[Protocol] Centralized Proof & Tokenomics param updating

[bryanchriswhite]

Summary

• Use authz to grant the DAO (a.k.a. "PNF" or "foundation") permissions for each type of module parameter update message.
• Add new MsgUpdateParam message type & handler to tokenomics & proof modules for updating individual params.

See: #322 & "governance schemes" in notion - Gov Prams.

Changes

• Add/update makefile targets:
  • update_tokenomics_params_all
  • update_tokenomics_param_compute_units_to_tokens_mulitplier
  • update_proof_params_all
  • update_proof_param_min_relay_difficulty_bits
• Scaffold (& refactor) an MsgUpdateParam message to both tokenomics & proof modules for updating an individual param by name
• Inject localnet genesis authz grants necessary for updating localnet params

Demo

authz_gov.webm

# Print the DAO's account address.
poktrolld keys show pnf --keyring-backend test

# Print the governance module's account address.
poktrolld query auth module-account gov --node tcp://127.0.0.1:36657  

# Print any grants by the governance module account to the DAO account.
poktrolld query authz grants pokt10d07y265gmmuvt4z0w9aw880jnsr700j8yv32t pokt1eeeksh2tvkh7wzmfrljnhw4wrhs55lcuvmekkw --node tcp://127.0.0.1:36657

## Tokenomics Module - All Params
# Print the current tokenomics module params.
poktrolld query tokenomics params --node tcp://127.0.0.1:36657

# Print the `MsgUpdateParams` that will be executed by authz when updating all tokenomics module params.
cat ./tools/scripts/params/tokenomics_all.json

# Use `poktrolld authz exec ...` to execute the `MsgUpdateParams` to update all tokenomics module params.
make update_tokenomics_params_all

# Print the updated tokenomics params.
poktrolld query tokenomics params --node tcp://127.0.0.1:36657

## Proof Module - All Params
# Print the current proof module params.
poktrolld query proof params --node tcp://127.0.0.1:36657

# Print the `MsgUpdateParams` that will be executed by authz when updating all proof module params.
cat ./tools/scripts/params/proof_all.json

# Use `poktrolld authz exec ...` to execute the `MsgUpdateParams` to update all proof module params.
make update_proof_params_all

# Print the updated proof module params.
poktrolld query proof params --node tcp://127.0.0.1:36657

## Proof Module - Individual Param
# Print the `MsgUpdateParam`(s) that will be executed by authz when updating `min_relay_difficulty_bits`.
cat ./tools/scripts/params/proof_param_min_relay_difficulty_bits.json

# Use `poktrolld authz exec ...` to execute the `MsgUpdateParams` to update `min_relay_difficulty_bits.
make update_proof_param_min_relay_difficulty_bits

# Print the updated proof module params.
poktrolld query proof params --node tcp://127.0.0.1:36657

Issue

• 322

Type of change

Select one or more:

• [ ] New feature, functionality or library
• [ ] Bug fix
• [ ] Code health or cleanup
• [ ] Documentation
• [ ] Other (specify)

Testing

Documentation changes (only if making doc changes)

• [ ] make docusaurus_start; only needed if you make doc changes

Local Testing (only if making code changes)

• [ ] Unit Tests: make go_develop_and_test
• [ ] LocalNet E2E Tests: make test_e2e
• See quickstart guide for instructions

PR Testing (only if making code changes)

• [ ] DevNet E2E Tests: Add the devnet-test-e2e label to the PR.
  • THIS IS VERY EXPENSIVE, so only do it after all the reviews are complete.
  • Optionally run make trigger_ci if you want to re-trigger tests without any code changes
  • If tests fail, try re-running failed tests only using the GitHub UI as shown here

Sanity Checklist

• [x] I have tested my changes using the available tooling
• [ ] I have commented my code
• [x] I have performed a self-review of my own code; both comments & source code
• [ ] I create and reference any new tickets, if applicable
• [x] I have left TODOs throughout the codebase, if applicable

[bryanchriswhite]

Test integration app with proof module, all its depencies, and authz; failing for the right reason (in 38bba65):

[gitguardian[bot]]

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

| GitGuardian id | GitGuardian status | Secret | Commit | Filename | | | -------------- | ------------------ | ------------------------------ | ---------------- | --------------- | -------------------- | | [10534134](https://dashboard.gitguardian.com/workspace/3973/incidents/10534134?occurrence=131046381) | Triggered | Generic High Entropy Secret | d515b6f45b93489993e82e2f7d959e12d7bef811 | Makefile | [View secret](https://github.com/pokt-network/poktroll/commit/d515b6f45b93489993e82e2f7d959e12d7bef811#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52R16) | | [10534134](https://dashboard.gitguardian.com/workspace/3973/incidents/10534134?occurrence=131565071) | Triggered | Generic High Entropy Secret | 606ae3a4475d26d19499424da09c449dd5fe8a54 | Makefile | [View secret](https://github.com/pokt-network/poktroll/commit/606ae3a4475d26d19499424da09c449dd5fe8a54#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52L16) |

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code. 2. Replace and store your secrets safely. [Learn here](https://blog.gitguardian.com/secrets-api-management?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) the best practices. 3. Revoke and [rotate these secrets](https://docs.gitguardian.com/secrets-detection/secrets-detection-engine/detectors/generics/generic_high_entropy_secret#revoke-the-secret?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment). 4. If possible, [rewrite git history](https://blog.gitguardian.com/rewriting-git-history-cheatsheet?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment). Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data. To avoid such incidents in the future consider - following these [best practices](https://blog.gitguardian.com/secrets-api-management/?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) for managing and storing secrets including API keys and other credentials - install [secret detection on pre-commit](https://docs.gitguardian.com/ggshield-docs/integrations/git-hooks/pre-commit?utm_source=product&utm_medium=GitHub_checks&utm_campaign=check_run_comment) to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[Olshansk]

@bryanchriswhite I replied to some of your additional comments & questions. Lmk if you need feedback on anything to push this over the finish line.

[github-actions[bot]]

The image is going to be pushed after the next commit. You can use make trigger_ci to push an empty commit. If you also want to run an E2E test, please add devnet-test-e2e label.

[github-actions[bot]]

The CI will now also run the e2e tests on devnet, which increases the time it takes to complete all CI checks. If you just created a pull request, you might need to push another commit to produce a container image DevNet can utilize to spin up infrastructure. You can use make trigger_ci to push an empty commit.

[bryanchriswhite]

TODO:

• [x] update load test logic to use authz to update params (instead of directly). (86fe8bc)