Closed fmorency closed 2 months ago
This is odd since we are not breaking early within the map, and using all values. Regardless of order
Good catch. I assume the coins need to be appended to a slice, then paid all at once rather than during each iter.
The chain invariant is currently broken because, as specified in https://github.com/liftedinit/manifest-ledger/security/code-scanning/17, map iteration are non-deterministic in Go.
E.g., running
multiple times may result in a different output, e.g.,
Those cases are currently not detected in our e2e test suite because tests are run against a single validator. I was able to easily break consensus by modifying the stakeholder payout test in https://github.com/liftedinit/manifest-ledger/pull/47. You'll need to run the test multiple times as the test doesn't always break (~1 run in 5 with 2 validators and 3 stakeholders).
A failing run will show the following in the CometBFT logs
Failing run example in CI: https://github.com/liftedinit/manifest-ledger/actions/runs/8804787416/job/24166242952
I haven't time to investigate if more of the codebase is affected but I plan to do so.
CC @Reecepbcups @chalabi2