

- the so called  _smallest non opt-out voting power_
+ the so-called _smallest non opt-out voting power_

x/ccv/consumer/types/genesis_test.go (2)

Line range hint 14-14: Consider adding a test case to verify the SoftOptOutThreshold is set to zero.

Would you like me to help draft this test case?

---

Line range hint 14-14: Consider adding a test case to ensure the restart genesis state correctly handles the deprecated SoftOptOutThreshold.

Would you like me to help draft this test case?

app/consumer-democracy/app.go (5)

Line range hint 1-1: Ensure the package declaration is appropriately documented.

Adding a package comment explaining the purpose and scope of this package would enhance readability and maintainability.

---

Line range hint 7-7: Remove unused imports to clean up the code.

-	"github.com/spf13/cast"

This import appears to be unused in the provided code snippet. Removing unused imports helps maintain clean and efficient code.

---

Line range hint 19-19: Consider organizing imports according to the Golang style guide.

Imports should be grouped in the following order: standard library, third-party packages, and local packages. This helps in improving readability and quickly identifying the dependencies of the package.

---

Line range hint 116-116: Ensure module basics are well-documented.

Adding comments to explain the purpose of each module included in ModuleBasics would help developers understand the role of each module in the application.

---

Line range hint 1000-1000: Refactor to enhance readability and maintainability.

The New function is quite long and handles multiple responsibilities. Consider breaking it down into smaller, more focused functions. This would improve readability, make the code easier to navigate, and enhance testability.

[coderabbitai]

Tip

Codebase Verification

The extracted results reveal a variety of ValPowers values across different test scenarios. These values are not consistent and vary significantly, which could indicate potential imbalances in test scenarios.

• For instance, in slashThrottle.json, alice consistently has a power of 511, while bob fluctuates between 500 and 0.
• Similarly, in shorthappy.json, alice has values ranging from 500 to 910, and bob fluctuates between 500 and 0.

These inconsistencies suggest that the validator power values are not uniformly distributed and may introduce imbalances in the test scenarios.

• tests/e2e/tracehandler_testdata/slashThrottle.json
• tests/e2e/tracehandler_testdata/shorthappy.json
• tests/e2e/tracehandler_testdata/happyPath.json
• tests/e2e/tracehandler_testdata/consumer-misbehaviour.json
• tests/e2e/tracehandler_testdata/multipleConsumers.json

Please review and ensure that the validator power values are consistent with expected power distributions to avoid imbalances in test scenarios.

Analysis chain

Adjustments to validator power values across various actions reflect the new validation dynamics without the soft opt-out feature. Ensure these changes are consistent with expected power distributions and do not introduce imbalances in test scenarios.

Also applies to: 604-606, 635-637, 664-666, 684-686, 715-716, 734-736, 765-767, 794-796, 814-816, 845-847, 874-876, 894-894, 925-925, 954-954, 974-976, 1005-1007, 1034-1036, 1054-1054, 1085-1085, 1105-1105

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Description: Verify that the new validator power values are consistent across all test scenarios.

# Test: Search for ValPowers in test files and check consistency. Expect: Consistent values across scenarios.
rg --type json "ValPowers" tests/e2e/

Length of output: 24653

---

---

Script:

#!/bin/bash
# Description: Extract non-null ValPowers values from test files for comparison.

# Extract non-null ValPowers values and display them for analysis.
rg --type json '"ValPowers": \{' tests/e2e/tracehandler_testdata/ -A 5

Length of output: 93622

[coderabbitai]

Deprecation note is clear but redundant
The comments on lines 609-611 clearly indicate the deprecation of the Soft Opt-Out feature. However, considering the feature has been deprecated and the parameter is set to "0" to maintain compatibility, these comments might become redundant in the future as developers might overlook them, leading to confusion. It might be beneficial to either remove these comments or update them to reflect why this deprecated feature's parameter still needs to be set.

[coderabbitai]

Redundant deprecation note
Similar to the previous comment, the redundancy of the deprecation note here could lead to future confusion. Since the parameter is set to "0" and the feature is deprecated, maintaining these comments might not be necessary unless there is a specific reason to keep setting this parameter in the genesis file which should be documented.

[p-offtermatt]

LGTM. A few tiny nits

Wondering if deprecating like this is actually easier than having a migration? I don't have experience with the possible problems, but at least in terms of code, it seems it would maybe be preferable to just not have the key anymore. But I'm ok with either way :)

Thanks for the work, good stuff!

[mpoke]

Great work @insumity. See my comments below.

[mpoke]

Why is it necessary to set it to zero?

[insumity]

Not sure if this answers your question:

The soft_opt_out_threshold is used as a parameter in the consumer genesis files, so to be backwards compatible with older-version consumer modules, we do not rename or remove the soft_opt_out_threshold and just set it to 0.

To add to that, I did it so that a consumer genesis generated by v4.3.0 would still be valid from the perspective of a older consumer module (see validation).

[mpoke]

What's the difference between deprecating a field and reserving it? cc @MSalopek

[MSalopek]

I think you're mixing apples and oranges.

This section is about setting something to 0 in go code. "reserved" is a term from protobuf.

"reserved" keyword in protobuf is documente here:

• https://protobuf.dev/programming-guides/proto3/#reserved

It helps you prevent somebody from accidentally using an enum that was deprecated in an earlier version. It also helps you avoid issues that arise when you simply remove a field and when you accidentally re-map enums in a breaking manner. When you use it, you will not be able to populate the field - it will not be able to "hold a value".

[deprecated = true] is just an annotation. It will not prevent the field from being used - you can still popoulate the field and it can "hold a value".

[mpoke]

So, is it better to remove the field and mark it as reserved or use the deprecated annotation?

[MSalopek]

See discussion: #1964 (comment)

[coderabbitai]

Actionable comments posted: 0

Outside diff range and nitpick comments (1)

docs/docs/adrs/adr-009-soft-opt-out.md (1)

Line range hint 26-26: Correct the grammatical error in the description of the function.

- In every consumer beginblocker, a function is ran which determines the so called _smallest non opt-out voting power_.
+ In every consumer beginblocker, a function is run which determines the so-called _smallest non opt-out voting power_.

Tools

LanguageTool

[duplication] ~13-~13: Possible typo: you repeated a word (ENGLISH_WORD_REPEAT_RULE)
Context: ...Change status to deprecated ## Status Deprecated Deprecated by [Partial Set Security](adr-015-parti...

---

[uncategorized] ~18-~18: A comma may be missing after the conjunctive/linking adverb ‘Therefore’. (SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)
Context: ...needed to validate all consumer chains. Therefore a need exists to allow the bottom x% ...

Markdownlint

16-16: Expected: 1; Actual: 0; Above (MD022, blanks-around-headings)
Headings should be surrounded by blank lines

[MSalopek]

ConsumerParams is used to send data to the consumer chain "over the wire" - it is used in the consumer genesis.

Setting it to deprecated allows the field to exist but it will always be empty, thus maintaining backward compatibility.

We will not need to write a special parser to go from v4.2.0 ConsumerParams to some future version ConsumerParams.

[insumity]

Agreed. This is why we did not use reserved.

[MSalopek]

Why do you need to set it? You can delete this line.

[MSalopek]

The default value is "" which is a valid zero string.

[insumity]

Why do you need to set it? You can delete this line.

I cannot delete this line. If I do, I get the following error:

2024/06/21 11:02:14 getBalance() failed: /usr/local/bin/docker exec interchain-security-instance interchain-security-cd query bank balances consumer1sx6j9g2rh324a342a5f0rnx7me34r9nwduz5te --node tcp://7.7.8.253:26658 -o json: exit status 1
Error: post failed: Post "http://7.7.8.253:26658": dial tcp 7.7.8.253:26658: connect: no route to host

because the consumer chain never starts. Although we do not utilize soft_opt_threshold, the parameter has still to be set. This is why this line existed in all other E2E tests as well. In this PR, I just moved this line to a central place so we do not have to repeat it every time we create a new consumer chain.

The default value is "" which is a valid zero string.

Yes, we could potentially set simply to "" here but setting to 0 makes it clear that the soft opt-out feature is disabled.

[MSalopek]

Same as above

[insumity]

See my response.

[MSalopek]

Why has the ratio changed so much?

Are you trying to check that the soft opt-out no longer works?

[insumity]

Why has the ratio changed so much?

TL;DR because we removed opt-out related steps that were reducing the ValPower of alice.

Specifically, we removed the stepsRedelegateForOptOut and stepsDowntimeWithOptOut. The stepsRedelegateForOptOut was the one that reduced the ValPower of alice to 60 so it could test the opt out functionality.

Before, in the happyPathSteps we had:

...
stepsRedelegateForOptOut("consu"),
stepsDowntimeWithOptOut("consu"),
stepsRedelegate("consu"),
...

but we removed stepsRedelegateForOptOut and stepsDowntimeWithOptOut and hence now when stepsRedelegate is called, the ValPower of alice is not 60 anymore but 510. Redelegating 400 to alice makes alice have a ValPower 910. This meant that all steps* functions called after stepsRedelegate had to be modified as well to contain the correct ValPowers.

Are you trying to check that the soft opt-out no longer works?

No.

[MSalopek]

Thank you for elaborating. It was not clear to me after going over it a couple times.

[MSalopek]

This test removes the threshold while the ones above have it stil

[insumity]

Thresholds are removed from the individual StarConsumerChainAction and ChangeOverChainAction actions and are moved to startConsumerChain and changeoverChain so we do not have to set the threshold in a multitude of other places. This was just part of small refactoring.

[insumity]

Just a note for posterity: Increased this due to some flakiness in the test involving double signing.

[insumity]

This was added here and in changeoverChain because If action.GenesisChanges was the empty string, consumerGenesis would end with | and as a result the jq transformation here would fail.

[coderabbitai]

Actionable comments posted: 1

Outside diff range and nitpick comments (1)

tests/e2e/actions.go (1)

Line range hint 2179-2179: Consider defining a constant for repeated string literals.

The string "auto" is used multiple times in the file. Defining it as a constant would make the code cleaner and easier to maintain.

+ const autoGas = "auto"
- gas := "auto"
+ gas := autoGas

[coderabbitai]

Refactor the use of constants for repeated string literals.

The string "auto" is used multiple times across different functions. It is beneficial to define it as a constant at the beginning of the file to ensure consistency and ease of maintenance.

+ const autoGas = "auto"
- gas := "auto"
+ gas := autoGas

Committable suggestion was skipped due to low confidence.

[MSalopek]

thanks for figuring out how to remove this.

Much appreciated!

[insumity]

Thanks for pointing it out 😃

[MSalopek]

Thanks for spending the time on this.

I'm glad you managed to clean up the state and simplify the protocol.

Approve!