Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

governance: emergency halt should require 1/3 vote #4389

Closed
conorsch opened this issue May 15, 2024 · 0 comments · Fixed by #4440
Closed

governance: emergency halt should require 1/3 vote #4389

conorsch opened this issue May 15, 2024 · 0 comments · Fixed by #4440
Assignees
@aubrika
Labels
A-governance Area: Governance _P-medium Medium priority
Milestone
Sprint 7

Comments

@conorsch
Copy link
Contributor

During Testnet 72, we tried to ship a hotfix for a DEX problem (#4239), which failed catastrophically due to tombstoning of the PL testnet validators. As part of preparing for that upgrade, we decided to submit an emergency-halt governance proposal, as an exercise of remediation procedures suitable for mainnet.

While the emergency-halt did properly stop the chain as soon as sufficient stake weight voted for it, the threshold was too high for the functionality to be useful: 1/3 of validators (+1) could simply shut down, resulting in the chain halting. We should lower the threshold for an emergency-halt vote to pass, specifically to 1/3, so that validators can effect an organized halt with the same quorum that already can, if coordinating out of band.

Notably if 1/3 + 1 validators coordinator out of band to shut down manually, that'll still stop the chain, but recovery would be arduous, as state surgery will be required to reconstruct an agreed upon resumption point. Using a governance mechanism prevents this confusion, ensuring all validators and nodes have the same picture of the network at time of halt.
@conorsch conorsch added the A-governance Area: Governance label May 15, 2024
@github-project-automation github-project-automation bot moved this to Backlog in Penumbra May 15, 2024
@github-actions github-actions bot added the needs-refinement unclear, incomplete, or stub issue that needs work label May 15, 2024
@aubrika aubrika added this to the Sprint 7 milestone May 22, 2024
@aubrika aubrika added _P-medium Medium priority and removed needs-refinement unclear, incomplete, or stub issue that needs work labels May 22, 2024
@aubrika aubrika self-assigned this May 22, 2024
@aubrika aubrika moved this from Backlog to In progress in Penumbra May 22, 2024
@aubrika aubrika mentioned this issue May 22, 2024
Merged
1 task
conorsch pushed a commit that referenced this issue May 23, 2024
@aubrika
governance: lower emergency vote threshold to 1/3 (#4440)
a9d5c7b 
This changes the ratio in tally.rs emergency_pass() to 1/3 and also
updates any comments/docs referring to the previous 2/3 threshold. Note:
this will also affect `IBCFreeze` and `IBCUnfreeze`, so those have also
gotten easier to accomplish (seems fine for the same reasons, but wasn't
explicitly noted in the ticket). Closes #4389.
@github-project-automation github-project-automation bot moved this from In progress to Done in Penumbra May 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aubrika aubrika

Labels
A-governance Area: Governance _P-medium Medium priority
Projects
Penumbra
Archived in project
Milestone
Sprint 7
Development

Successfully merging a pull request may close this issue.

governance: lower emergency vote threshold to 1/3 penumbra-zone/penumbra
2 participants
@conorsch @aubrika