ABCDEFGHIJKLMNOPQRSTUVWXYZAA
1
IDDependenciesDescriptionSizeDoneReferenceMilestoneGithubTime Estimate
2
identify_tendermint_targetFigure out which version of Tendermint to build against. We need ABCI++XShttps://github.com/tendermint/tendermint/issues/9053M1https://github.com/consensus-shipyard/fendermint/issues/10.5
3
init_repoCreate a repository for the Tendermint IPC project.XXShttps://github.com/consensus-shipyard/fendermintM10.25
4
rust_proto_abci_interfaceidentify_tendermint_targetCompile the Tendermint ABCI++ protobuf interfaces to RustMhttps://github.com/informalsystems/tendermint-rs/tree/main/tools/proto-compilerM1https://github.com/consensus-shipyard/fendermint/issues/33
5
setup_cirust_proto_abci_interface,
init_repo		Setup a CI pipeline to build the project. Check what teams like FVM are using.SM1https://github.com/consensus-shipyard/fendermint/pull/51
6
impl_eth_rpc_api_queryrust_proto_abci_interface,
dep_builtin_actors		Some of the Ethereum JSON-RPC API should be implemented using ABCI Query interface. Lotus implemented something, to be compatible with Web3 tools that work with Ethereum. If full coverage is needed (e.g. eth_sendTransaction), we'd probably need something like an API facade to translate to the Tendermint model, but some queries about state (e.g. eth_getStorageAt) would be implemented via ABCI. We can look at Ethermint, which supports the Ethereum JSON-RPC API over Tendermint and Cosmos.XXLhttps://openethereum.github.io/JSONRPC-eth-module
https://docs.ethermint.zone/quickstart/events.html#ethereum-json-rpc-events
https://docs.ethermint.zone/basics/json_rpc.html
https://app.slack.com/client/TEHTVS1L6/C0330PQ7TBK/thread/C0330PQ7TBK-1682674148.637349?cdn_fallback=2		M2https://github.com/consensus-shipyard/fendermint/issues/9921
7
eth_ecosystem_toolsimpl_eth_rpc_api_queryIntegrate with Meta Mask, Truffle, Remix, etc.XLM2https://github.com/consensus-shipyard/fendermint/issues/1328
8
ipld_persistent_blockstoreTake the IPLD persistent blockstore implementation from Forest.SM1https://github.com/consensus-shipyard/fendermint/issues/61
9
dep_builtin_actorsFigure out which version of the FVM builtin-actors to use and link to them.XXSM1https://github.com/consensus-shipyard/fendermint/issues/80.25
10
dep_fvmFigure out which version of the FVM library to use and add it to the project.XXSM1https://github.com/consensus-shipyard/fendermint/issues/80.25
11
define_self_contained_tx_typesdep_fvmDefine types for transactions arriving from users, without the need to resolve CIDs. Look at what messages the built-in actors expect, what signatures Filecoin supports, how accounts are identified. Use the Filecoin message type from Forest if possible.SM1https://github.com/consensus-shipyard/fendermint/issues/111
12
define_tx_binary_formatdefine_self_contained_tx_typesDefine how transactions should be serialized to binary format in the blocks. Use the same format as Forest, if possible.SM11
13
arbitrary_for_txdefine_self_contained_tx_typesDefine Arbitrary transaction generators, to be used with QuickCheck tests.SM1https://github.com/consensus-shipyard/fendermint/pull/311
14
quickcheck_for_tx_serdefine_tx_binary_format,
arbitrary_for_tx		Create some tests that generate random transactions and serialize them, to serve as examples of input as well as protect against regressions.SM1https://github.com/consensus-shipyard/fendermint/pull/321
15
impl_block_executionrust_proto_abci_interface,
dep_fvm,
dep_builtin_actors		Implement the FinalizeBlock method in ABCI++ and execute transactions against the FVM, returning the final state root hash as application state.Lhttps://github.com/tendermint/tendermint/tree/main/spec/abciM1https://github.com/consensus-shipyard/fendermint/issues/135
16
impl_balance_queryrust_proto_abci_interface,
dep_builtin_actors		Implement an ABCI++ query that returns a user balance.Mhttps://docs.ethermint.zone/core/pending_state.htmlM1https://github.com/consensus-shipyard/fendermint/issues/343
17
define_genesis_typedep_builtin_actors,
rust_proto_abci_interface		Create types for initiating the ledger state of the actors. Starting balances, public keys,and the Tendermint power distribution. See what exists in Lotus / Forest as a guideline. MM1https://github.com/consensus-shipyard/fendermint/issues/393
18
arbitrary_for_genesisdefine_genesis_typeArbitrary instances for Genesis types.SM1https://github.com/consensus-shipyard/fendermint/pull/431
19
quickheck_for_genesis_serdecbor_for_genesis,
arbitrary_for_genesis		Quickcheck tests for serializing and deserializing Genesis data from CAR, to serve as examples and regression protection.SM1https://github.com/consensus-shipyard/fendermint/pull/431
20
cbor_for_genesisdefine_genesis_typeImplement CBOR for the Genesis type so it can be constructed in the Subnet Actor and imported by the subnet. It could be a large task if there's a lack of support for writing CARs.
CAR files were the way Lotus exported a State Tree. But we can also just construct a purpose made Genesis spec and treat it as CBOR, and it's up to the subnet to initialise itself from it by building up the State Tree.
SM1https://github.com/consensus-shipyard/fendermint/pull/431
21
impl_init_from_genesisdefine_genesis_type,
cbor_for_genesis		Implement the part of ABCI that initializes the ledger from the Genesis data. This can be huge and arduous, with intimate knowledge of built-in actor storage layouts. Forest can't do it. Lotus can.XLhttps://github.com/anorth/fvm-workbench initialises actor stateM1https://github.com/consensus-shipyard/fendermint/issues/418
22
state_machine_test_for_execimpl_init_from_genesis,
arbitrary_for_genesis,
impl_block_execution,
arbitrary_for_tx,
impl_balance_query		Implement an integration test against the ABCI++ interface (or something a internal, so we can isolate ourselves from the Tendermint block type) that generates random batches transfer messages between accounts and checks the resulting balances, starting from some random genesis state.LM15
23
app_abci_grpcrust_proto_abci_interface,
state_machine_test_for_exec
Create a service component that listens to gRPC (or maybe the raw TCP connection Tendermint uses) and serves the Application interface to Tendermint.
MM1https://github.com/consensus-shipyard/fendermint/issues/33
24
app_configFind a nice config library for the application.SM1https://github.com/consensus-shipyard/fendermint/issues/521
25
app_mainapp_config,
app_abci_grpc,
ipld_persistent_blockstore		Create an application binary that initializes the application stack.SM11
26
app_dockerapp_mainDockerize the application.SM1https://github.com/consensus-shipyard/fendermint/pull/921
27
tendermint_dockeridentify_tendermint_targetBuild docker image from the right version of Tendermint.Shttps://github.com/informalsystems/tendermint-rs/tree/main/tools/dockerM11
28
smoke_testapp_main,
identify_tendermint_target
Create a smoke test that actually starts the application process and Tendermint, and executes some transactions. Maybe even run the state machine tests. Maybe use docker-compose to start a test environment.
LM1https://github.com/consensus-shipyard/fendermint/pull/925
29
validate_tximpl_block_executionValidate transactions during message execution: check signature, check account nonce, check fees.MM1https://github.com/consensus-shipyard/fendermint/pull/283
30
state_machine_test_gen_validstate_machine_test_for_exec,
validate_tx		Update state machine tests to generate valid transactions.MM13
31
state_machine_test_gen_invalidvalidate_txGenerate invalid transactions in state machine tests and see them fail.SM11
32
impl_check_txvalidate_txImplement the expected mempool checks: account nonces, signature checks. Not sure what else, need to check what Forest does.SForest SchoolM1https://github.com/consensus-shipyard/fendermint/pull/281
33
MILESTONE_1impl_check_tx,
smoke_test		Milestone 1 shows that we can run Tendermint with FVM and IPLD.XSM10.5
34
MILESTONE_2eth_ecosystem_toolsMilestone 2 shows that we can use Ethereum tools on top of Tendermint.XSM20.5
35
remove_unneeded_builtin_actorsdep_builtin_actorsWe probably don't need all actors that are Filecoin specific. But I don't know how easy it is to only deploy some, from the bundle.MM33
36
define_checkpoint_typerust_proto_abci_interfaceDefine a type for checkpointing Tendermint and the application state, to be sent to the parent subnet. Think about what it needs: the previous committee signature signing over the reigns to the next committee. It should contain the next committee composition so the Subnet Actor in the parent knows who will sign the next checkpoint. The checkpoint can contain (typed!) CIDs so if nothing changed we can keep sending the same stuff.MM3https://github.com/consensus-shipyard/fendermint/issues/2483
37
quickcheck_checkpoint_serdedefine_checkpoint_typeDefine arbitrary instances for checkpoints and create QuickCheck tests that demonstrate the format and protect against regressions.SM31
38
staking_actordep_builtin_actors,
dep_ipc_actors		Create a new user-defined actor in Rust for staking. It should be initialized from Genesis. When new validators want to join, they should go into a queue. At the end of the checkpointing period, it should apply all the queued stake changes, and return the updates, which must be gathered by the Application and returned to Tendermint.LM3https://github.com/consensus-shipyard/ipc-solidity-actors/pull/208
https://github.com/consensus-shipyard/ipc-solidity-actors/pull/212		5
39
staking_handle_bondingstaking_actorHandle top-down messages that represent bonding. Put them in the queue.MM3https://github.com/consensus-shipyard/fendermint/issues/1533
40
staking_handle_epochstaking_handle_bondingHandle the end-of-epoch where by draining the queue and returning power changes. It's not clear now how this actor should be called at the end of certain block heights. Cosmos calls each module at the end of a block, but do we have anything like this in Filecoin? I guess it could be something the application knows to do.LM3https://github.com/consensus-shipyard/fendermint/issues/152
https://github.com/consensus-shipyard/fendermint/issues/252		5
41
checkpoint_actordep_builtin_actors,
define_checkpoint_type,
staking_handle_epoch,
dep_ipc_actors		Create a new user-defined actor in Rust for checkpointing. When the Tendermint block header height indicates that it's time for a new checkpoint, it should insert a new record into the ledger and wait for validator signatures.MM3https://github.com/consensus-shipyard/fendermint/issues/2473
42
checkpoint_accumulate_sigscheckpoint_actorThe checkpoint actor should handle messages from the previous-epoch validators over the checkpoints in the ledger and accumulate them. Make sure only validators staked in that epoch can sign. When enough power has been gathered, mark the checkpoint ready for sending to the parent subnet.LM3https://github.com/consensus-shipyard/fendermint/issues/2495
43
app_sign_checkpointcheckpoint_accumulate_sigs,
app_main		If the node is run by a validator, it should sign the checkpoint and add a transaction to the Tendermint mempool.MM3https://github.com/consensus-shipyard/fendermint/issues/2553
44
checkpoint_emit_eventcheckpoint_accumulate_sigsOnce the checkpoint gathered enough signatures, emit an event to Tendermint.SM3https://github.com/consensus-shipyard/fendermint/issues/2511
45
dep_ipc_actorsFind out what actors from Eudico can be reused here.LM35
46
relayer_follow_tendermintidentify_tendermint_targetFind a library (in Rust if possible) that subscribes to events from a Tendermint node. Use it to point the relayer at Tendermint.Mhttps://docs.rs/tendermint-rpc/0.31.1/tendermint_rpc/client/struct.WebSocketClient.htmlM33
47
relayer_look_for_checkpointsrelayer_follow_tendermint,
checkpoint_emit_event,
define_checkpoint_type		The Tendermint follower should parse events and look for checkpoint event emissions that it can send to the parent.SM3https://github.com/consensus-shipyard/fendermint/issues/2561
48
relayer_submit_to_lotusrelayer_signing_arrangementFind a library (in Rust if possible) that we can use to send messages to Lotus. MM3https://github.com/consensus-shipyard/fendermint/issues/2573
49
relayer_signing_arrangementFigure out what exactly should be signed and by whom to be able to send to Lotus. Ideally the checkpoint group signature should be all we need, but that's not a Lotus message. Maybe the relayer needs its own account, with their own nonces and balance, and should receive rewards from the Subnet Actor. But then how many relayers.LM35
50
relayer_configConfiguration for the relayer: which Tendermint node and Lotus node to connect to, what's the address of the Subnet Actor in the parent.SM31
51
relayer_mainrelayer_look_for_checkpoints,
relayer_config,
relayer_submit_to_lotus		Entry point for the relayer process that sends messages between Tendermint and Lotus. At this point it just sends Tendermint checkpoints to Lotus.MM33
52
relayer_dockerrelayer_mainBuild a docker image from the relayer so we can add it to docker-compose.SM31
53
lotus_subnet_actorCreate a subnet actor able to validate Tendermint checkpoints.LM35
54
ipld_resolver_gossipsubFigure out how to participate in the gossipsub protocol defined in the spec to serve IPLD content, when asked for it.L
https://github.com/protocol/ConsensusLab/blob/main/specs/hierarchical_consensus.md#Subnet-Content-Resolution-Protocol
M3https://github.com/consensus-shipyard/ipc-agent/pull/445
55
ipld_resolver_storageipld_persistent_blockstoreFind a way the IPLD resolver could connect to the IPLD store used by the application. Not sure if this is possible with the underlying implementation. Maybe we have to go through the Application, or vice versa.LM3https://github.com/consensus-shipyard/ipc-agent/pull/535
56
ipld_resolver_configConfiguration for the resolver: where is the IPLD block store, what are the gossipsub addresses to connect to.SM3https://github.com/consensus-shipyard/ipc-agent/pull/491
57
ipld_resolver_mainipld_resolver_gossipsub,
ipld_resolver_config,
ipld_resolver_storage		Start an IPLD resolver process that connects to the IPLD store and is able to resolve CIDs that point at checkpoints, when the parent subnet needs them.MM3https://github.com/consensus-shipyard/ipc-agent/issues/373
58
ncmax_tx_typesDefine the wrappers for for-execution/for-resolution meta-data that we can use to differentiate messages that contain CIDs for resolution or for execution.Shttps://eprint.iacr.org/2020/1101M3https://github.com/consensus-shipyard/fendermint/issues/1891
59
ncmax_resolution_poolCreate a component in the application to hold proposed messages that contain CIDs that need to be resolved. Make it configurable what the minimum time messages have to spend in the pool is. This doesn't have to go into the ledger. If every node forgets a proposed CID, no problem, they can be re-proposed. MM3https://github.com/consensus-shipyard/fendermint/pull/2013
60
ipld_resolver_bidi_connectionipld_resolver_mainThe IPLD resolver should expose a TCP connection locally where it accepts CID resolution requests and will at some point, potentially, send resolved CIDs back. We can consider using libp2p, Session Types, or gRPC for this. Probably gRPC is the best if we want to reuse this for different implementations; it's a local, trusted interface anyway.XLM3https://github.com/consensus-shipyard/ipc-ipld-resolver8
61
ipld_resolver_resolve_graphThe IPLD resolver must be able to resolve CIDs via Gossipsub, Graphsync or Bitswap. This is different from ipld_resolver_gossipsub in that it can deviate from what the spec set out.XXLM3https://github.com/consensus-shipyard/ipc-agent/issues/1721
62
ipld_resolver_has_cidipld_resolver_bidi_connectionThe IPLD resolver should be able to answer whether it has a CID already.SM31
63
ipld_resolver_resolve_asyncipld_resolver_bidi_connection,
ipld_resolver_resolve_graph		The IPLD resolver should accept asynchronous resolution requests. It should send a response message when the CID is resolved.SM3https://github.com/consensus-shipyard/fendermint/pull/2101
64
ipld_resolver_resolve_syncipld_resolver_bidi_connection,
ipld_resolver_resolve_graph		The IPLD resolver tries to resolve a CID synchronously, perhaps with a timeout.MM33
65
ncmax_handle_tx_for_resolutionncmax_tx_types,
impl_block_execution,
ipld_resolver_resolve_async		Handle proposed CIDs during block processing by adding them to the pool. When they are added, ask the IPLD resolver to procure the data.SM3https://github.com/consensus-shipyard/fendermint/pull/2011
66
ncmax_handle_check_txipld_resolver_resolve_async,
ncmax_resolution_pool		Handle CIDs which Tendermint sends for checking by adding sending them for async resolution.SM3https://github.com/consensus-shipyard/fendermint/pull/1981
67
ncmax_handle_resolved_txvalidate_tx,
ipld_resolver_resolve_async,
ncmax_resolution_pool		When notified that a CID is resolved, mark it as such so that it can be proposed next time. We can also use this step to run checks, perhaps.SM3https://github.com/consensus-shipyard/fendermint/pull/2101
68
ncmax_get_propoposalsncmax_resolution_poolList proposals which have been marked as resolved and have spent enough time in the pool so that we expect most other nodes have it.SM3https://github.com/consensus-shipyard/fendermint/pull/2031
69
ncmax_handle_tx_for_execipld_resolver_resolve_sync,
ncmax_tx_types,
impl_block_execution		Implement block processing to that messages which are CIDs are synchronously resolved. SM3https://github.com/consensus-shipyard/fendermint/issues/1971
70
relayer_follow_lotusrelayer_mainFind a way for a relayer to keep up with the results of a Lotus node and look for top-down messages in the results.LM3
https://github.com/consensus-shipyard/fendermint/pull/206		5
71
relayer_submit_to_tendermintrelayer_main,
ncmax_handle_check_tx		The relayer should package top-down messages as Tendermint transactions and send them to the child subnet. These can be sent as CIDs. Not sure if these have to be signed, or we're just happy that they have been legitimately included in the parent ledger, emitted by some actor. The transaction should contain meta-data about where it is in the Filecoin chain.LM3
https://github.com/consensus-shipyard/fendermint/pull/231		5
72
parent_view_to_lotusAdd a component to the Application that it can ask whether a certain transaction is included in a certain Filecoin block, and whether that block has finalized on the parent chain. LThis is what the "PoS Sidechains" paper calls "direct observation". In the pseudo code, in "Algorithm 9", this is realised by "mc_outgoing_tx".
https://eprint.iacr.org/2018/1239.pdf		M3https://github.com/consensus-shipyard/fendermint/pull/2055
73
abci_create_proposalparent_view_to_lotus,
ncmax_get_propoposals,
ncmax_tx_types		Handle the request from ABCI++ to create a proposal by taking the resolved CIDs from the pool, perhaps validating it now (although it could take a long time and better done already). The self-contained transactions can be left in, these have been checked already. Top-down messages should be filtered so that they are finalized in the parent chain.MM3https://github.com/consensus-shipyard/fendermint/pull/2033
74
abci_validate_proposalparent_view_to_lotus,
ncmax_tx_types,
ipld_resolver_has_cid		Handle the request from ABCI++ to vote on a proposal, if it's acceptable. Check if all CIDs are available. Check if top-down messages have been finalized in the parent chain.MM3https://github.com/consensus-shipyard/fendermint/pull/2023
75
ipc_from_tendermint_to_lotusipc_bottom_up_msg_types,
relayer_main,
ipld_resolver_gossipsub,
app_sign_checkpoint,
lotus_subnet_actor		IPC bottom-up messages are flowing from Tendermint to Lotus.XXSM30.25
76
ipc_from_lotus_to_tendermintncmax_handle_tx_for_resolution,
ncmax_handle_tx_for_exec,
abci_create_proposal,
abci_validate_proposal,
ipc_top_down_msg_types,
relayer_follow_lotus,
relayer_submit_to_tendermint		IPC top-down messages are flowing from Lotus to Tendermint.XXSM30.25
77
ipc_top_down_msg_typesstaking_actor,
dep_ipc_actors		Define types for actor initiated (ie. non-IPC related) messages that we deliver to whatever actor is the recipient.SM3https://github.com/consensus-shipyard/fendermint/pull/2311
78
ipc_bottom_up_msg_typescheckpoint_actor,
dep_ipc_actors		Define types for messages going from the subnet towards the parent.SM3https://github.com/consensus-shipyard/fendermint/pull/1871
79
lotus_dockerFind a docker image of Lotus we can use in docker-composeXSM30.5
80
ipc_docker_composetendermint_docker,
app_docker,
relayer_docker,
lotus_docker		Build a docker-compose file where everything works together. It should have things like Prometheus and Grafana for monitoring.SM3https://github.com/consensus-shipyard/fendermint/pull/2221
81
MILESTONE_3ipc_from_tendermint_to_lotus,
ipc_from_lotus_to_tendermint,
ipc_docker_compose		Milestone 3 shows that Tendermint works as a subnet of Lotus.XShttps://docs.google.com/document/d/1cFoTdoRuYgxmWJia6K-b5vmEj-4MvyHCNvShZpyconU/edit#M30.5
82
lurk_succint_whatcheckpoint_actor,
staking_actor		Think about what we could do with Lurk in the context of Tendermint. Maybe the checkpoints, perhaps that they resemble the power structure dictated by the Subnet Actor? XXLM421
83
evidence_minoripc_from_tendermint_to_lotusFigure out what kind of evidence of Byzantine behaviour we can send to the parent actor to slash an individual validator that misbehaves. This evidence can be signed by the majority of validators and be accepted as such.LM45
84
evidence_majorFigure out if there's any way we could send envidence of the majority of subnet validators misbehaving, e.g. stealing funds. Full nodes in the subnet would get a consensus failure, but how to could they convince the parent subnet? One evidence type in this category is double signing a block at the same height by the same committee, which proves that the majority was dishonest. What's more difficult to prove is a corrupted ledger, falsified checkpoint messages.XLM48
85
recursive_subnetsipc_from_tendermint_to_lotus,
ipc_from_lotus_to_tendermint,
parent_view_to_tendermint		Demonstrate that at this point it is possible to create a subnet of a subnet, with Tendermint nodes on both levels.LM45
86
validator_rewardsimpl_block_executionValidators in the subnet should get rewards, probably in a separate token from the parent subnet.LM4https://github.com/consensus-shipyard/fendermint/issues/1695
87
relayer_reward_in_tendermintrelayer_submit_to_tendermintRelayers should get rewards.MM43
88
relayer_reward_in_lotusrelayer_submit_to_lotusRelayers should get rewards.LM45
89
parent_view_to_tendermintA component which can indicate whether a top-down message is legit.LM45
90
MILESTONE_4recursive_subnets,
relayer_reward_in_tendermint,
relayer_reward_in_lotus,
evidence_minor,
evidence_major		Milestone 4 shows recursive subnets and economics.XSM40.5
91
92
93
94
95
96
97
98
99
100