PrepareProposal-VoteExtension integration (#6915)

* add proto, add boilerplates

* add canonical

* fix tests

* add vote signing test

* Update internal/consensus/msgs_test.go

* modify state execution in progress

* add extension signing

* add extension signing

* VoteExtension -> ExtendVote

* modify state execution in progress

* add extension signing

* verify in progress

* modify CommitSig

* fix test

* apply review

* update data structures

* Apply suggestions from code review

* Add comments

* fix test

* VoteExtensionSigned => VoteExtensionToSigned

* Apply suggestions from code review

Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>

* *Signed -> *ToSign

* add Vote to RequestExtendVote

* add example VoteExtension

* apply reviews

* fix vote

* Apply suggestions from code review

Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com>
Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>

* fix typo, modify proto

* add abcipp_kvstore.go

* add extension test

* fix test

* fix test

* fix test

* fit lint

* uncomment test

* refactor test in progress

* gofmt

* apply review

* fix lint

Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>
Co-authored-by: Dev Ojha <ValarDragon@users.noreply.github.com>

.github/CODEOWNERS

@@ -7,5 +7,4 @@
 # global owners are only requested if there isn't a more specific
 # codeowner specified below. For this reason, the global codeowners
 # are often repeated in package-level definitions.
-*       @alexanderbez @ebuchman @cmwaters @tessr @tychoish
-
+*       @alexanderbez @ebuchman @cmwaters @tessr @tychoish @williambanfield @creachadair

.github/workflows/coverage.yml

@@ -46,7 +46,7 @@ jobs:
         with:
           go-version: "1.16"
       - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
+      - uses: technote-space/get-diff-action@v5
         with:
           PATTERNS: |
             **/**.go
@@ -68,7 +68,7 @@ jobs:
         with:
           go-version: "1.16"
       - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
+      - uses: technote-space/get-diff-action@v5
         with:
           PATTERNS: |
             **/**.go
@@ -96,7 +96,7 @@ jobs:
     needs: tests
     steps:
       - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
+      - uses: technote-space/get-diff-action@v5
         with:
           PATTERNS: |
             **/**.go
@@ -121,7 +121,7 @@ jobs:
       - run: |
           cat ./*profile.out | grep -v "mode: atomic" >> coverage.txt
         if: env.GIT_DIFF
-      - uses: codecov/codecov-action@v1.5.0
+      - uses: codecov/codecov-action@v2.0.3
         with:
           file: ./coverage.txt
         if: env.GIT_DIFF

.github/workflows/docker.yml

@@ -40,17 +40,17 @@ jobs:
           platforms: all
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1.3.0
+        uses: docker/setup-buildx-action@v1.5.0
 
       - name: Login to DockerHub
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v1.9.0
+        uses: docker/login-action@v1.10.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v2.5.0
+        uses: docker/build-push-action@v2.7.0
         with:
           context: .
           file: ./DOCKER/Dockerfile

.github/workflows/e2e-nightly-34x.yml

@@ -49,7 +49,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal
@@ -65,7 +65,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on success
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal

.github/workflows/e2e-nightly-master.yml

@@ -17,7 +17,7 @@ jobs:
       fail-fast: false
       matrix:
         p2p: ['legacy', 'new', 'hybrid']
-        group: ['00', '01', '02', '03']
+        group: ['00', '01']
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
@@ -35,7 +35,7 @@ jobs:
       - name: Generate testnets
         working-directory: test/e2e
         # When changing -g, also change the matrix groups above
-        run: ./build/generator -g 4 -d networks/nightly/${{ matrix.p2p }} -p ${{ matrix.p2p }} 
+        run: ./build/generator -g 2 -d networks/nightly/${{ matrix.p2p }} -p ${{ matrix.p2p }}
 
       - name: Run ${{ matrix.p2p }} p2p testnets in group ${{ matrix.group }}
         working-directory: test/e2e
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal
@@ -63,7 +63,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on success
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal

.github/workflows/e2e.yml

@@ -18,7 +18,7 @@ jobs:
         with:
           go-version: '1.16'
       - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
+      - uses: technote-space/get-diff-action@v5
         with:
           PATTERNS: |
             **/**.go

.github/workflows/fuzz-nightly.yml

@@ -23,9 +23,14 @@ jobs:
         working-directory: test/fuzz
         run: go get -u github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build
 
-      - name: Fuzz mempool
+      - name: Fuzz mempool-v1
         working-directory: test/fuzz
-        run: timeout -s SIGINT --preserve-status 10m make fuzz-mempool
+        run: timeout -s SIGINT --preserve-status 10m make fuzz-mempool-v1
+        continue-on-error: true
+
+      - name: Fuzz mempool-v0
+        working-directory: test/fuzz
+        run: timeout -s SIGINT --preserve-status 10m make fuzz-mempool-v0
         continue-on-error: true
 
       - name: Fuzz p2p-addrbook
@@ -76,7 +81,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack if any crashers
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal

.github/workflows/janitor.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
-      - uses: styfle/cancel-workflow-action@0.9.0
+      - uses: styfle/cancel-workflow-action@0.9.1
         with:
           workflow_id: 1041851,1401230,2837803
           access_token: ${{ github.token }}

.github/workflows/linkchecker.yml

@@ -7,6 +7,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2.3.4
-      - uses: gaurav-nelson/github-action-markdown-link-check@1.0.12
+      - uses: gaurav-nelson/github-action-markdown-link-check@1.0.13
         with:
           folder-path: "docs"

.github/workflows/lint.yml

@@ -14,7 +14,7 @@ jobs:
     timeout-minutes: 8
     steps:
       - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
+      - uses: technote-space/get-diff-action@v5
         with:
           PATTERNS: |
             **/**.go

.github/workflows/proto-docker.yml

@@ -34,16 +34,16 @@ jobs:
           echo ::set-output name=tags::${TAGS}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1.3.0
+        uses: docker/setup-buildx-action@v1.5.0
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1.9.0
+        uses: docker/login-action@v1.10.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v2.5.0
+        uses: docker/build-push-action@v2.7.0
         with:
           context: ./tools/proto
           file: ./tools/proto/Dockerfile

.github/workflows/release.yml

@@ -2,7 +2,7 @@ name: "Release"
 
 on:
   push:
-    branches: 
+    branches:
       - "RC[0-9]/**"
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+" # Push events to matching v*, i.e. v1.0, v20.15.10
@@ -20,9 +20,6 @@ jobs:
         with:
           go-version: '1.16'
 
-      - run: echo https://github.com/tendermint/tendermint/blob/${GITHUB_REF#refs/tags/}/CHANGELOG.md#${GITHUB_REF#refs/tags/} > ../release_notes.md 
-        if: startsWith(github.ref, 'refs/tags/')
-
       - name: Build
         uses: goreleaser/goreleaser-action@v2
         if: ${{ github.event_name == 'pull_request' }}
@@ -35,6 +32,6 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         with:
           version: latest
-          args: release --rm-dist --release-notes=../release_notes.md
+          args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/stale.yml

@@ -7,12 +7,14 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v3.0.19
+      - uses: actions/stale@v4
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-pr-message: "This pull request has been automatically marked as stale because it has not had
     recent activity. It will be closed if no further activity occurs. Thank you
     for your contributions."
-          days-before-stale: 10
-          days-before-close: 4
+          days-before-stale: -1
+          days-before-close: -1
+          days-before-pr-stale: 10
+          days-before-pr-close: 4
           exempt-pr-labels: "S:wip"

.github/workflows/tests.yml

@@ -19,7 +19,7 @@ jobs:
         with:
           go-version: "1.16"
       - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
+      - uses: technote-space/get-diff-action@v5
         with:
           PATTERNS: |
             **/**.go
@@ -42,38 +42,6 @@ jobs:
           key: ${{ runner.os }}-${{ github.sha }}-tm-binary
         if: env.GIT_DIFF
 
-  test_abci_apps:
-    runs-on: ubuntu-latest
-    needs: build
-    timeout-minutes: 5
-    steps:
-      - uses: actions/setup-go@v2
-        with:
-          go-version: "1.16"
-      - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
-        with:
-          PATTERNS: |
-            **/**.go
-            go.mod
-            go.sum
-      - uses: actions/cache@v2.1.6
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-        if: env.GIT_DIFF
-      - uses: actions/cache@v2.1.6
-        with:
-          path: ~/go/bin
-          key: ${{ runner.os }}-${{ github.sha }}-tm-binary
-        if: env.GIT_DIFF
-      - name: test_abci_apps
-        run: abci/tests/test_app/test.sh
-        shell: bash
-        if: env.GIT_DIFF
-
   test_abci_cli:
     runs-on: ubuntu-latest
     needs: build
@@ -83,7 +51,7 @@ jobs:
         with:
           go-version: "1.16"
       - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
+      - uses: technote-space/get-diff-action@v5
         with:
           PATTERNS: |
             **/**.go
@@ -114,7 +82,7 @@ jobs:
         with:
           go-version: "1.16"
       - uses: actions/checkout@v2.3.4
-      - uses: technote-space/get-diff-action@v4
+      - uses: technote-space/get-diff-action@v5
         with:
           PATTERNS: |
             **/**.go

.gitignore

@@ -15,7 +15,7 @@
 .vagrant
 .vendor-new/
 .vscode/
-abci-cli
+abci/abci-cli
 addrbook.json
 artifacts/*
 build/*

.golangci.yml

@@ -26,7 +26,7 @@ linters:
     # - maligned
     - nakedret
     - prealloc
-    - scopelint
+    - exportloopref
     - staticcheck
     - structcheck
     - stylecheck
@@ -39,6 +39,7 @@ linters:
     # - wsl
     # - gocognit
     - nolintlint
+    - asciicheck
 
 issues:
   exclude-rules:

CHANGELOG.md

@@ -1,14 +1,57 @@
 # Changelog
 
+Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
+
+## v0.34.12
+
+*August 17, 2021*
+
+Special thanks to external contributors on this release: @JayT106.
+
+### FEATURES
+
+- [rpc] [\#6717](https://github.com/tendermint/tendermint/pull/6717) introduce
+  `/genesis_chunked` rpc endpoint for handling large genesis files by chunking them (@tychoish)
+
+### IMPROVEMENTS
+
+- [rpc] [\#6825](https://github.com/tendermint/tendermint/issues/6825) Remove egregious INFO log from `ABCI#Query` RPC. (@alexanderbez)
+
+### BUG FIXES
+
+- [light] [\#6685](https://github.com/tendermint/tendermint/pull/6685) fix bug
+  with incorrectly handling contexts that would occasionally freeze state sync. (@cmwaters)
+- [privval] [\#6748](https://github.com/tendermint/tendermint/issues/6748) Fix vote timestamp to prevent chain halt (@JayT106)
+
+## v0.34.11
+
+*June 18, 2021*
+
+This release improves the robustness of statesync; tweaking channel priorities and timeouts and
+adding two new parameters to the state sync config.
+
+### BREAKING CHANGES
+
+- Apps
+    - [Version] [\#6494](https://github.com/tendermint/tendermint/pull/6494) `TMCoreSemVer` is not required to be set as a ldflag any longer.
+
+### IMPROVEMENTS
+
+- [statesync] [\#6566](https://github.com/tendermint/tendermint/pull/6566) Allow state sync fetchers and request timeout to be configurable. (@alexanderbez)
+- [statesync] [\#6378](https://github.com/tendermint/tendermint/pull/6378) Retry requests for snapshots and add a minimum discovery time (5s) for new snapshots. (@tychoish)
+- [statesync] [\#6582](https://github.com/tendermint/tendermint/pull/6582) Increase chunk priority and add multiple retry chunk requests (@cmwaters)
+
+### BUG FIXES
+
+- [evidence] [\#6375](https://github.com/tendermint/tendermint/pull/6375) Fix bug with inconsistent LightClientAttackEvidence hashing (@cmwaters)
+
 ## v0.34.10
 
 *April 14, 2021*
 
-This release fixes a bug where peers would sometimes try to send messages 
+This release fixes a bug where peers would sometimes try to send messages
 on incorrect channels. Special thanks to our friends at Oasis Labs for surfacing
-this issue! 
-
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
+this issue!
 
 - [p2p/node] [\#6339](https://github.com/tendermint/tendermint/issues/6339) Fix bug with using custom channels (@cmwaters)
 - [light] [\#6346](https://github.com/tendermint/tendermint/issues/6346) Correctly handle too high errors to improve client robustness (@cmwaters)
@@ -17,7 +60,7 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
 
 *April 8, 2021*
 
-This release fixes a moderate severity security issue, Security Advisory Alderfly, 
+This release fixes a moderate severity security issue, Security Advisory Alderfly,
 which impacts all networks that rely on Tendermint light clients.
 Further details will be released once networks have upgraded.
 
@@ -25,8 +68,6 @@ This release also includes a small Go API-breaking change, to reduce panics in t
 
 Special thanks to our external contributors on this release: @gchaincl
 
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES
 
 - Go API
@@ -49,8 +90,6 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
 This release, in conjunction with [a fix in the Cosmos SDK](https://github.com/cosmos/cosmos-sdk/pull/8641),
 introduces changes that should mean the logs are much, much quieter. 🎉
 
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### IMPROVEMENTS
 
 - [libs/log] [\#6174](https://github.com/tendermint/tendermint/issues/6174) Include timestamp (`ts` field; `time.RFC3339Nano` format) in JSON logger output (@melekes)
@@ -88,15 +127,13 @@ use remote signer implementations instead of `FilePV` in production.
 Thank you to @joe-bowman for his assistance with this vulnerability and a particular
 shout-out to @marbar3778 for diagnosing it quickly.
 
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BUG FIXES
 
 - [consensus] [\#6128](https://github.com/tendermint/tendermint/pull/6128) Remove privValidator from log call (@tessr)
 
 ## v0.34.6
 
-*February 18, 2021* 
+*February 18, 2021*
 
 _Tendermint Core v0.34.5 and v0.34.6 have been recalled due to release tooling problems._
 
@@ -104,33 +141,29 @@ _Tendermint Core v0.34.5 and v0.34.6 have been recalled due to release tooling p
 
 *February 11, 2021*
 
-This release includes a fix for a memory leak in the evidence reactor (see #6068, below). 
-All Tendermint clients are recommended to upgrade. 
-Thank you to our friends at Crypto.com for the initial report of this memory leak! 
+This release includes a fix for a memory leak in the evidence reactor (see #6068, below).
+All Tendermint clients are recommended to upgrade.
+Thank you to our friends at Crypto.com for the initial report of this memory leak!
 
 Special thanks to other external contributors on this release: @yayajacky, @odidev, @laniehei, and @c29r3!
 
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BUG FIXES
 
 - [light] [\#6022](https://github.com/tendermint/tendermint/pull/6022) Fix a bug when the number of validators equals 100 (@melekes)
 - [light] [\#6026](https://github.com/tendermint/tendermint/pull/6026) Fix a bug when height isn't provided for the rpc calls: `/commit` and `/validators` (@cmwaters)
 - [evidence] [\#6068](https://github.com/tendermint/tendermint/pull/6068) Terminate broadcastEvidenceRoutine when peer is stopped (@melekes)
 
-## v0.34.3 
+## v0.34.3
 
 *January 19, 2021*
 
-This release includes a fix for a high-severity security vulnerability, 
+This release includes a fix for a high-severity security vulnerability,
 a DoS-vector that impacted Tendermint Core v0.34.0-v0.34.2. For more details, see
-[Security Advisory Mulberry](https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg) 
-or https://nvd.nist.gov/vuln/detail/CVE-2021-21271. 
+[Security Advisory Mulberry](https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg)
+or https://nvd.nist.gov/vuln/detail/CVE-2021-21271.
 
 Tendermint Core v0.34.3 also updates GoGo Protobuf to 1.3.2 in order to pick up the fix for
-https://nvd.nist.gov/vuln/detail/CVE-2021-3121. 
-
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
+https://nvd.nist.gov/vuln/detail/CVE-2021-3121.
 
 ### BUG FIXES
 
@@ -145,8 +178,6 @@ This release fixes a substantial bug in evidence handling where evidence could
 sometimes be broadcast before the block containing that evidence was fully committed,
 resulting in some nodes panicking when trying to verify said evidence.
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES
 
 - Go API
@@ -170,8 +201,6 @@ disconnecting from this node. As a temporary remedy (until the mempool package
 is refactored), the `max-batch-bytes` was disabled. Transactions will be sent
 one by one without batching.
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES
 
 - CLI/RPC/Config
@@ -200,8 +229,6 @@ Holy smokes, this is a big one! For a more reader-friendly overview of the chang
 Special thanks to external contributors on this release: @james-ray, @fedekunze, @favadi, @alessio,
 @joe-bowman, @cuonglm, @SadPencil and @dongsam.
 
-And as always, friendly reminder, that we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES
 
 - CLI/RPC/Config
@@ -228,14 +255,14 @@ And as always, friendly reminder, that we have a [bug bounty program](https://ha
   - [blockchain] [\#4637](https://github.com/tendermint/tendermint/pull/4637) Migrate blockchain reactor(s) to Protobuf encoding (@marbar3778)
   - [evidence] [\#4949](https://github.com/tendermint/tendermint/pull/4949) Migrate evidence reactor to Protobuf encoding (@marbar3778)
   - [mempool] [\#4940](https://github.com/tendermint/tendermint/pull/4940) Migrate mempool from to Protobuf encoding (@marbar3778)
-  - [mempool] [\#5321](https://github.com/tendermint/tendermint/pull/5321) Batch transactions when broadcasting them to peers (@melekes) 
+  - [mempool] [\#5321](https://github.com/tendermint/tendermint/pull/5321) Batch transactions when broadcasting them to peers (@melekes)
      - `MaxBatchBytes` new config setting defines the max size of one batch.
   - [p2p/pex] [\#4973](https://github.com/tendermint/tendermint/pull/4973) Migrate `p2p/pex` reactor to Protobuf encoding (@marbar3778)
   - [statesync] [\#4943](https://github.com/tendermint/tendermint/pull/4943) Migrate state sync reactor to Protobuf encoding (@marbar3778)
 
 - Blockchain Protocol
 
-  - [evidence] [\#4725](https://github.com/tendermint/tendermint/pull/4725) Remove `Pubkey` from `DuplicateVoteEvidence` (@marbar3778) 
+  - [evidence] [\#4725](https://github.com/tendermint/tendermint/pull/4725) Remove `Pubkey` from `DuplicateVoteEvidence` (@marbar3778)
   - [evidence] [\#5499](https://github.com/tendermint/tendermint/pull/5449) Cap evidence to a maximum number of bytes (supercedes [\#4780](https://github.com/tendermint/tendermint/pull/4780)) (@cmwaters)
   - [merkle] [\#5193](https://github.com/tendermint/tendermint/pull/5193) Header hashes are no longer empty for empty inputs, notably `DataHash`, `EvidenceHash`, and `LastResultsHash` (@erikgrinaker)
   - [state] [\#4845](https://github.com/tendermint/tendermint/pull/4845) Include `GasWanted` and `GasUsed` into `LastResultsHash` (@melekes)
@@ -294,7 +321,7 @@ And as always, friendly reminder, that we have a [bug bounty program](https://ha
   - [types] [\#4852](https://github.com/tendermint/tendermint/pull/4852) Vote & Proposal `SignBytes` is now func `VoteSignBytes` & `ProposalSignBytes` (@marbar3778)
   - [types] [\#4798](https://github.com/tendermint/tendermint/pull/4798) Simplify `VerifyCommitTrusting` func + remove extra validation (@melekes)
   - [types] [\#4845](https://github.com/tendermint/tendermint/pull/4845) Remove `ABCIResult` (@melekes)
-  - [types] [\#5029](https://github.com/tendermint/tendermint/pull/5029) Rename all values from `PartsHeader` to `PartSetHeader` to have consistency (@marbar3778) 
+  - [types] [\#5029](https://github.com/tendermint/tendermint/pull/5029) Rename all values from `PartsHeader` to `PartSetHeader` to have consistency (@marbar3778)
   - [types] [\#4939](https://github.com/tendermint/tendermint/pull/4939) `Total` in `Parts` & `PartSetHeader` has been changed from a `int` to a `uint32` (@marbar3778)
   - [types] [\#4939](https://github.com/tendermint/tendermint/pull/4939) Vote: `ValidatorIndex` & `Round` are now `int32` (@marbar3778)
   - [types] [\#4939](https://github.com/tendermint/tendermint/pull/4939) Proposal: `POLRound` & `Round` are now `int32` (@marbar3778)
@@ -332,7 +359,7 @@ And as always, friendly reminder, that we have a [bug bounty program](https://ha
 - [evidence] [\#4722](https://github.com/tendermint/tendermint/pull/4722) Consolidate evidence store and pool types to improve evidence DB (@cmwaters)
 - [evidence] [\#4839](https://github.com/tendermint/tendermint/pull/4839) Reject duplicate evidence from being proposed (@cmwaters)
 - [evidence] [\#5219](https://github.com/tendermint/tendermint/pull/5219) Change the source of evidence time to block time (@cmwaters)
-- [libs] [\#5126](https://github.com/tendermint/tendermint/pull/5126) Add a sync package which wraps sync.(RW)Mutex & deadlock.(RW)Mutex and use a build flag (deadlock) in order to enable deadlock checking (@marbar3778) 
+- [libs] [\#5126](https://github.com/tendermint/tendermint/pull/5126) Add a sync package which wraps sync.(RW)Mutex & deadlock.(RW)Mutex and use a build flag (deadlock) in order to enable deadlock checking (@marbar3778)
 - [light] [\#4935](https://github.com/tendermint/tendermint/pull/4935) Fetch and compare a new header with witnesses in parallel (@melekes)
 - [light] [\#4929](https://github.com/tendermint/tendermint/pull/4929) Compare header with witnesses only when doing bisection (@melekes)
 - [light] [\#4916](https://github.com/tendermint/tendermint/pull/4916) Validate basic for inbound validator sets and headers before further processing them (@cmwaters)
@@ -442,9 +469,6 @@ as 2/3+ of the signatures are checked._
 
 Special thanks to @njmurarka at Bluzelle Networks for reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [consensus] Do not allow signatures for a wrong block in commits (@ebuchman)
@@ -460,8 +484,6 @@ need to update your code.**
 
 Special thanks to external contributors on this release: @tau3,
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -521,8 +543,6 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 
 Special thanks to external contributors on this release: @whylee259, @greg-szabo
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -609,9 +629,6 @@ Notes:
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [mempool] Reserve IDs in InitPeer instead of AddPeer (@tessr)
@@ -624,8 +641,6 @@ program](https://hackerone.com/tendermint).
 Special thanks to external contributors on this release:
 @antho1404, @michaelfig, @gterzian, @tau3, @Shivani912
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - CLI/RPC/Config
@@ -676,9 +691,6 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 Special thanks to external contributors on this release:
 @princesinha19
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### FEATURES:
 
 - [rpc] [\#3333](https://github.com/tendermint/tendermint/issues/3333) Add `order_by` to `/tx_search` endpoint, allowing to change default ordering from asc to desc (@princesinha19)
@@ -697,9 +709,6 @@ program](https://hackerone.com/tendermint).
 
 Special thanks to external contributors on this release: @mrekucci, @PSalant726, @princesinha19, @greg-szabo, @dongsam, @cuonglm, @jgimeno, @yenkhoon
 
-Friendly reminder, we have a [bug bounty
-program.](https://hackerone.com/tendermint).
-
 *January 14, 2020*
 
 This release contains breaking changes to the `Block#Header`, specifically
@@ -928,9 +937,6 @@ Notes:
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [mempool] Reserve IDs in InitPeer instead of AddPeer (@tessr)
@@ -942,9 +948,6 @@ _January, 9, 2020_
 
 Special thanks to external contributors on this release: @greg-szabo, @gregzaitsev, @yenkhoon
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### FEATURES:
 
 - [rpc/lib] [\#4248](https://github.com/tendermint/tendermint/issues/4248) RPC client basic authentication support (@greg-szabo)
@@ -966,9 +969,6 @@ program](https://hackerone.com/tendermint).
 
 Special thanks to external contributors on this release: @erikgrinaker, @guagualvcha, @hsyis, @cosmostuba, @whunmr, @austinabell
 
-Friendly reminder, we have a [bug bounty
-program.](https://hackerone.com/tendermint).
-
 
 ### BREAKING CHANGES:
 
@@ -1008,9 +1008,6 @@ identified and fixed here.
 Special thanks to [elvishacker](https://hackerone.com/elvishacker) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -1037,9 +1034,6 @@ accepting new peers and only allowing `ed25519` pubkeys.
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for pointing
 this out.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [p2p] [\#4030](https://github.com/tendermint/tendermint/issues/4030) Only allow ed25519 pubkeys when connecting
@@ -1055,9 +1049,6 @@ All clients are recommended to upgrade. See
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for discovering
 and reporting this issue.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [p2p] [\#4030](https://github.com/tendermint/tendermint/issues/4030) Fix for panic on nil public key send to a peer
@@ -1068,9 +1059,6 @@ program](https://hackerone.com/tendermint).
 
 Special thanks to external contributors on this release: @jon-certik, @gracenoah, @PSalant726, @gchaincl
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - CLI/RPC/Config
@@ -1106,9 +1094,6 @@ guide.
 Special thanks to external contributors on this release:
 @gchaincl, @bluele, @climber73
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### IMPROVEMENTS:
 
 - [consensus] [\#3839](https://github.com/tendermint/tendermint/issues/3839) Reduce "Error attempting to add vote" message severity (Error -> Info)
@@ -1129,9 +1114,6 @@ program](https://hackerone.com/tendermint).
 Special thanks to external contributors on this release:
 @ruseinov, @bluele, @guagualvcha
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -1171,9 +1153,6 @@ This release contains a minor enhancement to the ABCI and some breaking changes
 - CheckTx requests include a `CheckTxType` enum that can be set to `Recheck` to indicate to the application that this transaction was already checked/validated and certain expensive operations (like checking signatures) can be skipped
 - Removed various functions from `libs` pkgs
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -1219,9 +1198,6 @@ and the RPC, namely:
   [docs](https://github.com/tendermint/tendermint/blob/60827f75623b92eff132dc0eff5b49d2025c591e/docs/spec/abci/abci.md#events)
 - Bind RPC to localhost by default, not to the public interface [UPGRADING/RPC_Changes](./UPGRADING.md#rpc_changes)
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 * CLI/RPC/Config
@@ -1322,8 +1298,6 @@ Notes:
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### SECURITY:
 
@@ -1344,8 +1318,6 @@ identified and fixed here.
 Special thanks to [elvishacker](https://hackerone.com/elvishacker) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES:
 
@@ -1373,8 +1345,6 @@ accepting new peers and only allowing `ed25519` pubkeys.
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for pointing
 this out.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### SECURITY:
 
@@ -1391,8 +1361,6 @@ All clients are recommended to upgrade. See
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for discovering
 and reporting this issue.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### SECURITY:
 
@@ -1688,8 +1656,6 @@ See the [v0.31.0
 Milestone](https://github.com/tendermint/tendermint/milestone/19?closed=1) for
 more details.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES:
 
@@ -1910,8 +1876,6 @@ This release contains two important fixes: one for p2p layer where we sometimes
 were not closing connections and one for consensus layer where consensus with
 no empty blocks (`create_empty_blocks = false`) could halt.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### IMPROVEMENTS:
 - [pex] [\#3037](https://github.com/tendermint/tendermint/issues/3037) Only log "Reached max attempts to dial" once
@@ -1951,8 +1915,6 @@ While we are trying to stabilize the Block protocol to preserve compatibility
 with old chains, there may be some final changes yet to come before Cosmos
 launch as we continue to audit and test the software.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES:
 
@@ -2001,8 +1963,6 @@ program](https://hackerone.com/tendermint).
 Special thanks to external contributors on this release:
 @HaoyangLiu
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BUG FIXES:
 - [consensus] Fix consensus halt from proposing blocks with too much evidence
@@ -2131,8 +2091,6 @@ Special thanks to @dlguddus for discovering a [major
 issue](https://github.com/tendermint/tendermint/issues/2718#issuecomment-440888677)
 in the proposer selection algorithm.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 This release is primarily about fixes to the proposer selection algorithm
 in preparation for the [Cosmos Game of
@@ -2195,8 +2153,6 @@ Special thanks to external contributors on this release:
 @ackratos, @goolAdapter, @james-ray, @joe-bowman, @kostko,
 @nagarajmanjunath, @tomtau
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### FEATURES:
 
@@ -2236,8 +2192,6 @@ program](https://hackerone.com/tendermint).
 Special thanks to external contributors on this release:
 @danil-lashin, @kevlubkcm, @krhubert, @srmo
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES:
 
@@ -2282,8 +2236,6 @@ program](https://hackerone.com/tendermint).
 
 Special thanks to external contributors on this release: @hleb-albau, @zhuzeyu
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### FEATURES:
 
 - [rpc] [\#2582](https://github.com/tendermint/tendermint/issues/2582) Enable CORS on RPC API (@hleb-albau)
@@ -2301,8 +2253,6 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 
 Special thanks to external contributors on this release: @katakonst
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### IMPROVEMENTS:
 
 - [consensus] [\#2704](https://github.com/tendermint/tendermint/issues/2704) Simplify valid POL round logic
@@ -2476,8 +2426,6 @@ It also addresses some issues found via security audit, removes various unused
 functions from `libs/common`, and implements
 [ADR-012](https://github.com/tendermint/tendermint/blob/develop/docs/architecture/adr-012-peer-transport.md).
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 BREAKING CHANGES:
 
 * CLI/RPC/Config

CHANGELOG_PENDING.md

@@ -9,6 +9,7 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
 ### BREAKING CHANGES
 
 - CLI/RPC/Config
+  - [pubsub/events] \#6634 The `ResultEvent.Events` field is now of type `[]abci.Event` preserving event order instead of `map[string][]string`. (@alexanderbez)
   - [config] \#5598 The `test_fuzz` and `test_fuzz_config` P2P settings have been removed. (@erikgrinaker)
   - [config] \#5728 `fast_sync = "v1"` is no longer supported (@melekes)
   - [cli] \#5772 `gen_node_key` prints JSON-encoded `NodeKey` rather than ID and does not save it to `node_key.json` (@melekes)
@@ -17,54 +18,76 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
   - [rpc] \#6168 Change default sorting to desc for `/tx_search` results (@melekes)
   - [cli] \#6282 User must specify the node mode when using `tendermint init` (@cmwaters)
   - [state/indexer] \#6382 reconstruct indexer, move txindex into the indexer package (@JayT106)
-  - [cli] \#6372 Introduce `BootstrapPeers` as part of the new p2p stack. Peers to be connected on
-    startup (@cmwaters)
-  - [config] \#6462 Move `PrivValidator` configuration out of `BaseConfig` into its own section.
-
+  - [cli] \#6372 Introduce `BootstrapPeers` as part of the new p2p stack. Peers to be connected on  startup (@cmwaters)
+  - [config] \#6462 Move `PrivValidator` configuration out of `BaseConfig` into its own section. (@tychoish)
+  - [rpc] \#6610 Add MaxPeerBlockHeight into /status rpc call (@JayT106)
+  - [fastsync/rpc] \#6620 Add TotalSyncedTime & RemainingTime to SyncInfo in /status RPC  (@JayT106)
+  - [rpc/grpc] \#6725 Mark gRPC in the RPC layer as deprecated.
+  - [blockchain/v2] \#6730 Fast Sync v2 is deprecated, please use v0
+  - [rpc] Add genesis_chunked method to support paginated and parallel fetching of large genesis documents.
+  - [rpc/jsonrpc/server] \#6785 `Listen` function updated to take an `int` argument, `maxOpenConnections`, instead of an entire config object. (@williambanfield)
+  - [rpc] \#6820 Update RPC methods to reflect changes in the p2p layer, disabling support for `UnsafeDialPeers` and `UnsafeDialPeers` when used with the new p2p layer, and changing the response format of the peer list in `NetInfo` for all users.
+  - [cli] \#6854 Remove deprecated snake case commands. (@tychoish)
 - Apps
   - [ABCI] \#6408 Change the `key` and `value` fields from `[]byte` to `string` in the `EventAttribute` type. (@alexanderbez)
   - [ABCI] \#5447 Remove `SetOption` method from `ABCI.Client` interface
   - [ABCI] \#5447 Reset `Oneof` indexes for  `Request` and `Response`.
   - [ABCI] \#5818 Use protoio for msg length delimitation. Migrates from int64 to uint64 length delimiters.
+  - [ABCI] \#3546 Add `mempool_error` field to `ResponseCheckTx`. This field will contain an error string if Tendermint encountered an error while adding a transaction to the mempool. (@williambanfield)
   - [Version] \#6494 `TMCoreSemVer` has been renamed to `TMVersion`.
-    - It is not required any longer to set ldflags to set version strings
+	- It is not required any longer to set ldflags to set version strings
+  - [abci/counter] \#6684 Delete counter example app
 
 - P2P Protocol
 
 - Go API
+  - [pubsub] \#6634 The `Query#Matches` method along with other pubsub methods, now accepts a `[]abci.Event` instead of `map[string][]string`. (@alexanderbez)
+  - [p2p] \#6618 Move `p2p.NodeInfo` into `types` to support use of the SDK. (@tychoish)
+  - [p2p] \#6583 Make `p2p.NodeID` and `p2p.NetAddress` exported types to support their use in the RPC layer. (@tychoish)
+  - [node] \#6540 Reduce surface area of the `node` package by making most of the implementation details private. (@tychoish)
+  - [p2p] \#6547 Move the entire `p2p` package and all reactor implementations into `internal`.  (@tychoish)
+  - [libs/log] \#6534 Remove the existing custom Tendermint logger backed by go-kit. The logging interface, `Logger`, remains. Tendermint still provides a default logger backed by the performant zerolog logger. (@alexanderbez)
+  - [libs/time] \#6495 Move types/time to libs/time to improve consistency. (@tychoish)
   - [mempool] \#6529 The `Context` field has been removed from the `TxInfo` type. `CheckTx` now requires a `Context` argument. (@alexanderbez)
   - [abci/client, proxy] \#5673 `Async` funcs return an error, `Sync` and `Async` funcs accept `context.Context` (@melekes)
-  - [p2p] Removed unused function `MakePoWTarget`. (@erikgrinaker)
+  - [p2p] Remove unused function `MakePoWTarget`. (@erikgrinaker)
   - [libs/bits] \#5720 Validate `BitArray` in `FromProto`, which now returns an error (@melekes)
-  - [proto/p2p] Renamed `DefaultNodeInfo` and `DefaultNodeInfoOther` to `NodeInfo` and `NodeInfoOther` (@erikgrinaker)
+  - [proto/p2p] Rename `DefaultNodeInfo` and `DefaultNodeInfoOther` to `NodeInfo` and `NodeInfoOther` (@erikgrinaker)
   - [proto/p2p] Rename `NodeInfo.default_node_id` to `node_id` (@erikgrinaker)
   - [libs/os] Kill() and {Must,}{Read,Write}File() functions have been removed. (@alessio)
   - [store] \#5848 Remove block store state in favor of using the db iterators directly (@cmwaters)
   - [state] \#5864 Use an iterator when pruning state (@cmwaters)
   - [types] \#6023 Remove `tm2pb.Header`, `tm2pb.BlockID`, `tm2pb.PartSetHeader` and `tm2pb.NewValidatorUpdate`.
-    - Each of the above types has a `ToProto` and `FromProto` method or function which replaced this logic.
+	- Each of the above types has a `ToProto` and `FromProto` method or function which replaced this logic.
   - [light] \#6054 Move `MaxRetryAttempt` option from client to provider.
-    - `NewWithOptions` now sets the max retry attempts and timeouts (@cmwaters)
+	- `NewWithOptions` now sets the max retry attempts and timeouts (@cmwaters)
   - [all] \#6077 Change spelling from British English to American (@cmwaters)
-    - Rename "Subscription.Cancelled()" to "Subscription.Canceled()" in libs/pubsub
-    - Rename "behaviour" pkg to "behavior" and internalized it in blockchain v2
+	- Rename "Subscription.Cancelled()" to "Subscription.Canceled()" in libs/pubsub
+	- Rename "behaviour" pkg to "behavior" and internalized it in blockchain v2
   - [rpc/client/http] \#6176 Remove `endpoint` arg from `New`, `NewWithTimeout` and `NewWithClient` (@melekes)
   - [rpc/client/http] \#6176 Unexpose `WSEvents` (@melekes)
   - [rpc/jsonrpc/client/ws_client] \#6176 `NewWS` no longer accepts options (use `NewWSWithOptions` and `OnReconnect` funcs to configure the client) (@melekes)
   - [internal/libs] \#6366 Move `autofile`, `clist`,`fail`,`flowrate`, `protoio`, `sync`, `tempfile`, `test` and `timer` lib packages to an internal folder
-  - [libs/rand] \#6364 Removed most of libs/rand in favour of standard lib's `math/rand` (@liamsi)
+  - [libs/rand] \#6364 Remove most of libs/rand in favour of standard lib's `math/rand` (@liamsi)
   - [mempool] \#6466 The original mempool reactor has been versioned as `v0` and moved to a sub-package under the root `mempool` package.
-    Some core types have been kept in the `mempool` package such as `TxCache` and it's implementations, the `Mempool` interface itself
-    and `TxInfo`. (@alexanderbez)
+	Some core types have been kept in the `mempool` package such as `TxCache` and it's implementations, the `Mempool` interface itself
+	and `TxInfo`. (@alexanderbez)
+  - [crypto/sr25519] \#6526 Do not re-execute the Ed25519-style key derivation step when doing signing and verification.  The derivation is now done once and only once.  This breaks `sr25519.GenPrivKeyFromSecret` output compatibility. (@Yawning)
+  - [types] \#6627 Move `NodeKey` to types to make the type public.
+  - [config] \#6627 Extend `config` to contain methods `LoadNodeKeyID` and `LoadorGenNodeKeyID`
+  - [blocksync] \#6755 Rename `FastSync` and `Blockchain` package to `BlockSync`
+	(@cmwaters)
 
 - Blockchain Protocol
 
 - Data Storage
   - [store/state/evidence/light] \#5771 Use an order-preserving varint key encoding (@cmwaters)
   - [mempool] \#6396 Remove mempool's write ahead log (WAL), (previously unused by the tendermint code). (@tychoish)
+  - [state] \#6541 Move pruneBlocks from consensus/state to state/execution. (@JayT106)
 
 - Tooling
   - [tools] \#6498 Set OS home dir to instead of the hardcoded PATH. (@JayT106)
+  - [cli/indexer] \#6676 Reindex events command line tooling. (@JayT106)
 
 ### FEATURES
 
@@ -82,11 +105,18 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
   - Applications that do not specify a priority, i.e. zero, will have transactions reaped by the order in which they are received by the node.
   - Transactions are gossiped in FIFO order as they are in `v0`.
 - [config/indexer] \#6411 Introduce support for custom event indexing data sources, specifically PostgreSQL. (@JayT106)
+- [fastsync/event] \#6619 Emit fastsync status event when switching consensus/fastsync (@JayT106)
+- [statesync/event] \#6700 Emit statesync status start/end event (@JayT106)
+- [inspect] \#6785 Add a new `inspect` command for introspecting the state and block store of a crashed tendermint node. (@williambanfield)
 
 ### IMPROVEMENTS
 
+- [libs/log] Console log formatting changes as a result of \#6534 and \#6589. (@tychoish)
+- [statesync] \#6566 Allow state sync fetchers and request timeout to be configurable. (@alexanderbez)
 - [types] \#6478 Add `block_id` to `newblock` event (@jeebster)
 - [crypto/ed25519] \#5632 Adopt zip215 `ed25519` verification. (@marbar3778)
+- [crypto/ed25519] \#6526 Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `ed25519` signing and verification. (@Yawning)
+- [crypto/sr25519] \#6526 Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `sr25519` signing and verification. (@Yawning)
 - [privval] \#5603 Add `--key` to `init`, `gen_validator`, `testnet` & `unsafe_reset_priv_validator` for use in generating `secp256k1` keys.
 - [privval] \#5725 Add gRPC support to private validator.
 - [privval] \#5876 `tendermint show-validator` will query the remote signer if gRPC is being used (@marbar3778)
@@ -116,11 +146,19 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
 - [crypto/merkle] \#6443 Improve HashAlternatives performance (@cuonglm)
 - [crypto/merkle] \#6513 Optimize HashAlternatives (@marbar3778)
 - [p2p/pex] \#6509 Improve addrBook.hash performance (@cuonglm)
+- [consensus/metrics] \#6549 Change block_size gauge to a histogram for better observability over time (@marbar3778)
+- [statesync] \#6587 Increase chunk priority and re-request chunks that don't arrive (@cmwaters)
+- [state/privval] \#6578 No GetPubKey retry beyond the proposal/voting window (@JayT106)
+- [rpc] \#6615 Add TotalGasUsed to block_results response (@crypto-facs)
+- [cmd/tendermint/commands] \#6623 replace `$HOME/.some/test/dir` with `t.TempDir` (@tanyabouman)
 
 ### BUG FIXES
 
-- [types] \#5523 Change json naming of `PartSetHeader` within `BlockID` from `parts` to `part_set_header` (@marbar3778)
 - [privval] \#5638 Increase read/write timeout to 5s and calculate ping interval based on it (@JoeKash)
 - [blockchain/v1] [\#5701](https://github.com/tendermint/tendermint/pull/5701) Handle peers without blocks (@melekes)
 - [blockchain/v1] \#5711 Fix deadlock (@melekes)
 - [evidence] \#6375 Fix bug with inconsistent LightClientAttackEvidence hashing (cmwaters)
+- [rpc] \#6507 Ensure RPC client can handle URLs without ports (@JayT106)
+- [statesync] \#6463 Adds Reverse Sync feature to fetch historical light blocks after state sync in order to verify any evidence (@cmwaters)
+- [fastsync] \#6590 Update the metrics during fast-sync (@JayT106)
+- [gitignore] \#6668 Fix gitignore of abci-cli (@tanyabouman)

CONTRIBUTING.md

@@ -227,16 +227,96 @@ Fixes #nnnn
 
 Each PR should have one commit once it lands on `master`; this can be accomplished by using the "squash and merge" button on Github. Be sure to edit your commit message, though!
 
-### Release Procedure
+### Release procedure
 
-#### Major Release
+#### A note about backport branches
+Tendermint's `master` branch is under active development.
+Releases are specified using tags and are built from long-lived "backport" branches.
+Each release "line" (e.g. 0.34 or 0.33) has its own long-lived backport branch,
+and the backport branches have names like `v0.34.x` or `v0.33.x`
+(literally, `x`; it is not a placeholder in this case).
+
+As non-breaking changes land on `master`, they should also be backported (cherry-picked)
+to these backport branches.
+
+We use Mergify's [backport feature](https://mergify.io/features/backports) to automatically backport
+to the needed branch. There should be a label for any backport branch that you'll be targeting.
+To notify the bot to backport a pull request, mark the pull request with
+the label `S:backport-to-<backport_branch>`.
+Once the original pull request is merged, the bot will try to cherry-pick the pull request
+to the backport branch. If the bot fails to backport, it will open a pull request.
+The author of the original pull request is responsible for solving the conflicts and
+merging the pull request.
+
+#### Creating a backport branch
+If this is the first release candidate for a major release, you get to have the honor of creating
+the backport branch!
+
+Note that, after creating the backport branch, you'll also need to update the tags on `master`
+so that `go mod` is able to order the branches correctly. You should tag `master` with a "dev" tag
+that is "greater than" the backport branches tags. See #6072 for more context.
+
+In the following example, we'll assume that we're making a backport branch for
+the 0.35.x line.
+
+1. Start on `master`
+2. Create the backport branch:
+   `git checkout -b v0.35.x`
+3. Go back to master and tag it as the dev branch for the _next_ major release and push it back up:
+   `git tag -a v0.36.0-dev; git push v0.36.0-dev`
+4. Create a new workflow to run the e2e nightlies for this backport branch.
+   (See https://github.com/tendermint/tendermint/blob/master/.github/workflows/e2e-nightly-34x.yml
+   for an example.)
+
+#### Release candidates
+
+Before creating an official release, especially a major release, we may want to create a
+release candidate (RC) for our friends and partners to test out. We use git tags to
+create RCs, and we build them off of backport branches.
+
+Tags for RCs should follow the "standard" release naming conventions, with `-rcX` at the end
+(for example, `v0.35.0-rc0`).
+
+(Note that branches and tags _cannot_ have the same names, so it's important that these branches
+have distinct names from the tags/release names.)
+
+If this is the first RC for a major release, you'll have to make a new backport branch (see above).
+Otherwise:
+
+1. Start from the backport branch (e.g. `v0.35.x`).
+1. Run the integration tests and the e2e nightlies
+   (which can be triggered from the Github UI;
+   e.g., https://github.com/tendermint/tendermint/actions/workflows/e2e-nightly-34x.yml).
+1. Prepare the changelog:
+   - Move the changes included in `CHANGELOG_PENDING.md` into `CHANGELOG.md`.
+   - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
+     all PRs
+   - Ensure that UPGRADING.md is up-to-date and includes notes on any breaking changes
+      or other upgrading flows.
+   - Bump TMVersionDefault version in  `version.go`
+   - Bump P2P and block protocol versions in  `version.go`, if necessary
+   - Bump ABCI protocol version in `version.go`, if necessary
+1. Open a PR with these changes against the backport branch.
+1. Once these changes have landed on the backport branch, be sure to pull them back down locally.
+2. Once you have the changes locally, create the new tag, specifying a name and a tag "message":
+   `git tag -a v0.35.0-rc0 -m "Release Candidate v0.35.0-rc0`
+3. Push the tag back up to origin:
+   `git push origin v0.35.0-rc0`
+   Now the tag should be available on the repo's releases page.
+4. Future RCs will continue to be built off of this branch.
+
+Note that this process should only be used for "true" RCs--
+release candidates that, if successful, will be the next release.
+For more experimental "RCs," create a new, short-lived branch and tag that instead.
+
+#### Major release
 
 This major release process assumes that this release was preceded by release candidates.
-If there were no release candidates, and you'd like to cut a major release directly from master, see below.
+If there were no release candidates, begin by creating a backport branch, as described above.
 
-1. Start on the latest RC branch (`RCx/vX.X.0`).
-2. Run integration tests.
-3. Branch off of the RC branch (`git checkout -b release-prep`) and prepare the release:
+1. Start on the backport branch (e.g. `v0.35.x`)
+2. Run integration tests and the e2e nightlies.
+3. Prepare the release:
    - "Squash" changes from the changelog entries for the RCs into a single entry,
       and add all changes included in `CHANGELOG_PENDING.md`.
       (Squashing includes both combining all entries, as well as removing or simplifying
@@ -248,58 +328,24 @@ If there were no release candidates, and you'd like to cut a major release direc
    - Bump TMVersionDefault version in  `version.go`
    - Bump P2P and block protocol versions in  `version.go`, if necessary
    - Bump ABCI protocol version in `version.go`, if necessary
-   - Add any release notes you would like to be added to the body of the release to `release_notes.md`.
-4. Open a PR with these changes against the RC branch (`RCx/vX.X.0`).
-5. Once these changes are on the RC branch, branch off of the RC branch again to create a release branch:
-   - `git checkout RCx/vX.X.0`
-   - `git checkout -b release/vX.X.0`
-6. Push a tag with prepared release details. This will trigger the actual release `vX.X.0`.
-   - `git tag -a vX.X.0 -m 'Release vX.X.0'`
-   - `git push origin vX.X.0`
+4. Open a PR with these changes against the backport branch.
+5. Once these changes are on the backport branch, push a tag with prepared release details.
+   This will trigger the actual release `v0.35.0`.
+   - `git tag -a v0.35.0 -m 'Release v0.35.0'`
+   - `git push origin v0.35.0`
 7. Make sure that `master` is updated with the latest `CHANGELOG.md`, `CHANGELOG_PENDING.md`, and `UPGRADING.md`.
-8. Create the long-lived minor release branch `RC0/vX.X.1` for the next point release on this
-   new major release series.
 
-##### Major Release (from `master`)
-
-1. Start on `master`
-2. Run integration tests (see `test_integrations` in Makefile)
-3. Prepare release in a pull request against `master` (to be squash merged):
-   - Copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`; if this release
-      had release candidates, squash all the RC updates into one
-   - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
-     all issues
-   - Run `bash ./scripts/authors.sh` to get a list of authors since the latest
-     release, and add the github aliases of external contributors to the top of
-     the changelog. To lookup an alias from an email, try `bash ./scripts/authors.sh <email>`
-   - Reset the `CHANGELOG_PENDING.md`
-   - Bump TMVersionDefault version in  `version.go`
-   - Bump P2P and block protocol versions in  `version.go`, if necessary
-   - Bump ABCI protocol version in `version.go`, if necessary
-   - Make sure all significant breaking changes are covered in `UPGRADING.md`
-   - Add any release notes you would like to be added to the body of the release to `release_notes.md`.
-4. Push a tag with prepared release details (this will trigger the release `vX.X.0`)
-   - `git tag -a vX.X.x -m 'Release vX.X.x'`
-   - `git push origin vX.X.x`
-5. Update the `CHANGELOG.md` file on master with the releases changelog.
-6. Delete any RC branches and tags for this release (if applicable)
-
-#### Minor Release (Point Releases)
+#### Minor release (point releases)
 
 Minor releases are done differently from major releases: They are built off of long-lived backport branches, rather than from master.
-Each release "line" (e.g. 0.34 or 0.33) has its own long-lived backport branch, and
-the backport branches have names like `v0.34.x` or `v0.33.x` (literally, `x`; it is not a placeholder in this case).
-
 As non-breaking changes land on `master`, they should also be backported (cherry-picked) to these backport branches.
 
-We use Mergify's [backport feature](https://mergify.io/features/backports) to automatically backport to the needed branch. Depending on which backport branch you need to backport to there will be labels for them. To notify the bot to backport a pull request, mark the pull request with the label `backport-to-<backport_branch>`. Once the original pull request is merged, the bot will try to cherry-pick the pull request to the backport branch. If the bot fails to backport, it will open a pull request. The author of the original pull request is responsible for solving the conflicts and merging the pull request.
-
 Minor releases don't have release candidates by default, although any tricky changes may merit a release candidate.
 
 To create a minor release:
 
-1. Checkout the long-lived backport branch: `git checkout vX.X.x`
-2. Run integration tests: `make test_integrations`
+1. Checkout the long-lived backport branch: `git checkout v0.35.x`
+2. Run integration tests (`make test_integrations`) and the nightlies.
 3. Check out a new branch and prepare the release:
    - Copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`
    - Run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for all issues
@@ -308,35 +354,14 @@ To create a minor release:
    - Bump the ABCI version number, if necessary.
      (Note that ABCI follows semver, and that ABCI versions are the only versions
      which can change during minor releases, and only field additions are valid minor changes.)
-   - Add any release notes you would like to be added to the body of the release to `release_notes.md`.
-4. Open a PR with these changes that will land them back on `vX.X.x`
+4. Open a PR with these changes that will land them back on `v0.35.x`
 5. Once this change has landed on the backport branch, make sure to pull it locally, then push a tag.
-   - `git tag -a vX.X.x -m 'Release vX.X.x'`
-   - `git push origin vX.X.x`
+   - `git tag -a v0.35.1 -m 'Release v0.35.1'`
+   - `git push origin v0.35.1`
 6. Create a pull request back to master with the CHANGELOG & version changes from the latest release.
    - Remove all `R:minor` labels from the pull requests that were included in the release.
    - Do not merge the backport branch into master.
 
-#### Release Candidates
-
-Before creating an official release, especially a major release, we may want to create a
-release candidate (RC) for our friends and partners to test out. We use git tags to
-create RCs, and we build them off of RC branches. RC branches typically have names formatted
-like `RCX/vX.X.X` (or, concretely, `RC0/v0.34.0`), while the tags themselves follow
-the "standard" release naming conventions, with `-rcX` at the end (`vX.X.X-rcX`).
-
-(Note that branches and tags _cannot_ have the same names, so it's important that these branches
-have distinct names from the tags/release names.)
-
-1. Start from the RC branch (e.g. `RC0/v0.34.0`).
-2. Create the new tag, specifying a name and a tag "message":
-   `git tag -a v0.34.0-rc0 -m "Release Candidate v0.34.0-rc0`
-3. Push the tag back up to origin:
-   `git push origin v0.34.0-rc4`
-   Now the tag should be available on the repo's releases page.
-4. Create a new release candidate branch for any possible updates to the RC:
-   `git checkout -b RC1/v0.34.0; git push origin RC1/v0.34.0`
-
 ## Testing
 
 ### Unit tests

DOCKER/Dockerfile

@@ -1,5 +1,5 @@
 # stage 1 Generate Tendermint Binary
-FROM golang:1.15-alpine as builder
+FROM golang:1.16-alpine as builder
 RUN apk update && \
     apk upgrade && \
     apk --no-cache add make

DOCKER/Dockerfile.build_c-amazonlinux

@@ -9,7 +9,7 @@ RUN wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm &
 RUN yum -y groupinstall "Development Tools"
 RUN yum -y install leveldb-devel which
 
-ENV GOVERSION=1.12.9
+ENV GOVERSION=1.16.5
 
 RUN cd /tmp && \
     wget https://dl.google.com/go/go${GOVERSION}.linux-amd64.tar.gz && \

Makefile

@@ -202,7 +202,7 @@ format:
 
 lint:
 	@echo "--> Running linter"
-	@golangci-lint run
+	go run github.com/golangci/golangci-lint/cmd/golangci-lint run
 .PHONY: lint
 
 DESTINATION = ./index.html.md
@@ -231,6 +231,15 @@ build-docker: build-linux
 	rm -rf DOCKER/tendermint
 .PHONY: build-docker
 
+
+###############################################################################
+###                       Mocks 											###
+###############################################################################
+
+mockery:
+	go generate -run="./scripts/mockery_generate.sh" ./...
+.PHONY: mockery
+
 ###############################################################################
 ###                       Local testnet using docker                        ###
 ###############################################################################

README.md

@@ -8,7 +8,7 @@ Or [Blockchain](<https://en.wikipedia.org/wiki/Blockchain_(database)>), for shor
 
 [![version](https://img.shields.io/github/tag/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/releases/latest)
 [![API Reference](https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667)](https://pkg.go.dev/github.com/tendermint/tendermint)
-[![Go version](https://img.shields.io/badge/go-1.15-blue.svg)](https://github.com/moovweb/gvm)
+[![Go version](https://img.shields.io/badge/go-1.16-blue.svg)](https://github.com/moovweb/gvm)
 [![Discord chat](https://img.shields.io/discord/669268347736686612.svg)](https://discord.gg/vcExX9T)
 [![license](https://img.shields.io/github/license/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/blob/master/LICENSE)
 [![tendermint/tendermint](https://tokei.rs/b1/github/tendermint/tendermint?category=lines)](https://github.com/tendermint/tendermint)
@@ -48,7 +48,7 @@ to notify you of vulnerabilities and fixes in Tendermint Core. You can subscribe
 
 | Requirement | Notes            |
 |-------------|------------------|
-| Go version  | Go1.15 or higher |
+| Go version  | Go1.16 or higher |
 
 ## Documentation
 

UPGRADING.md

@@ -17,21 +17,45 @@ This guide provides instructions for upgrading to specific versions of Tendermin
 
 ### Config Changes
 
-* `fast_sync = "v1"` is no longer supported. Please use `v2` instead.
+* `fast_sync = "v1"` and `fast_sync = "v2"` are no longer supported. Please use `v0` instead.
 
 * All config parameters are now hyphen-case (also known as kebab-case) instead of snake_case. Before restarting the node make sure
   you have updated all the variables in your `config.toml` file.
 
 * Added `--mode` flag and `mode` config variable on `config.toml` for setting Mode of the Node: `full` | `validator` | `seed` (default: `full`)
   [ADR-52](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-052-tendermint-mode.md)
-  
+
 * `BootstrapPeers` has been added as part of the new p2p stack. This will eventually replace
   `Seeds`. Bootstrap peers are connected with on startup if needed for peer discovery. Unlike
-  persistent peers, there's no gaurantee that the node will remain connected with these peers. 
+  persistent peers, there's no gaurantee that the node will remain connected with these peers.
 
-- configuration values starting with `priv-validator-` have moved to the new
+* configuration values starting with `priv-validator-` have moved to the new
   `priv-validator` section, without the `priv-validator-` prefix.
 
+* The fast sync process as well as the blockchain package and service has all
+  been renamed to block sync
+
+### Key Format Changes
+
+The format of all tendermint on-disk database keys changes in
+0.35. Upgrading nodes must either re-sync all data or run a migration
+script provided in this release. The script located in
+`github.com/tendermint/tendermint/scripts/keymigrate/migrate.go`
+provides the function `Migrate(context.Context, db.DB)` which you can
+operationalize as makes sense for your deployment.
+
+For ease of use the `tendermint` command includes a CLI version of the
+migration script, which you can invoke, as in:
+
+	tendermint key-migrate
+
+This reads the configuration file as normal and allows the
+`--db-backend` and `--db-dir` flags to change database operations as
+needed.
+
+The migration operation is idempotent and can be run more than once,
+if needed.
+
 ### CLI Changes
 
 * You must now specify the node mode (validator|full|seed) in `tendermint init [mode]`
@@ -47,13 +71,68 @@ This guide provides instructions for upgrading to specific versions of Tendermin
 
 * CLI commands and flags are all now hyphen-case instead of snake_case.
   Make sure to adjust any scripts that calls a cli command with snake_casing
+
+### API Changes
+
+The p2p layer was reimplemented as part of the 0.35 release cycle, and
+all reactors were refactored. As part of that work these
+implementations moved into the `internal` package and are no longer
+considered part of the public Go API of tendermint. These packages
+are:
+
+- `p2p`
+- `mempool`
+- `consensus`
+- `statesync`
+- `blockchain`
+- `evidence`
+
+Accordingly, the `node` package was changed to reduce access to
+tendermint internals: applications that use tendermint as a library
+will need to change to accommodate these changes. Most notably:
+
+- The `Node` type has become internal, and all constructors return a
+  `service.Service` implementation.
+
+- The `node.DefaultNewNode` and `node.NewNode` constructors are no
+  longer exported and have been replaced with `node.New` and
+  `node.NewDefault` which provide more functional interfaces.
+
+### RPC changes
+
+#### gRPC Support
+
+Mark gRPC in the RPC layer as deprecated and to be removed in 0.36.
+
+#### Peer Management Interface
+
+When running with the new P2P Layer, the methods `UnsafeDialSeeds` and
+`UnsafeDialPeers` RPC methods will always return an error. They are
+deprecated and will be removed in 0.36 when the legacy peer stack is
+removed.
+
+Additionally the format of the Peer list returned in the `NetInfo`
+method changes in this release to accommodate the different way that
+the new stack tracks data about peers. This change affects users of
+both stacks.
+
+### Support for Custom Reactor and Mempool Implementations
+
+The changes to p2p layer removed existing support for custom
+reactors. Based on our understanding of how this functionality was
+used, the introduction of the prioritized mempool covers nearly all of
+the use cases for custom reactors. If you are currently running custom
+reactors and mempools and are having trouble seeing the migration path
+for your project please feel free to reach out to the Tendermint Core
+development team directly.
+
 ## v0.34.0
 
 **Upgrading to Tendermint 0.34 requires a blockchain restart.**
 This release is not compatible with previous blockchains due to changes to
 the encoding format (see "Protocol Buffers," below) and the block header (see "Blockchain Protocol").
 
-Note also that Tendermint 0.34 also requires Go 1.15 or higher.
+Note also that Tendermint 0.34 also requires Go 1.16 or higher.
 
 ### ABCI Changes
 
@@ -200,8 +279,8 @@ Other user-relevant changes include:
 
 * The old `lite` package was removed; the new light client uses the `light` package.
 * The `Verifier` was broken up into two pieces:
-    * Core verification logic (pure `VerifyX` functions)
-    * `Client` object, which represents the complete light client
+	* Core verification logic (pure `VerifyX` functions)
+	* `Client` object, which represents the complete light client
 * The new light clients stores headers & validator sets as `LightBlock`s
 * The RPC client can be found in the `/rpc` directory.
 * The HTTP(S) proxy is located in the `/proxy` directory.
@@ -333,12 +412,12 @@ Evidence Params has been changed to include duration.
 ### Go API
 
 * `libs/common` has been removed in favor of specific pkgs.
-    * `async`
-    * `service`
-    * `rand`
-    * `net`
-    * `strings`
-    * `cmap`
+	* `async`
+	* `service`
+	* `rand`
+	* `net`
+	* `strings`
+	* `cmap`
 * removal of `errors` pkg
 
 ### RPC Changes
@@ -407,9 +486,9 @@ Prior to the update, suppose your `ResponseDeliverTx` look like:
 ```go
 abci.ResponseDeliverTx{
   Tags: []kv.Pair{
-    {Key: []byte("sender"), Value: []byte("foo")},
-    {Key: []byte("recipient"), Value: []byte("bar")},
-    {Key: []byte("amount"), Value: []byte("35")},
+	{Key: []byte("sender"), Value: []byte("foo")},
+	{Key: []byte("recipient"), Value: []byte("bar")},
+	{Key: []byte("amount"), Value: []byte("35")},
   }
 }
 ```
@@ -428,14 +507,14 @@ the following `Events`:
 ```go
 abci.ResponseDeliverTx{
   Events: []abci.Event{
-    {
-      Type: "transfer",
-      Attributes: kv.Pairs{
-        {Key: []byte("sender"), Value: []byte("foo")},
-        {Key: []byte("recipient"), Value: []byte("bar")},
-        {Key: []byte("amount"), Value: []byte("35")},
-      },
-    }
+	{
+	  Type: "transfer",
+	  Attributes: kv.Pairs{
+		{Key: []byte("sender"), Value: []byte("foo")},
+		{Key: []byte("recipient"), Value: []byte("bar")},
+		{Key: []byte("amount"), Value: []byte("35")},
+	  },
+	}
 }
 ```
 
@@ -483,9 +562,9 @@ In this case, the WS client will receive an error with description:
   "jsonrpc": "2.0",
   "id": "{ID}#event",
   "error": {
-    "code": -32000,
-    "msg": "Server error",
-    "data": "subscription was canceled (reason: client is not pulling messages fast enough)" // or "subscription was canceled (reason: Tendermint exited)"
+	"code": -32000,
+	"msg": "Server error",
+	"data": "subscription was canceled (reason: client is not pulling messages fast enough)" // or "subscription was canceled (reason: Tendermint exited)"
   }
 }
 
@@ -691,9 +770,9 @@ just the `Data` field set:
 
 ```go
 []ProofOp{
-    ProofOp{
-        Data: <proof bytes>,
-    }
+	ProofOp{
+		Data: <proof bytes>,
+	}
 }
 ```
 

abci/client/client.go

@@ -15,7 +15,7 @@ const (
 	echoRetryIntervalSeconds = 1
 )
 
-//go:generate mockery --case underscore --name Client
+//go:generate ../../scripts/mockery_generate.sh Client
 
 // Client defines an interface for an ABCI client.
 //
@@ -46,6 +46,9 @@ type Client interface {
 	OfferSnapshotAsync(context.Context, types.RequestOfferSnapshot) (*ReqRes, error)
 	LoadSnapshotChunkAsync(context.Context, types.RequestLoadSnapshotChunk) (*ReqRes, error)
 	ApplySnapshotChunkAsync(context.Context, types.RequestApplySnapshotChunk) (*ReqRes, error)
+	ExtendVoteAsync(context.Context, types.RequestExtendVote) (*ReqRes, error)
+	VerifyVoteExtensionAsync(context.Context, types.RequestVerifyVoteExtension) (*ReqRes, error)
+	PrepareProposalAsync(context.Context, types.RequestPrepareProposal) (*ReqRes, error)
 
 	// Synchronous requests
 	FlushSync(context.Context) error
@@ -62,6 +65,9 @@ type Client interface {
 	OfferSnapshotSync(context.Context, types.RequestOfferSnapshot) (*types.ResponseOfferSnapshot, error)
 	LoadSnapshotChunkSync(context.Context, types.RequestLoadSnapshotChunk) (*types.ResponseLoadSnapshotChunk, error)
 	ApplySnapshotChunkSync(context.Context, types.RequestApplySnapshotChunk) (*types.ResponseApplySnapshotChunk, error)
+	ExtendVoteSync(context.Context, types.RequestExtendVote) (*types.ResponseExtendVote, error)
+	VerifyVoteExtensionSync(context.Context, types.RequestVerifyVoteExtension) (*types.ResponseVerifyVoteExtension, error)
+	PrepareProposalSync(context.Context, types.RequestPrepareProposal) (*types.ResponsePrepareProposal, error)
 }
 
 //----------------------------------------

abci/client/grpc_client.go

@@ -314,6 +314,66 @@ func (cli *grpcClient) ApplySnapshotChunkAsync(
 	)
 }
 
+// NOTE: call is synchronous, use ctx to break early if needed
+func (cli *grpcClient) ExtendVoteAsync(
+	ctx context.Context,
+	params types.RequestExtendVote,
+) (*ReqRes, error) {
+	req := types.ToRequestExtendVote(params)
+	res, err := cli.client.ExtendVote(ctx, req.GetExtendVote(), grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	return cli.finishAsyncCall(
+		ctx,
+		req,
+		&types.Response{Value: &types.Response_ExtendVote{ExtendVote: res}},
+	)
+}
+
+// NOTE: call is synchronous, use ctx to break early if needed
+func (cli *grpcClient) VerifyVoteExtensionAsync(
+	ctx context.Context,
+	params types.RequestVerifyVoteExtension,
+) (*ReqRes, error) {
+	req := types.ToRequestVerifyVoteExtension(params)
+	res, err := cli.client.VerifyVoteExtension(ctx, req.GetVerifyVoteExtension(), grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	return cli.finishAsyncCall(
+		ctx,
+		req,
+		&types.Response{
+			Value: &types.Response_VerifyVoteExtension{
+				VerifyVoteExtension: res,
+			},
+		},
+	)
+}
+
+func (cli *grpcClient) PrepareProposalAsync(
+	ctx context.Context,
+	params types.RequestPrepareProposal,
+) (*ReqRes, error) {
+
+	req := types.ToRequestPrepareProposal(params)
+	res, err := cli.client.PrepareProposal(ctx, req.GetPrepareProposal(), grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+
+	return cli.finishAsyncCall(
+		ctx,
+		req,
+		&types.Response{
+			Value: &types.Response_PrepareProposal{
+				PrepareProposal: res,
+			},
+		},
+	)
+}
+
 // finishAsyncCall creates a ReqRes for an async call, and immediately populates it
 // with the response. We don't complete it until it's been ordered via the channel.
 func (cli *grpcClient) finishAsyncCall(ctx context.Context, req *types.Request, res *types.Response) (*ReqRes, error) {
@@ -504,3 +564,37 @@ func (cli *grpcClient) ApplySnapshotChunkSync(
 	}
 	return cli.finishSyncCall(reqres).GetApplySnapshotChunk(), cli.Error()
 }
+
+func (cli *grpcClient) ExtendVoteSync(
+	ctx context.Context,
+	params types.RequestExtendVote) (*types.ResponseExtendVote, error) {
+
+	reqres, err := cli.ExtendVoteAsync(ctx, params)
+	if err != nil {
+		return nil, err
+	}
+	return cli.finishSyncCall(reqres).GetExtendVote(), cli.Error()
+}
+
+func (cli *grpcClient) VerifyVoteExtensionSync(
+	ctx context.Context,
+	params types.RequestVerifyVoteExtension) (*types.ResponseVerifyVoteExtension, error) {
+
+	reqres, err := cli.VerifyVoteExtensionAsync(ctx, params)
+	if err != nil {
+		return nil, err
+	}
+	return cli.finishSyncCall(reqres).GetVerifyVoteExtension(), cli.Error()
+}
+
+func (cli *grpcClient) PrepareProposalSync(
+	ctx context.Context,
+	params types.RequestPrepareProposal,
+) (*types.ResponsePrepareProposal, error) {
+
+	reqres, err := cli.PrepareProposalAsync(ctx, params)
+	if err != nil {
+		return nil, err
+	}
+	return cli.finishSyncCall(reqres).GetPrepareProposal(), cli.Error()
+}

abci/client/local_client.go

@@ -204,6 +204,48 @@ func (app *localClient) ApplySnapshotChunkAsync(
 	), nil
 }
 
+func (app *localClient) ExtendVoteAsync(
+	ctx context.Context,
+	req types.RequestExtendVote,
+) (*ReqRes, error) {
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
+	res := app.Application.ExtendVote(req)
+	return app.callback(
+		types.ToRequestExtendVote(req),
+		types.ToResponseExtendVote(res),
+	), nil
+}
+
+func (app *localClient) VerifyVoteExtensionAsync(
+	ctx context.Context,
+	req types.RequestVerifyVoteExtension,
+) (*ReqRes, error) {
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
+	res := app.Application.VerifyVoteExtension(req)
+	return app.callback(
+		types.ToRequestVerifyVoteExtension(req),
+		types.ToResponseVerifyVoteExtension(res),
+	), nil
+}
+
+func (app *localClient) PrepareProposalAsync(
+	ctx context.Context,
+	req types.RequestPrepareProposal,
+) (*ReqRes, error) {
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
+	res := app.Application.PrepareProposal(req)
+	return app.callback(
+		types.ToRequestPrepareProposal(req),
+		types.ToResponsePrepareProposal(res),
+	), nil
+}
+
 //-------------------------------------------------------
 
 func (app *localClient) FlushSync(ctx context.Context) error {
@@ -346,6 +388,39 @@ func (app *localClient) ApplySnapshotChunkSync(
 	return &res, nil
 }
 
+func (app *localClient) ExtendVoteSync(
+	ctx context.Context,
+	req types.RequestExtendVote) (*types.ResponseExtendVote, error) {
+
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
+	res := app.Application.ExtendVote(req)
+	return &res, nil
+}
+
+func (app *localClient) VerifyVoteExtensionSync(
+	ctx context.Context,
+	req types.RequestVerifyVoteExtension) (*types.ResponseVerifyVoteExtension, error) {
+
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
+	res := app.Application.VerifyVoteExtension(req)
+	return &res, nil
+}
+
+func (app *localClient) PrepareProposalSync(
+	ctx context.Context,
+	req types.RequestPrepareProposal,
+) (*types.ResponsePrepareProposal, error) {
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
+	res := app.Application.PrepareProposal(req)
+	return &res, nil
+}
+
 //-------------------------------------------------------
 
 func (app *localClient) callback(req *types.Request, res *types.Response) *ReqRes {

abci/client/mocks/client.go

@@ -1,4 +1,4 @@
-// Code generated by mockery 2.7.4. DO NOT EDIT.
+// Code generated by mockery. DO NOT EDIT.
 
 package mocks
 
@@ -355,6 +355,52 @@ func (_m *Client) Error() error {
 	return r0
 }
 
+// ExtendVoteAsync provides a mock function with given fields: _a0, _a1
+func (_m *Client) ExtendVoteAsync(_a0 context.Context, _a1 types.RequestExtendVote) (*abcicli.ReqRes, error) {
+	ret := _m.Called(_a0, _a1)
+
+	var r0 *abcicli.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestExtendVote) *abcicli.ReqRes); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*abcicli.ReqRes)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, types.RequestExtendVote) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// ExtendVoteSync provides a mock function with given fields: _a0, _a1
+func (_m *Client) ExtendVoteSync(_a0 context.Context, _a1 types.RequestExtendVote) (*types.ResponseExtendVote, error) {
+	ret := _m.Called(_a0, _a1)
+
+	var r0 *types.ResponseExtendVote
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestExtendVote) *types.ResponseExtendVote); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*types.ResponseExtendVote)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, types.RequestExtendVote) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
 // FlushAsync provides a mock function with given fields: _a0
 func (_m *Client) FlushAsync(_a0 context.Context) (*abcicli.ReqRes, error) {
 	ret := _m.Called(_a0)
@@ -669,6 +715,52 @@ func (_m *Client) OnStop() {
 	_m.Called()
 }
 
+// PrepareProposalAsync provides a mock function with given fields: _a0, _a1
+func (_m *Client) PrepareProposalAsync(_a0 context.Context, _a1 types.RequestPrepareProposal) (*abcicli.ReqRes, error) {
+	ret := _m.Called(_a0, _a1)
+
+	var r0 *abcicli.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestPrepareProposal) *abcicli.ReqRes); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*abcicli.ReqRes)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, types.RequestPrepareProposal) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// PrepareProposalSync provides a mock function with given fields: _a0, _a1
+func (_m *Client) PrepareProposalSync(_a0 context.Context, _a1 types.RequestPrepareProposal) (*types.ResponsePrepareProposal, error) {
+	ret := _m.Called(_a0, _a1)
+
+	var r0 *types.ResponsePrepareProposal
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestPrepareProposal) *types.ResponsePrepareProposal); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*types.ResponsePrepareProposal)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, types.RequestPrepareProposal) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
 // QueryAsync provides a mock function with given fields: _a0, _a1
 func (_m *Client) QueryAsync(_a0 context.Context, _a1 types.RequestQuery) (*abcicli.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)
@@ -797,6 +889,52 @@ func (_m *Client) String() string {
 	return r0
 }
 
+// VerifyVoteExtensionAsync provides a mock function with given fields: _a0, _a1
+func (_m *Client) VerifyVoteExtensionAsync(_a0 context.Context, _a1 types.RequestVerifyVoteExtension) (*abcicli.ReqRes, error) {
+	ret := _m.Called(_a0, _a1)
+
+	var r0 *abcicli.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestVerifyVoteExtension) *abcicli.ReqRes); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*abcicli.ReqRes)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, types.RequestVerifyVoteExtension) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// VerifyVoteExtensionSync provides a mock function with given fields: _a0, _a1
+func (_m *Client) VerifyVoteExtensionSync(_a0 context.Context, _a1 types.RequestVerifyVoteExtension) (*types.ResponseVerifyVoteExtension, error) {
+	ret := _m.Called(_a0, _a1)
+
+	var r0 *types.ResponseVerifyVoteExtension
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestVerifyVoteExtension) *types.ResponseVerifyVoteExtension); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*types.ResponseVerifyVoteExtension)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, types.RequestVerifyVoteExtension) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
 // Wait provides a mock function with given fields:
 func (_m *Client) Wait() {
 	_m.Called()

abci/client/socket_client.go

@@ -295,6 +295,27 @@ func (cli *socketClient) ApplySnapshotChunkAsync(
 	return cli.queueRequestAsync(ctx, types.ToRequestApplySnapshotChunk(req))
 }
 
+func (cli *socketClient) ExtendVoteAsync(
+	ctx context.Context,
+	req types.RequestExtendVote,
+) (*ReqRes, error) {
+	return cli.queueRequestAsync(ctx, types.ToRequestExtendVote(req))
+}
+
+func (cli *socketClient) VerifyVoteExtensionAsync(
+	ctx context.Context,
+	req types.RequestVerifyVoteExtension,
+) (*ReqRes, error) {
+	return cli.queueRequestAsync(ctx, types.ToRequestVerifyVoteExtension(req))
+}
+
+func (cli *socketClient) PrepareProposalAsync(
+	ctx context.Context,
+	req types.RequestPrepareProposal,
+) (*ReqRes, error) {
+	return cli.queueRequestAsync(ctx, types.ToRequestPrepareProposal(req))
+}
+
 //----------------------------------------
 
 func (cli *socketClient) FlushSync(ctx context.Context) error {
@@ -465,6 +486,40 @@ func (cli *socketClient) ApplySnapshotChunkSync(
 	return reqres.Response.GetApplySnapshotChunk(), nil
 }
 
+func (cli *socketClient) ExtendVoteSync(
+	ctx context.Context,
+	req types.RequestExtendVote) (*types.ResponseExtendVote, error) {
+
+	reqres, err := cli.queueRequestAndFlushSync(ctx, types.ToRequestExtendVote(req))
+	if err != nil {
+		return nil, err
+	}
+	return reqres.Response.GetExtendVote(), nil
+}
+
+func (cli *socketClient) VerifyVoteExtensionSync(
+	ctx context.Context,
+	req types.RequestVerifyVoteExtension) (*types.ResponseVerifyVoteExtension, error) {
+
+	reqres, err := cli.queueRequestAndFlushSync(ctx, types.ToRequestVerifyVoteExtension(req))
+	if err != nil {
+		return nil, err
+	}
+	return reqres.Response.GetVerifyVoteExtension(), nil
+}
+
+func (cli *socketClient) PrepareProposalSync(
+	ctx context.Context,
+	req types.RequestPrepareProposal,
+) (*types.ResponsePrepareProposal, error) {
+
+	reqres, err := cli.queueRequestAndFlushSync(ctx, types.ToRequestPrepareProposal(req))
+	if err != nil {
+		return nil, err
+	}
+	return reqres.Response.GetPrepareProposal(), nil
+}
+
 //----------------------------------------
 
 // queueRequest enqueues req onto the queue. If the queue is full, it ether
@@ -591,6 +646,12 @@ func resMatchesReq(req *types.Request, res *types.Response) (ok bool) {
 		_, ok = res.Value.(*types.Response_ListSnapshots)
 	case *types.Request_OfferSnapshot:
 		_, ok = res.Value.(*types.Response_OfferSnapshot)
+	case *types.Request_ExtendVote:
+		_, ok = res.Value.(*types.Response_ExtendVote)
+	case *types.Request_VerifyVoteExtension:
+		_, ok = res.Value.(*types.Response_VerifyVoteExtension)
+	case *types.Request_PrepareProposal:
+		_, ok = res.Value.(*types.Response_PrepareProposal)
 	}
 	return ok
 }

abci/cmd/abci-cli/abci-cli.go

@@ -17,7 +17,6 @@ import (
 
 	abcicli "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/example/code"
-	"github.com/tendermint/tendermint/abci/example/counter"
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	"github.com/tendermint/tendermint/abci/server"
 	servertest "github.com/tendermint/tendermint/abci/tests/server"
@@ -47,9 +46,6 @@ var (
 	flagHeight int
 	flagProve  bool
 
-	// counter
-	flagSerial bool
-
 	// kvstore
 	flagPersist string
 )
@@ -61,19 +57,14 @@ var RootCmd = &cobra.Command{
 	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
 
 		switch cmd.Use {
-		case "counter", "kvstore": // for the examples apps, don't pre-run
-			return nil
-		case "version": // skip running for version command
+		case "kvstore", "version":
 			return nil
 		}
 
 		if logger == nil {
-			allowLevel, err := log.AllowLevel(flagLogLevel)
-			if err != nil {
-				return err
-			}
-			logger = log.NewFilter(log.NewTMLogger(log.NewSyncWriter(os.Stdout)), allowLevel)
+			logger = log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 		}
+
 		if client == nil {
 			var err error
 			client, err = abcicli.NewClient(flagAddress, flagAbci, false)
@@ -138,10 +129,6 @@ func addQueryFlags() {
 		"whether or not to return a merkle proof of the query result")
 }
 
-func addCounterFlags() {
-	counterCmd.PersistentFlags().BoolVarP(&flagSerial, "serial", "", false, "enforce incrementing (serial) transactions")
-}
-
 func addKVStoreFlags() {
 	kvstoreCmd.PersistentFlags().StringVarP(&flagPersist, "persist", "", "", "directory to use for a database")
 }
@@ -160,8 +147,6 @@ func addCommands() {
 	RootCmd.AddCommand(queryCmd)
 
 	// examples
-	addCounterFlags()
-	RootCmd.AddCommand(counterCmd)
 	addKVStoreFlags()
 	RootCmd.AddCommand(kvstoreCmd)
 }
@@ -261,14 +246,6 @@ var queryCmd = &cobra.Command{
 	RunE:  cmdQuery,
 }
 
-var counterCmd = &cobra.Command{
-	Use:   "counter",
-	Short: "ABCI demo example",
-	Long:  "ABCI demo example",
-	Args:  cobra.ExactArgs(0),
-	RunE:  cmdCounter,
-}
-
 var kvstoreCmd = &cobra.Command{
 	Use:   "kvstore",
 	Short: "ABCI demo example",
@@ -596,34 +573,8 @@ func cmdQuery(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
-func cmdCounter(cmd *cobra.Command, args []string) error {
-	app := counter.NewApplication(flagSerial)
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
-
-	// Start the listener
-	srv, err := server.NewServer(flagAddress, flagAbci, app)
-	if err != nil {
-		return err
-	}
-	srv.SetLogger(logger.With("module", "abci-server"))
-	if err := srv.Start(); err != nil {
-		return err
-	}
-
-	// Stop upon receiving SIGTERM or CTRL-C.
-	tmos.TrapSignal(logger, func() {
-		// Cleanup
-		if err := srv.Stop(); err != nil {
-			logger.Error("Error while stopping server", "err", err)
-		}
-	})
-
-	// Run forever.
-	select {}
-}
-
 func cmdKVStore(cmd *cobra.Command, args []string) error {
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	logger := log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 
 	// Create the application - in memory or persisted to disk
 	var app types.Application

abci/example/counter/counter.go

@@ -1,86 +0,0 @@
-package counter
-
-import (
-	"encoding/binary"
-	"fmt"
-
-	"github.com/tendermint/tendermint/abci/example/code"
-	"github.com/tendermint/tendermint/abci/types"
-)
-
-type Application struct {
-	types.BaseApplication
-
-	hashCount int
-	txCount   int
-	serial    bool
-}
-
-func NewApplication(serial bool) *Application {
-	return &Application{serial: serial}
-}
-
-func (app *Application) Info(req types.RequestInfo) types.ResponseInfo {
-	return types.ResponseInfo{Data: fmt.Sprintf("{\"hashes\":%v,\"txs\":%v}", app.hashCount, app.txCount)}
-}
-
-func (app *Application) DeliverTx(req types.RequestDeliverTx) types.ResponseDeliverTx {
-	if app.serial {
-		if len(req.Tx) > 8 {
-			return types.ResponseDeliverTx{
-				Code: code.CodeTypeEncodingError,
-				Log:  fmt.Sprintf("Max tx size is 8 bytes, got %d", len(req.Tx))}
-		}
-		tx8 := make([]byte, 8)
-		copy(tx8[len(tx8)-len(req.Tx):], req.Tx)
-		txValue := binary.BigEndian.Uint64(tx8)
-		if txValue != uint64(app.txCount) {
-			return types.ResponseDeliverTx{
-				Code: code.CodeTypeBadNonce,
-				Log:  fmt.Sprintf("Invalid nonce. Expected %v, got %v", app.txCount, txValue)}
-		}
-	}
-	app.txCount++
-	return types.ResponseDeliverTx{Code: code.CodeTypeOK}
-}
-
-func (app *Application) CheckTx(req types.RequestCheckTx) types.ResponseCheckTx {
-	if app.serial {
-		if len(req.Tx) > 8 {
-			return types.ResponseCheckTx{
-				Code: code.CodeTypeEncodingError,
-				Log:  fmt.Sprintf("Max tx size is 8 bytes, got %d", len(req.Tx))}
-		}
-
-		tx8 := make([]byte, 8)
-		copy(tx8[len(tx8)-len(req.Tx):], req.Tx)
-		txValue := binary.BigEndian.Uint64(tx8)
-		if txValue < uint64(app.txCount) {
-			return types.ResponseCheckTx{
-				Code: code.CodeTypeBadNonce,
-				Log:  fmt.Sprintf("Invalid nonce. Expected >= %v, got %v", app.txCount, txValue)}
-		}
-	}
-	return types.ResponseCheckTx{Code: code.CodeTypeOK}
-}
-
-func (app *Application) Commit() (resp types.ResponseCommit) {
-	app.hashCount++
-	if app.txCount == 0 {
-		return types.ResponseCommit{}
-	}
-	hash := make([]byte, 8)
-	binary.BigEndian.PutUint64(hash, uint64(app.txCount))
-	return types.ResponseCommit{Data: hash}
-}
-
-func (app *Application) Query(reqQuery types.RequestQuery) types.ResponseQuery {
-	switch reqQuery.Path {
-	case "hash":
-		return types.ResponseQuery{Value: []byte(fmt.Sprintf("%v", app.hashCount))}
-	case "tx":
-		return types.ResponseQuery{Value: []byte(fmt.Sprintf("%v", app.txCount))}
-	default:
-		return types.ResponseQuery{Log: fmt.Sprintf("Invalid query path. Expected hash or tx, got %v", reqQuery.Path)}
-	}
-}

abci/example/kvstore/README.md

@@ -4,7 +4,7 @@ There are two app's here: the KVStoreApplication and the PersistentKVStoreApplic
 
 ## KVStoreApplication
 
-The KVStoreApplication is a simple merkle key-value store. 
+The KVStoreApplication is a simple merkle key-value store.
 Transactions of the form `key=value` are stored as key-value pairs in the tree.
 Transactions without an `=` sign set the value to the key.
 The app has no replay protection (other than what the mempool provides).
@@ -12,7 +12,7 @@ The app has no replay protection (other than what the mempool provides).
 ## PersistentKVStoreApplication
 
 The PersistentKVStoreApplication wraps the KVStoreApplication
-and provides two additional features:
+and provides three additional features:
 
 1) persistence of state across app restarts (using Tendermint's ABCI-Handshake mechanism)
 2) validator set changes
@@ -27,4 +27,4 @@ Validator set changes are effected using the following transaction format:
 
 where `pubkeyN` is a base64-encoded 32-byte ed25519 key and `powerN` is a new voting power for the validator with `pubkeyN` (possibly a new one).
 To remove a validator from the validator set, set power to `0`.
-There is no sybil protection against new validators joining. 
+There is no sybil protection against new validators joining.

abci/example/kvstore/kvstore.go

@@ -171,3 +171,9 @@ func (app *Application) Query(reqQuery types.RequestQuery) (resQuery types.Respo
 
 	return resQuery
 }
+
+func (app *Application) PrepareProposal(
+	req types.RequestPrepareProposal) types.ResponsePrepareProposal {
+	return types.ResponsePrepareProposal{
+		BlockData: req.BlockData}
+}

abci/example/kvstore/persistent_kvstore.go

@@ -14,6 +14,7 @@ import (
 	cryptoenc "github.com/tendermint/tendermint/crypto/encoding"
 	"github.com/tendermint/tendermint/libs/log"
 	pc "github.com/tendermint/tendermint/proto/tendermint/crypto"
+	ptypes "github.com/tendermint/tendermint/proto/tendermint/types"
 )
 
 const (
@@ -76,6 +77,10 @@ func (app *PersistentKVStoreApplication) DeliverTx(req types.RequestDeliverTx) t
 		return app.execValidatorTx(req.Tx)
 	}
 
+	if isPrepareTx(req.Tx) {
+		return app.execPrepareTx(req.Tx)
+	}
+
 	// otherwise, update the key-value store
 	return app.app.DeliverTx(req)
 }
@@ -170,6 +175,24 @@ func (app *PersistentKVStoreApplication) ApplySnapshotChunk(
 	return types.ResponseApplySnapshotChunk{Result: types.ResponseApplySnapshotChunk_ABORT}
 }
 
+func (app *PersistentKVStoreApplication) ExtendVote(
+	req types.RequestExtendVote) types.ResponseExtendVote {
+	return types.ResponseExtendVote{
+		VoteExtension: ConstructVoteExtension(req.Vote.ValidatorAddress),
+	}
+}
+
+func (app *PersistentKVStoreApplication) VerifyVoteExtension(
+	req types.RequestVerifyVoteExtension) types.ResponseVerifyVoteExtension {
+	return types.RespondVerifyVoteExtension(
+		app.verifyExtension(req.Vote.ValidatorAddress, req.Vote.VoteExtension))
+}
+
+func (app *PersistentKVStoreApplication) PrepareProposal(
+	req types.RequestPrepareProposal) types.ResponsePrepareProposal {
+	return types.ResponsePrepareProposal{BlockData: app.substPrepareTx(req.BlockData)}
+}
+
 //---------------------------------------------
 // update validators
 
@@ -284,3 +307,51 @@ func (app *PersistentKVStoreApplication) updateValidator(v types.ValidatorUpdate
 
 	return types.ResponseDeliverTx{Code: code.CodeTypeOK}
 }
+
+// -----------------------------
+
+const PreparePrefix = "prepare"
+
+func isPrepareTx(tx []byte) bool {
+	return strings.HasPrefix(string(tx), PreparePrefix)
+}
+
+// execPrepareTx is noop. tx data is considered as placeholder
+// and is substitute at the PrepareProposal.
+func (app *PersistentKVStoreApplication) execPrepareTx(tx []byte) types.ResponseDeliverTx {
+	// noop
+	return types.ResponseDeliverTx{}
+}
+
+// substPrepareTx subst all the preparetx in the blockdata
+// to null string(could be any arbitrary string).
+func (app *PersistentKVStoreApplication) substPrepareTx(blockData [][]byte) [][]byte {
+	for i, tx := range blockData {
+		if isPrepareTx(tx) {
+			blockData[i] = make([]byte, len(tx))
+		}
+	}
+
+	return blockData
+}
+
+func ConstructVoteExtension(valAddr []byte) *ptypes.VoteExtension {
+	return &ptypes.VoteExtension{
+		AppDataToSign:             valAddr,
+		AppDataSelfAuthenticating: valAddr,
+	}
+}
+
+func (app *PersistentKVStoreApplication) verifyExtension(valAddr []byte, ext *ptypes.VoteExtension) bool {
+	if ext == nil {
+		return false
+	}
+	canonical := ConstructVoteExtension(valAddr)
+	if !bytes.Equal(canonical.AppDataToSign, ext.AppDataToSign) {
+		return false
+	}
+	if !bytes.Equal(canonical.AppDataSelfAuthenticating, ext.AppDataSelfAuthenticating) {
+		return false
+	}
+	return true
+}

abci/server/socket_server.go

@@ -227,12 +227,21 @@ func (s *SocketServer) handleRequest(req *types.Request, responses chan<- *types
 	case *types.Request_OfferSnapshot:
 		res := s.app.OfferSnapshot(*r.OfferSnapshot)
 		responses <- types.ToResponseOfferSnapshot(res)
+	case *types.Request_PrepareProposal:
+		res := s.app.PrepareProposal(*r.PrepareProposal)
+		responses <- types.ToResponsePrepareProposal(res)
 	case *types.Request_LoadSnapshotChunk:
 		res := s.app.LoadSnapshotChunk(*r.LoadSnapshotChunk)
 		responses <- types.ToResponseLoadSnapshotChunk(res)
 	case *types.Request_ApplySnapshotChunk:
 		res := s.app.ApplySnapshotChunk(*r.ApplySnapshotChunk)
 		responses <- types.ToResponseApplySnapshotChunk(res)
+	case *types.Request_ExtendVote:
+		res := s.app.ExtendVote(*r.ExtendVote)
+		responses <- types.ToResponseExtendVote(res)
+	case *types.Request_VerifyVoteExtension:
+		res := s.app.VerifyVoteExtension(*r.VerifyVoteExtension)
+		responses <- types.ToResponseVerifyVoteExtension(res)
 	default:
 		responses <- types.ToResponseException("Unknown request")
 	}

abci/tests/test_app/app.go

@@ -1,56 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"os"
-
-	abcicli "github.com/tendermint/tendermint/abci/client"
-	"github.com/tendermint/tendermint/abci/types"
-	"github.com/tendermint/tendermint/libs/log"
-)
-
-var ctx = context.Background()
-
-func startClient(abciType string) abcicli.Client {
-	// Start client
-	client, err := abcicli.NewClient("tcp://127.0.0.1:26658", abciType, true)
-	if err != nil {
-		panic(err.Error())
-	}
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
-	client.SetLogger(logger.With("module", "abcicli"))
-	if err := client.Start(); err != nil {
-		panicf("connecting to abci_app: %v", err.Error())
-	}
-
-	return client
-}
-
-func commit(client abcicli.Client, hashExp []byte) {
-	res, err := client.CommitSync(ctx)
-	if err != nil {
-		panicf("client error: %v", err)
-	}
-	if !bytes.Equal(res.Data, hashExp) {
-		panicf("Commit hash was unexpected. Got %X expected %X", res.Data, hashExp)
-	}
-}
-
-func deliverTx(client abcicli.Client, txBytes []byte, codeExp uint32, dataExp []byte) {
-	res, err := client.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: txBytes})
-	if err != nil {
-		panicf("client error: %v", err)
-	}
-	if res.Code != codeExp {
-		panicf("DeliverTx response code was unexpected. Got %v expected %v. Log: %v", res.Code, codeExp, res.Log)
-	}
-	if !bytes.Equal(res.Data, dataExp) {
-		panicf("DeliverTx response data was unexpected. Got %X expected %X", res.Data, dataExp)
-	}
-}
-
-func panicf(format string, a ...interface{}) {
-	panic(fmt.Sprintf(format, a...))
-}

abci/tests/test_app/main.go

@@ -1,93 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"log"
-	"os"
-	"os/exec"
-	"time"
-
-	"github.com/tendermint/tendermint/abci/types"
-)
-
-var abciType string
-
-func init() {
-	abciType = os.Getenv("ABCI")
-	if abciType == "" {
-		abciType = "socket"
-	}
-}
-
-func main() {
-	testCounter()
-}
-
-const (
-	maxABCIConnectTries = 10
-)
-
-func ensureABCIIsUp(typ string, n int) error {
-	var err error
-	cmdString := "abci-cli echo hello"
-	if typ == "grpc" {
-		cmdString = "abci-cli --abci grpc echo hello"
-	}
-
-	for i := 0; i < n; i++ {
-		cmd := exec.Command("bash", "-c", cmdString)
-		_, err = cmd.CombinedOutput()
-		if err == nil {
-			break
-		}
-		time.Sleep(500 * time.Millisecond)
-	}
-	return err
-}
-
-func testCounter() {
-	abciApp := os.Getenv("ABCI_APP")
-	if abciApp == "" {
-		panic("No ABCI_APP specified")
-	}
-
-	fmt.Printf("Running %s test with abci=%s\n", abciApp, abciType)
-	subCommand := fmt.Sprintf("abci-cli %s", abciApp)
-	cmd := exec.Command("bash", "-c", subCommand)
-	cmd.Stdout = os.Stdout
-	if err := cmd.Start(); err != nil {
-		log.Fatalf("starting %q err: %v", abciApp, err)
-	}
-	defer func() {
-		if err := cmd.Process.Kill(); err != nil {
-			log.Printf("error on process kill: %v", err)
-		}
-		if err := cmd.Wait(); err != nil {
-			log.Printf("error while waiting for cmd to exit: %v", err)
-		}
-	}()
-
-	if err := ensureABCIIsUp(abciType, maxABCIConnectTries); err != nil {
-		log.Fatalf("echo failed: %v", err) //nolint:gocritic
-	}
-
-	client := startClient(abciType)
-	defer func() {
-		if err := client.Stop(); err != nil {
-			log.Printf("error trying client stop: %v", err)
-		}
-	}()
-
-	// commit(client, nil)
-	// deliverTx(client, []byte("abc"), code.CodeTypeBadNonce, nil)
-	commit(client, nil)
-	deliverTx(client, []byte{0x00}, types.CodeTypeOK, nil)
-	commit(client, []byte{0, 0, 0, 0, 0, 0, 0, 1})
-	// deliverTx(client, []byte{0x00}, code.CodeTypeBadNonce, nil)
-	deliverTx(client, []byte{0x01}, types.CodeTypeOK, nil)
-	deliverTx(client, []byte{0x00, 0x02}, types.CodeTypeOK, nil)
-	deliverTx(client, []byte{0x00, 0x03}, types.CodeTypeOK, nil)
-	deliverTx(client, []byte{0x00, 0x00, 0x04}, types.CodeTypeOK, nil)
-	// deliverTx(client, []byte{0x00, 0x00, 0x06}, code.CodeTypeBadNonce, nil)
-	commit(client, []byte{0, 0, 0, 0, 0, 0, 0, 5})
-}

abci/tests/test_app/test.sh

@@ -1,28 +0,0 @@
-#! /bin/bash
-set -e
-
-# These tests spawn the counter app and server by execing the ABCI_APP command and run some simple client tests against it
-
-# Get the directory of where this script is.
-export PATH="$GOBIN:$PATH"
-SOURCE="${BASH_SOURCE[0]}"
-while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done
-DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-
-# Change into that dir because we expect that.
-cd "$DIR"
-
-echo "RUN COUNTER OVER SOCKET"
-# test golang counter
-ABCI_APP="counter" go run -mod=readonly ./*.go
-echo "----------------------"
-
-
-echo "RUN COUNTER OVER GRPC"
-# test golang counter via grpc
-ABCI_APP="counter --abci=grpc" ABCI="grpc" go run -mod=readonly ./*.go
-echo "----------------------"
-
-# test nodejs counter
-# TODO: fix node app
-#ABCI_APP="node $GOPATH/src/github.com/tendermint/js-abci/example/app.js" go test -test.run TestCounter

abci/tests/test_cli/test.sh

@@ -37,7 +37,6 @@ function testExample() {
 }
 
 testExample 1 tests/test_cli/ex1.abci abci-cli kvstore
-testExample 2 tests/test_cli/ex2.abci abci-cli counter
 
 echo ""
 echo "PASS"

abci/types/application.go

@@ -17,11 +17,20 @@ type Application interface {
 	CheckTx(RequestCheckTx) ResponseCheckTx // Validate a tx for the mempool
 
 	// Consensus Connection
-	InitChain(RequestInitChain) ResponseInitChain    // Initialize blockchain w validators/other info from TendermintCore
-	BeginBlock(RequestBeginBlock) ResponseBeginBlock // Signals the beginning of a block
-	DeliverTx(RequestDeliverTx) ResponseDeliverTx    // Deliver a tx for full processing
-	EndBlock(RequestEndBlock) ResponseEndBlock       // Signals the end of a block, returns changes to the validator set
-	Commit() ResponseCommit                          // Commit the state and return the application Merkle root hash
+	InitChain(RequestInitChain) ResponseInitChain // Initialize blockchain w validators/other info from TendermintCore
+	PrepareProposal(RequestPrepareProposal) ResponsePrepareProposal
+	// Signals the beginning of a block
+	BeginBlock(RequestBeginBlock) ResponseBeginBlock
+	// Deliver a tx for full processing
+	DeliverTx(RequestDeliverTx) ResponseDeliverTx
+	// Signals the end of a block, returns changes to the validator set
+	EndBlock(RequestEndBlock) ResponseEndBlock
+	// Commit the state and return the application Merkle root hash
+	Commit() ResponseCommit
+	// Create application specific vote extension
+	ExtendVote(RequestExtendVote) ResponseExtendVote
+	// Verify application's vote extension data
+	VerifyVoteExtension(RequestVerifyVoteExtension) ResponseVerifyVoteExtension
 
 	// State Sync Connection
 	ListSnapshots(RequestListSnapshots) ResponseListSnapshots                // List available snapshots
@@ -58,6 +67,14 @@ func (BaseApplication) Commit() ResponseCommit {
 	return ResponseCommit{}
 }
 
+func (BaseApplication) ExtendVote(req RequestExtendVote) ResponseExtendVote {
+	return ResponseExtendVote{}
+}
+
+func (BaseApplication) VerifyVoteExtension(req RequestVerifyVoteExtension) ResponseVerifyVoteExtension {
+	return ResponseVerifyVoteExtension{}
+}
+
 func (BaseApplication) Query(req RequestQuery) ResponseQuery {
 	return ResponseQuery{Code: CodeTypeOK}
 }
@@ -90,6 +107,10 @@ func (BaseApplication) ApplySnapshotChunk(req RequestApplySnapshotChunk) Respons
 	return ResponseApplySnapshotChunk{}
 }
 
+func (BaseApplication) PrepareProposal(req RequestPrepareProposal) ResponsePrepareProposal {
+	return ResponsePrepareProposal{}
+}
+
 //-------------------------------------------------------
 
 // GRPCApplication is a GRPC wrapper for Application
@@ -172,3 +193,21 @@ func (app *GRPCApplication) ApplySnapshotChunk(
 	res := app.app.ApplySnapshotChunk(*req)
 	return &res, nil
 }
+
+func (app *GRPCApplication) ExtendVote(
+	ctx context.Context, req *RequestExtendVote) (*ResponseExtendVote, error) {
+	res := app.app.ExtendVote(*req)
+	return &res, nil
+}
+
+func (app *GRPCApplication) VerifyVoteExtension(
+	ctx context.Context, req *RequestVerifyVoteExtension) (*ResponseVerifyVoteExtension, error) {
+	res := app.app.VerifyVoteExtension(*req)
+	return &res, nil
+}
+
+func (app *GRPCApplication) PrepareProposal(
+	ctx context.Context, req *RequestPrepareProposal) (*ResponsePrepareProposal, error) {
+	res := app.app.PrepareProposal(*req)
+	return &res, nil
+}

abci/types/messages.go

@@ -15,11 +15,7 @@ const (
 func WriteMessage(msg proto.Message, w io.Writer) error {
 	protoWriter := protoio.NewDelimitedWriter(w)
 	_, err := protoWriter.WriteMsg(msg)
-	if err != nil {
-		return err
-	}
-
-	return nil
+	return err
 }
 
 // ReadMessage reads a varint length-delimited protobuf message.
@@ -114,6 +110,24 @@ func ToRequestApplySnapshotChunk(req RequestApplySnapshotChunk) *Request {
 	}
 }
 
+func ToRequestExtendVote(req RequestExtendVote) *Request {
+	return &Request{
+		Value: &Request_ExtendVote{&req},
+	}
+}
+
+func ToRequestVerifyVoteExtension(req RequestVerifyVoteExtension) *Request {
+	return &Request{
+		Value: &Request_VerifyVoteExtension{&req},
+	}
+}
+
+func ToRequestPrepareProposal(req RequestPrepareProposal) *Request {
+	return &Request{
+		Value: &Request_PrepareProposal{&req},
+	}
+}
+
 //----------------------------------------
 
 func ToResponseException(errStr string) *Response {
@@ -204,3 +218,21 @@ func ToResponseApplySnapshotChunk(res ResponseApplySnapshotChunk) *Response {
 		Value: &Response_ApplySnapshotChunk{&res},
 	}
 }
+
+func ToResponseExtendVote(res ResponseExtendVote) *Response {
+	return &Response{
+		Value: &Response_ExtendVote{&res},
+	}
+}
+
+func ToResponseVerifyVoteExtension(res ResponseVerifyVoteExtension) *Response {
+	return &Response{
+		Value: &Response_VerifyVoteExtension{&res},
+	}
+}
+
+func ToResponsePrepareProposal(res ResponsePrepareProposal) *Response {
+	return &Response{
+		Value: &Response_PrepareProposal{&res},
+	}
+}

abci/types/result.go

@@ -5,6 +5,8 @@ import (
 	"encoding/json"
 
 	"github.com/gogo/protobuf/jsonpb"
+
+	types "github.com/tendermint/tendermint/proto/tendermint/types"
 )
 
 const (
@@ -41,6 +43,16 @@ func (r ResponseQuery) IsErr() bool {
 	return r.Code != CodeTypeOK
 }
 
+// IsOK returns true if Code is OK
+func (r ResponseVerifyVoteExtension) IsOK() bool {
+	return r.Result <= ResponseVerifyVoteExtension_ACCEPT
+}
+
+// IsErr returns true if Code is something other than OK.
+func (r ResponseVerifyVoteExtension) IsErr() bool {
+	return r.Result > ResponseVerifyVoteExtension_ACCEPT
+}
+
 //---------------------------------------------------------------------------
 // override JSON marshaling so we emit defaults (ie. disable omitempty)
 
@@ -118,3 +130,25 @@ var _ jsonRoundTripper = (*ResponseDeliverTx)(nil)
 var _ jsonRoundTripper = (*ResponseCheckTx)(nil)
 
 var _ jsonRoundTripper = (*EventAttribute)(nil)
+
+// -----------------------------------------------
+// construct Result data
+
+func RespondExtendVote(appDataToSign, appDataSelfAuthenticating []byte) ResponseExtendVote {
+	return ResponseExtendVote{
+		VoteExtension: &types.VoteExtension{
+			AppDataToSign:             appDataToSign,
+			AppDataSelfAuthenticating: appDataSelfAuthenticating,
+		},
+	}
+}
+
+func RespondVerifyVoteExtension(ok bool) ResponseVerifyVoteExtension {
+	result := ResponseVerifyVoteExtension_REJECT
+	if ok {
+		result = ResponseVerifyVoteExtension_ACCEPT
+	}
+	return ResponseVerifyVoteExtension{
+		Result: result,
+	}
+}

blockchain/doc.go

@@ -1,17 +0,0 @@
-/*
-Package blockchain provides two implementations of the fast-sync protocol.
-
-- v0 was the very first implementation. it's battle tested, but does not have a
-lot of test coverage.
-- v2 is the newest implementation, with a focus on testability and readability.
-
-Check out ADR-40 for the formal model and requirements.
-
-# Termination criteria
-
-1. the maximum peer height is reached
-2. termination timeout is triggered, which is set if the peer set is empty or
-there are no pending requests.
-
-*/
-package blockchain

blockchain/v0/test_util.go

@@ -1,18 +0,0 @@
-package v0
-
-import (
-	sm "github.com/tendermint/tendermint/state"
-	"github.com/tendermint/tendermint/types"
-)
-
-func makeTxs(height int64) (txs []types.Tx) {
-	for i := 0; i < 10; i++ {
-		txs = append(txs, types.Tx([]byte{byte(height), byte(i)}))
-	}
-	return txs
-}
-
-func makeBlock(height int64, state sm.State, lastCommit *types.Commit) *types.Block {
-	block, _ := state.MakeBlock(height, makeTxs(height), lastCommit, nil, state.Validators.GetProposer().Address)
-	return block
-}

cmd/priv_val_server/main.go

@@ -46,9 +46,8 @@ func main() {
 		rootCA           = flag.String("rootcafile", "", "absolute path to root CA")
 		prometheusAddr   = flag.String("prometheus-addr", "", "address for prometheus endpoint (host:port)")
 
-		logger = log.NewTMLogger(
-			log.NewSyncWriter(os.Stdout),
-		).With("module", "priv_val")
+		logger = log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false).
+			With("module", "priv_val")
 	)
 	flag.Parse()
 

cmd/tendermint/commands/debug/debug.go

@@ -1,8 +1,6 @@
 package debug
 
 import (
-	"os"
-
 	"github.com/spf13/cobra"
 
 	"github.com/tendermint/tendermint/libs/log"
@@ -17,7 +15,7 @@ var (
 	flagProfAddr    = "pprof-laddr"
 	flagFrequency   = "frequency"
 
-	logger = log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	logger = log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 )
 
 // DebugCmd defines the root command containing subcommands that assist in

cmd/tendermint/commands/gen_node_key.go

@@ -6,21 +6,19 @@ import (
 	"github.com/spf13/cobra"
 
 	tmjson "github.com/tendermint/tendermint/libs/json"
-	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/types"
 )
 
 // GenNodeKeyCmd allows the generation of a node key. It prints JSON-encoded
 // NodeKey to the standard output.
 var GenNodeKeyCmd = &cobra.Command{
-	Use:     "gen-node-key",
-	Aliases: []string{"gen_node_key"},
-	Short:   "Generate a new node key",
-	RunE:    genNodeKey,
-	PreRun:  deprecateSnakeCase,
+	Use:   "gen-node-key",
+	Short: "Generate a new node key",
+	RunE:  genNodeKey,
 }
 
 func genNodeKey(cmd *cobra.Command, args []string) error {
-	nodeKey := p2p.GenNodeKey()
+	nodeKey := types.GenNodeKey()
 
 	bz, err := tmjson.Marshal(nodeKey)
 	if err != nil {

cmd/tendermint/commands/gen_validator.go

@@ -13,11 +13,9 @@ import (
 // GenValidatorCmd allows the generation of a keypair for a
 // validator.
 var GenValidatorCmd = &cobra.Command{
-	Use:     "gen-validator",
-	Aliases: []string{"gen_validator"},
-	Short:   "Generate new validator keypair",
-	RunE:    genValidator,
-	PreRun:  deprecateSnakeCase,
+	Use:   "gen-validator",
+	Short: "Generate new validator keypair",
+	RunE:  genValidator,
 }
 
 func init() {

cmd/tendermint/commands/init.go

@@ -10,10 +10,9 @@ import (
 	cfg "github.com/tendermint/tendermint/config"
 	tmos "github.com/tendermint/tendermint/libs/os"
 	tmrand "github.com/tendermint/tendermint/libs/rand"
-	"github.com/tendermint/tendermint/p2p"
+	tmtime "github.com/tendermint/tendermint/libs/time"
 	"github.com/tendermint/tendermint/privval"
 	"github.com/tendermint/tendermint/types"
-	tmtime "github.com/tendermint/tendermint/types/time"
 )
 
 // InitFilesCmd initializes a fresh Tendermint Core instance.
@@ -51,8 +50,8 @@ func initFilesWithConfig(config *cfg.Config) error {
 
 	if config.Mode == cfg.ModeValidator {
 		// private validator
-		privValKeyFile := config.PrivValidatorKeyFile()
-		privValStateFile := config.PrivValidatorStateFile()
+		privValKeyFile := config.PrivValidator.KeyFile()
+		privValStateFile := config.PrivValidator.StateFile()
 		if tmos.FileExists(privValKeyFile) {
 			pv, err = privval.LoadFilePV(privValKeyFile, privValStateFile)
 			if err != nil {
@@ -76,7 +75,7 @@ func initFilesWithConfig(config *cfg.Config) error {
 	if tmos.FileExists(nodeKeyFile) {
 		logger.Info("Found node key", "path", nodeKeyFile)
 	} else {
-		if _, err := p2p.LoadOrGenNodeKey(nodeKeyFile); err != nil {
+		if _, err := types.LoadOrGenNodeKey(nodeKeyFile); err != nil {
 			return err
 		}
 		logger.Info("Generated node key", "path", nodeKeyFile)

cmd/tendermint/commands/inspect.go

@@ -0,0 +1,87 @@
+package commands
+
+import (
+	"context"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/spf13/cobra"
+
+	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/inspect"
+	"github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/state/indexer/sink"
+	"github.com/tendermint/tendermint/store"
+	"github.com/tendermint/tendermint/types"
+)
+
+// InspectCmd is the command for starting an inspect server.
+var InspectCmd = &cobra.Command{
+	Use:   "inspect",
+	Short: "Run an inspect server for investigating Tendermint state",
+	Long: `
+	inspect runs a subset of Tendermint's RPC endpoints that are useful for debugging
+	issues with Tendermint.
+
+	When the Tendermint consensus engine detects inconsistent state, it will crash the
+	tendermint process. Tendermint will not start up while in this inconsistent state. 
+	The inspect command can be used to query the block and state store using Tendermint
+	RPC calls to debug issues of inconsistent state.
+	`,
+
+	RunE: runInspect,
+}
+
+func init() {
+	InspectCmd.Flags().
+		String("rpc.laddr",
+			config.RPC.ListenAddress, "RPC listenener address. Port required")
+	InspectCmd.Flags().
+		String("db-backend",
+			config.DBBackend, "database backend: goleveldb | cleveldb | boltdb | rocksdb | badgerdb")
+	InspectCmd.Flags().
+		String("db-dir", config.DBPath, "database directory")
+}
+
+func runInspect(cmd *cobra.Command, args []string) error {
+	ctx, cancel := context.WithCancel(cmd.Context())
+	defer cancel()
+
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, syscall.SIGTERM, syscall.SIGINT)
+	go func() {
+		<-c
+		cancel()
+	}()
+
+	blockStoreDB, err := cfg.DefaultDBProvider(&cfg.DBContext{ID: "blockstore", Config: config})
+	if err != nil {
+		return err
+	}
+	blockStore := store.NewBlockStore(blockStoreDB)
+	stateDB, err := cfg.DefaultDBProvider(&cfg.DBContext{ID: "state", Config: config})
+	if err != nil {
+		if err := blockStoreDB.Close(); err != nil {
+			logger.Error("error closing block store db", "error", err)
+		}
+		return err
+	}
+	genDoc, err := types.GenesisDocFromFile(config.GenesisFile())
+	if err != nil {
+		return err
+	}
+	sinks, err := sink.EventSinksFromConfig(config, cfg.DefaultDBProvider, genDoc.ChainID)
+	if err != nil {
+		return err
+	}
+	stateStore := state.NewStore(stateDB)
+
+	ins := inspect.New(config.RPC, blockStore, stateStore, sinks, logger)
+
+	logger.Info("starting inspect server")
+	if err := ins.Run(ctx); err != nil {
+		return err
+	}
+	return nil
+}

cmd/tendermint/commands/key_migrate.go

@@ -0,0 +1,64 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/scripts/keymigrate"
+)
+
+func MakeKeyMigrateCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "key-migrate",
+		Short: "Run Database key migration",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			ctx, cancel := context.WithCancel(cmd.Context())
+			defer cancel()
+
+			contexts := []string{
+				// this is ordered to put the
+				// (presumably) biggest/most important
+				// subsets first.
+				"blockstore",
+				"state",
+				"peerstore",
+				"tx_index",
+				"evidence",
+				"light",
+			}
+
+			for idx, dbctx := range contexts {
+				logger.Info("beginning a key migration",
+					"dbctx", dbctx,
+					"num", idx+1,
+					"total", len(contexts),
+				)
+
+				db, err := cfg.DefaultDBProvider(&cfg.DBContext{
+					ID:     dbctx,
+					Config: config,
+				})
+
+				if err != nil {
+					return fmt.Errorf("constructing database handle: %w", err)
+				}
+
+				if err = keymigrate.Migrate(ctx, db); err != nil {
+					return fmt.Errorf("running migration for context %q: %w",
+						dbctx, err)
+				}
+			}
+
+			logger.Info("completed database migration successfully")
+
+			return nil
+		},
+	}
+
+	// allow database info to be overridden via cli
+	addDBFlags(cmd)
+
+	return cmd
+}

cmd/tendermint/commands/light.go

@@ -66,7 +66,8 @@ var (
 	trustedHash    []byte
 	trustLevelStr  string
 
-	verbose bool
+	logLevel  string
+	logFormat string
 
 	primaryKey   = []byte("primary")
 	witnessesKey = []byte("witnesses")
@@ -90,7 +91,8 @@ func init() {
 		"trusting period that headers can be verified within. Should be significantly less than the unbonding period")
 	LightCmd.Flags().Int64Var(&trustedHeight, "height", 1, "Trusted header's height")
 	LightCmd.Flags().BytesHexVar(&trustedHash, "hash", []byte{}, "Trusted header's hash")
-	LightCmd.Flags().BoolVar(&verbose, "verbose", false, "Verbose output")
+	LightCmd.Flags().StringVar(&logLevel, "log-level", log.LogLevelInfo, "The logging level (debug|info|warn|error|fatal)")
+	LightCmd.Flags().StringVar(&logFormat, "log-format", log.LogFormatPlain, "The logging format (text|json)")
 	LightCmd.Flags().StringVar(&trustLevelStr, "trust-level", "1/3",
 		"trust level. Must be between 1/3 and 3/3",
 	)
@@ -100,15 +102,10 @@ func init() {
 }
 
 func runProxy(cmd *cobra.Command, args []string) error {
-	// Initialize logger.
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
-	var option log.Option
-	if verbose {
-		option, _ = log.AllowLevel("debug")
-	} else {
-		option, _ = log.AllowLevel("info")
+	logger, err := log.NewDefaultLogger(logFormat, logLevel, false)
+	if err != nil {
+		return err
 	}
-	logger = log.NewFilter(logger, option)
 
 	chainID = args[0]
 	logger.Info("Creating client...", "chainID", chainID)

cmd/tendermint/commands/probe_upnp.go

@@ -5,17 +5,15 @@ import (
 
 	"github.com/spf13/cobra"
 
+	"github.com/tendermint/tendermint/internal/p2p/upnp"
 	tmjson "github.com/tendermint/tendermint/libs/json"
-	"github.com/tendermint/tendermint/p2p/upnp"
 )
 
 // ProbeUpnpCmd adds capabilities to test the UPnP functionality.
 var ProbeUpnpCmd = &cobra.Command{
-	Use:     "probe-upnp",
-	Aliases: []string{"probe_upnp"},
-	Short:   "Test UPnP functionality",
-	RunE:    probeUpnp,
-	PreRun:  deprecateSnakeCase,
+	Use:   "probe-upnp",
+	Short: "Test UPnP functionality",
+	RunE:  probeUpnp,
 }
 
 func probeUpnp(cmd *cobra.Command, args []string) error {

cmd/tendermint/commands/reindex_event.go

@@ -0,0 +1,251 @@
+package commands
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/spf13/cobra"
+	tmdb "github.com/tendermint/tm-db"
+
+	abcitypes "github.com/tendermint/tendermint/abci/types"
+	tmcfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/internal/libs/progressbar"
+	ctypes "github.com/tendermint/tendermint/rpc/core/types"
+	"github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/state/indexer"
+	"github.com/tendermint/tendermint/state/indexer/sink/kv"
+	"github.com/tendermint/tendermint/state/indexer/sink/psql"
+	"github.com/tendermint/tendermint/store"
+	"github.com/tendermint/tendermint/types"
+)
+
+const (
+	reindexFailed = "event re-index failed: "
+)
+
+// ReIndexEventCmd allows re-index the event by given block height interval
+var ReIndexEventCmd = &cobra.Command{
+	Use:   "reindex-event",
+	Short: "reindex events to the event store backends",
+	Long: `
+	reindex-event is an offline tooling to re-index block and tx events to the eventsinks,
+	you can run this command when the event store backend dropped/disconnected or you want to replace the backend.
+	The default start-height is 0, meaning the tooling will start reindex from the base block height(inclusive); and the
+	default end-height is 0, meaning the tooling will reindex until the latest block height(inclusive). User can omits
+	either or both arguments.
+	`,
+	Example: `
+	tendermint reindex-event
+	tendermint reindex-event --start-height 2
+	tendermint reindex-event --end-height 10
+	tendermint reindex-event --start-height 2 --end-height 10
+	`,
+	Run: func(cmd *cobra.Command, args []string) {
+		bs, ss, err := loadStateAndBlockStore(config)
+		if err != nil {
+			fmt.Println(reindexFailed, err)
+			return
+		}
+
+		if err := checkValidHeight(bs); err != nil {
+			fmt.Println(reindexFailed, err)
+			return
+		}
+
+		es, err := loadEventSinks(config)
+		if err != nil {
+			fmt.Println(reindexFailed, err)
+			return
+		}
+
+		if err = eventReIndex(cmd, es, bs, ss); err != nil {
+			fmt.Println(reindexFailed, err)
+			return
+		}
+
+		fmt.Println("event re-index finished")
+	},
+}
+
+var (
+	startHeight int64
+	endHeight   int64
+)
+
+func init() {
+	ReIndexEventCmd.Flags().Int64Var(&startHeight, "start-height", 0, "the block height would like to start for re-index")
+	ReIndexEventCmd.Flags().Int64Var(&endHeight, "end-height", 0, "the block height would like to finish for re-index")
+}
+
+func loadEventSinks(cfg *tmcfg.Config) ([]indexer.EventSink, error) {
+	// Check duplicated sinks.
+	sinks := map[string]bool{}
+	for _, s := range cfg.TxIndex.Indexer {
+		sl := strings.ToLower(s)
+		if sinks[sl] {
+			return nil, errors.New("found duplicated sinks, please check the tx-index section in the config.toml")
+		}
+		sinks[sl] = true
+	}
+
+	eventSinks := []indexer.EventSink{}
+
+	for k := range sinks {
+		switch k {
+		case string(indexer.NULL):
+			return nil, errors.New("found null event sink, please check the tx-index section in the config.toml")
+		case string(indexer.KV):
+			store, err := tmcfg.DefaultDBProvider(&tmcfg.DBContext{ID: "tx_index", Config: cfg})
+			if err != nil {
+				return nil, err
+			}
+			eventSinks = append(eventSinks, kv.NewEventSink(store))
+		case string(indexer.PSQL):
+			conn := cfg.TxIndex.PsqlConn
+			if conn == "" {
+				return nil, errors.New("the psql connection settings cannot be empty")
+			}
+			es, err := psql.NewEventSink(conn, chainID)
+			if err != nil {
+				return nil, err
+			}
+			eventSinks = append(eventSinks, es)
+		default:
+			return nil, errors.New("unsupported event sink type")
+		}
+	}
+
+	if len(eventSinks) == 0 {
+		return nil, errors.New("no proper event sink can do event re-indexing," +
+			" please check the tx-index section in the config.toml")
+	}
+
+	if !indexer.IndexingEnabled(eventSinks) {
+		return nil, fmt.Errorf("no event sink has been enabled")
+	}
+
+	return eventSinks, nil
+}
+
+func loadStateAndBlockStore(cfg *tmcfg.Config) (*store.BlockStore, state.Store, error) {
+	dbType := tmdb.BackendType(cfg.DBBackend)
+
+	// Get BlockStore
+	blockStoreDB, err := tmdb.NewDB("blockstore", dbType, cfg.DBDir())
+	if err != nil {
+		return nil, nil, err
+	}
+	blockStore := store.NewBlockStore(blockStoreDB)
+
+	// Get StateStore
+	stateDB, err := tmdb.NewDB("state", dbType, cfg.DBDir())
+	if err != nil {
+		return nil, nil, err
+	}
+	stateStore := state.NewStore(stateDB)
+
+	return blockStore, stateStore, nil
+}
+
+func eventReIndex(cmd *cobra.Command, es []indexer.EventSink, bs state.BlockStore, ss state.Store) error {
+
+	var bar progressbar.Bar
+	bar.NewOption(startHeight-1, endHeight)
+
+	fmt.Println("start re-indexing events:")
+	defer bar.Finish()
+	for i := startHeight; i <= endHeight; i++ {
+		select {
+		case <-cmd.Context().Done():
+			return fmt.Errorf("event re-index terminated at height %d: %w", i, cmd.Context().Err())
+		default:
+			b := bs.LoadBlock(i)
+			if b == nil {
+				return fmt.Errorf("not able to load block at height %d from the blockstore", i)
+			}
+
+			r, err := ss.LoadABCIResponses(i)
+			if err != nil {
+				return fmt.Errorf("not able to load ABCI Response at height %d from the statestore", i)
+			}
+
+			e := types.EventDataNewBlockHeader{
+				Header:           b.Header,
+				NumTxs:           int64(len(b.Txs)),
+				ResultBeginBlock: *r.BeginBlock,
+				ResultEndBlock:   *r.EndBlock,
+			}
+
+			var batch *indexer.Batch
+			if e.NumTxs > 0 {
+				batch = indexer.NewBatch(e.NumTxs)
+
+				for i, tx := range b.Data.Txs {
+					tr := abcitypes.TxResult{
+						Height: b.Height,
+						Index:  uint32(i),
+						Tx:     tx,
+						Result: *(r.DeliverTxs[i]),
+					}
+
+					_ = batch.Add(&tr)
+				}
+			}
+
+			for _, sink := range es {
+				if err := sink.IndexBlockEvents(e); err != nil {
+					return fmt.Errorf("block event re-index at height %d failed: %w", i, err)
+				}
+
+				if batch != nil {
+					if err := sink.IndexTxEvents(batch.Ops); err != nil {
+						return fmt.Errorf("tx event re-index at height %d failed: %w", i, err)
+					}
+				}
+			}
+		}
+
+		bar.Play(i)
+	}
+
+	return nil
+}
+
+func checkValidHeight(bs state.BlockStore) error {
+	base := bs.Base()
+
+	if startHeight == 0 {
+		startHeight = base
+		fmt.Printf("set the start block height to the base height of the blockstore %d \n", base)
+	}
+
+	if startHeight < base {
+		return fmt.Errorf("%s (requested start height: %d, base height: %d)", ctypes.ErrHeightNotAvailable, startHeight, base)
+	}
+
+	height := bs.Height()
+
+	if startHeight > height {
+		return fmt.Errorf(
+			"%s (requested start height: %d, store height: %d)", ctypes.ErrHeightNotAvailable, startHeight, height)
+	}
+
+	if endHeight == 0 || endHeight > height {
+		endHeight = height
+		fmt.Printf("set the end block height to the latest height of the blockstore %d \n", height)
+	}
+
+	if endHeight < base {
+		return fmt.Errorf(
+			"%s (requested end height: %d, base height: %d)", ctypes.ErrHeightNotAvailable, endHeight, base)
+	}
+
+	if endHeight < startHeight {
+		return fmt.Errorf(
+			"%s (requested the end height: %d is less than the start height: %d)",
+			ctypes.ErrInvalidRequest, startHeight, endHeight)
+	}
+
+	return nil
+}

cmd/tendermint/commands/reindex_event_test.go

@@ -0,0 +1,171 @@
+package commands
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+
+	abcitypes "github.com/tendermint/tendermint/abci/types"
+	tmcfg "github.com/tendermint/tendermint/config"
+	prototmstate "github.com/tendermint/tendermint/proto/tendermint/state"
+	"github.com/tendermint/tendermint/state/indexer"
+	"github.com/tendermint/tendermint/state/mocks"
+	"github.com/tendermint/tendermint/types"
+)
+
+const (
+	height int64 = 10
+	base   int64 = 2
+)
+
+func setupReIndexEventCmd() *cobra.Command {
+	reIndexEventCmd := &cobra.Command{
+		Use: ReIndexEventCmd.Use,
+		Run: func(cmd *cobra.Command, args []string) {},
+	}
+
+	_ = reIndexEventCmd.ExecuteContext(context.Background())
+
+	return reIndexEventCmd
+}
+
+func TestReIndexEventCheckHeight(t *testing.T) {
+	mockBlockStore := &mocks.BlockStore{}
+	mockBlockStore.
+		On("Base").Return(base).
+		On("Height").Return(height)
+
+	testCases := []struct {
+		startHeight int64
+		endHeight   int64
+		validHeight bool
+	}{
+		{0, 0, true},
+		{0, base, true},
+		{0, base - 1, false},
+		{0, height, true},
+		{0, height + 1, true},
+		{0, 0, true},
+		{base - 1, 0, false},
+		{base, 0, true},
+		{base, base, true},
+		{base, base - 1, false},
+		{base, height, true},
+		{base, height + 1, true},
+		{height, 0, true},
+		{height, base, false},
+		{height, height - 1, false},
+		{height, height, true},
+		{height, height + 1, true},
+		{height + 1, 0, false},
+	}
+
+	for _, tc := range testCases {
+		startHeight = tc.startHeight
+		endHeight = tc.endHeight
+
+		err := checkValidHeight(mockBlockStore)
+		if tc.validHeight {
+			require.NoError(t, err)
+		} else {
+			require.Error(t, err)
+		}
+	}
+}
+
+func TestLoadEventSink(t *testing.T) {
+	testCases := []struct {
+		sinks   []string
+		connURL string
+		loadErr bool
+	}{
+		{[]string{}, "", true},
+		{[]string{"NULL"}, "", true},
+		{[]string{"KV"}, "", false},
+		{[]string{"KV", "KV"}, "", true},
+		{[]string{"PSQL"}, "", true},         // true because empty connect url
+		{[]string{"PSQL"}, "wrongUrl", true}, // true because wrong connect url
+		// skip to test PSQL connect with correct url
+		{[]string{"UnsupportedSinkType"}, "wrongUrl", true},
+	}
+
+	for _, tc := range testCases {
+		cfg := tmcfg.TestConfig()
+		cfg.TxIndex.Indexer = tc.sinks
+		cfg.TxIndex.PsqlConn = tc.connURL
+		_, err := loadEventSinks(cfg)
+		if tc.loadErr {
+			require.Error(t, err)
+		} else {
+			require.NoError(t, err)
+		}
+	}
+}
+
+func TestLoadBlockStore(t *testing.T) {
+	bs, ss, err := loadStateAndBlockStore(tmcfg.TestConfig())
+	require.NoError(t, err)
+	require.NotNil(t, bs)
+	require.NotNil(t, ss)
+
+}
+func TestReIndexEvent(t *testing.T) {
+	mockBlockStore := &mocks.BlockStore{}
+	mockStateStore := &mocks.Store{}
+	mockEventSink := &mocks.EventSink{}
+
+	mockBlockStore.
+		On("Base").Return(base).
+		On("Height").Return(height).
+		On("LoadBlock", base).Return(nil).Once().
+		On("LoadBlock", base).Return(&types.Block{Data: types.Data{Txs: types.Txs{make(types.Tx, 1)}}}).
+		On("LoadBlock", height).Return(&types.Block{Data: types.Data{Txs: types.Txs{make(types.Tx, 1)}}})
+
+	mockEventSink.
+		On("Type").Return(indexer.KV).
+		On("IndexBlockEvents", mock.AnythingOfType("types.EventDataNewBlockHeader")).Return(errors.New("")).Once().
+		On("IndexBlockEvents", mock.AnythingOfType("types.EventDataNewBlockHeader")).Return(nil).
+		On("IndexTxEvents", mock.AnythingOfType("[]*types.TxResult")).Return(errors.New("")).Once().
+		On("IndexTxEvents", mock.AnythingOfType("[]*types.TxResult")).Return(nil)
+
+	dtx := abcitypes.ResponseDeliverTx{}
+	abciResp := &prototmstate.ABCIResponses{
+		DeliverTxs: []*abcitypes.ResponseDeliverTx{&dtx},
+		EndBlock:   &abcitypes.ResponseEndBlock{},
+		BeginBlock: &abcitypes.ResponseBeginBlock{},
+	}
+
+	mockStateStore.
+		On("LoadABCIResponses", base).Return(nil, errors.New("")).Once().
+		On("LoadABCIResponses", base).Return(abciResp, nil).
+		On("LoadABCIResponses", height).Return(abciResp, nil)
+
+	testCases := []struct {
+		startHeight int64
+		endHeight   int64
+		reIndexErr  bool
+	}{
+		{base, height, true}, // LoadBlock error
+		{base, height, true}, // LoadABCIResponses error
+		{base, height, true}, // index block event error
+		{base, height, true}, // index tx event error
+		{base, base, false},
+		{height, height, false},
+	}
+
+	for _, tc := range testCases {
+		startHeight = tc.startHeight
+		endHeight = tc.endHeight
+
+		err := eventReIndex(setupReIndexEventCmd(), []indexer.EventSink{mockEventSink}, mockBlockStore, mockStateStore)
+		if tc.reIndexErr {
+			require.Error(t, err)
+		} else {
+			require.NoError(t, err)
+		}
+	}
+}

cmd/tendermint/commands/replay.go

@@ -2,8 +2,7 @@ package commands
 
 import (
 	"github.com/spf13/cobra"
-
-	"github.com/tendermint/tendermint/consensus"
+	"github.com/tendermint/tendermint/internal/consensus"
 )
 
 // ReplayCmd allows replaying of messages from the WAL.
@@ -18,11 +17,9 @@ var ReplayCmd = &cobra.Command{
 // ReplayConsoleCmd allows replaying of messages from the WAL in a
 // console.
 var ReplayConsoleCmd = &cobra.Command{
-	Use:     "replay-console",
-	Aliases: []string{"replay_console"},
-	Short:   "Replay messages from WAL in a console",
+	Use:   "replay-console",
+	Short: "Replay messages from WAL in a console",
 	Run: func(cmd *cobra.Command, args []string) {
 		consensus.RunReplayFile(config.BaseConfig, config.Consensus, true)
 	},
-	PreRun: deprecateSnakeCase,
 }

cmd/tendermint/commands/reset_priv_validator.go

@@ -14,11 +14,9 @@ import (
 // ResetAllCmd removes the database of this Tendermint core
 // instance.
 var ResetAllCmd = &cobra.Command{
-	Use:     "unsafe-reset-all",
-	Aliases: []string{"unsafe_reset_all"},
-	Short:   "(unsafe) Remove all the data and WAL, reset this node's validator to genesis state",
-	RunE:    resetAll,
-	PreRun:  deprecateSnakeCase,
+	Use:   "unsafe-reset-all",
+	Short: "(unsafe) Remove all the data and WAL, reset this node's validator to genesis state",
+	RunE:  resetAll,
 }
 
 var keepAddrBook bool
@@ -31,24 +29,22 @@ func init() {
 
 // ResetPrivValidatorCmd resets the private validator files.
 var ResetPrivValidatorCmd = &cobra.Command{
-	Use:     "unsafe-reset-priv-validator",
-	Aliases: []string{"unsafe_reset_priv_validator"},
-	Short:   "(unsafe) Reset this node's validator to genesis state",
-	RunE:    resetPrivValidator,
-	PreRun:  deprecateSnakeCase,
+	Use:   "unsafe-reset-priv-validator",
+	Short: "(unsafe) Reset this node's validator to genesis state",
+	RunE:  resetPrivValidator,
 }
 
 // XXX: this is totally unsafe.
 // it's only suitable for testnets.
 func resetAll(cmd *cobra.Command, args []string) error {
-	return ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidatorKeyFile(),
-		config.PrivValidatorStateFile(), logger)
+	return ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidator.KeyFile(),
+		config.PrivValidator.StateFile(), logger)
 }
 
 // XXX: this is totally unsafe.
 // it's only suitable for testnets.
 func resetPrivValidator(cmd *cobra.Command, args []string) error {
-	return resetFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile(), logger)
+	return resetFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile(), logger)
 }
 
 // ResetAll removes address book files plus all data, and resets the privValdiator data.

cmd/tendermint/commands/root.go

@@ -2,22 +2,18 @@ package commands
 
 import (
 	"fmt"
-	"os"
-	"strings"
 	"time"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 
 	cfg "github.com/tendermint/tendermint/config"
-	"github.com/tendermint/tendermint/libs/cli"
-	tmflags "github.com/tendermint/tendermint/libs/cli/flags"
 	"github.com/tendermint/tendermint/libs/log"
 )
 
 var (
 	config     = cfg.DefaultConfig()
-	logger     = log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	logger     = log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 	ctxTimeout = 4 * time.Second
 )
 
@@ -59,27 +55,12 @@ var RootCmd = &cobra.Command{
 			return err
 		}
 
-		if config.LogFormat == cfg.LogFormatJSON {
-			logger = log.NewTMJSONLogger(log.NewSyncWriter(os.Stdout))
-		}
-
-		logger, err = tmflags.ParseLogLevel(config.LogLevel, logger, cfg.DefaultLogLevel)
+		logger, err = log.NewDefaultLogger(config.LogFormat, config.LogLevel, false)
 		if err != nil {
 			return err
 		}
 
-		if viper.GetBool(cli.TraceFlag) {
-			logger = log.NewTracingLogger(logger)
-		}
-
 		logger = logger.With("module", "main")
 		return nil
 	},
 }
-
-// deprecateSnakeCase is a util function for 0.34.1. Should be removed in 0.35
-func deprecateSnakeCase(cmd *cobra.Command, args []string) {
-	if strings.Contains(cmd.CalledAs(), "_") {
-		fmt.Println("Deprecated: snake_case commands will be replaced by hyphen-case commands in the next major release")
-	}
-}

cmd/tendermint/commands/root_test.go

@@ -18,10 +18,6 @@ import (
 	tmos "github.com/tendermint/tendermint/libs/os"
 )
 
-var (
-	defaultRoot = os.ExpandEnv("$HOME/.some/test/dir")
-)
-
 // clearConfig clears env vars, the given root dir, and resets viper.
 func clearConfig(dir string) {
 	if err := os.Unsetenv("TMHOME"); err != nil {
@@ -52,10 +48,10 @@ func testRootCmd() *cobra.Command {
 }
 
 func testSetup(rootDir string, args []string, env map[string]string) error {
-	clearConfig(defaultRoot)
+	clearConfig(rootDir)
 
 	rootCmd := testRootCmd()
-	cmd := cli.PrepareBaseCmd(rootCmd, "TM", defaultRoot)
+	cmd := cli.PrepareBaseCmd(rootCmd, "TM", rootDir)
 
 	// run with the args and env
 	args = append([]string{rootCmd.Use}, args...)
@@ -63,6 +59,7 @@ func testSetup(rootDir string, args []string, env map[string]string) error {
 }
 
 func TestRootHome(t *testing.T) {
+	defaultRoot := t.TempDir()
 	newRoot := filepath.Join(defaultRoot, "something-else")
 	cases := []struct {
 		args []string
@@ -105,6 +102,7 @@ func TestRootFlagsEnv(t *testing.T) {
 		{nil, map[string]string{"TM_LOG_LEVEL": "debug"}, "debug"},       // right env
 	}
 
+	defaultRoot := t.TempDir()
 	for i, tc := range cases {
 		idxString := strconv.Itoa(i)
 
@@ -118,7 +116,7 @@ func TestRootFlagsEnv(t *testing.T) {
 func TestRootConfig(t *testing.T) {
 
 	// write non-default config
-	nonDefaultLogLvl := "abc:debug"
+	nonDefaultLogLvl := "debug"
 	cvals := map[string]string{
 		"log-level": nonDefaultLogLvl,
 	}
@@ -129,12 +127,13 @@ func TestRootConfig(t *testing.T) {
 
 		logLvl string
 	}{
-		{nil, nil, nonDefaultLogLvl},                                     // should load config
-		{[]string{"--log-level=abc:info"}, nil, "abc:info"},              // flag over rides
-		{nil, map[string]string{"TM_LOG_LEVEL": "abc:info"}, "abc:info"}, // env over rides
+		{nil, nil, nonDefaultLogLvl},                             // should load config
+		{[]string{"--log-level=info"}, nil, "info"},              // flag over rides
+		{nil, map[string]string{"TM_LOG_LEVEL": "info"}, "info"}, // env over rides
 	}
 
 	for i, tc := range cases {
+		defaultRoot := t.TempDir()
 		idxString := strconv.Itoa(i)
 		clearConfig(defaultRoot)
 

cmd/tendermint/commands/run_node.go

@@ -48,9 +48,7 @@ func AddNodeFlags(cmd *cobra.Command) {
 		"proxy-app",
 		config.ProxyApp,
 		"proxy app address, or one of: 'kvstore',"+
-			" 'persistent_kvstore',"+
-			" 'counter',"+
-			" 'counter_serial' or 'noop' for local testing.")
+			" 'persistent_kvstore' or 'noop' for local testing.")
 	cmd.Flags().String("abci", config.ABCI, "specify abci transport (socket | grpc)")
 
 	// rpc flags
@@ -85,7 +83,10 @@ func AddNodeFlags(cmd *cobra.Command) {
 		config.Consensus.CreateEmptyBlocksInterval.String(),
 		"the possible interval between empty blocks")
 
-	// db flags
+	addDBFlags(cmd)
+}
+
+func addDBFlags(cmd *cobra.Command) {
 	cmd.Flags().String(
 		"db-backend",
 		config.DBBackend,

cmd/tendermint/commands/show_node_id.go

@@ -4,25 +4,21 @@ import (
 	"fmt"
 
 	"github.com/spf13/cobra"
-
-	"github.com/tendermint/tendermint/p2p"
 )
 
 // ShowNodeIDCmd dumps node's ID to the standard output.
 var ShowNodeIDCmd = &cobra.Command{
-	Use:     "show-node-id",
-	Aliases: []string{"show_node_id"},
-	Short:   "Show this node's ID",
-	RunE:    showNodeID,
-	PreRun:  deprecateSnakeCase,
+	Use:   "show-node-id",
+	Short: "Show this node's ID",
+	RunE:  showNodeID,
 }
 
 func showNodeID(cmd *cobra.Command, args []string) error {
-	nodeKey, err := p2p.LoadNodeKey(config.NodeKeyFile())
+	nodeKeyID, err := config.LoadNodeKeyID()
 	if err != nil {
 		return err
 	}
 
-	fmt.Println(nodeKey.ID)
+	fmt.Println(nodeKeyID)
 	return nil
 }

cmd/tendermint/commands/show_validator.go

@@ -16,11 +16,9 @@ import (
 
 // ShowValidatorCmd adds capabilities for showing the validator info.
 var ShowValidatorCmd = &cobra.Command{
-	Use:     "show-validator",
-	Aliases: []string{"show_validator"},
-	Short:   "Show this node's validator info",
-	RunE:    showValidator,
-	PreRun:  deprecateSnakeCase,
+	Use:   "show-validator",
+	Short: "Show this node's validator info",
+	RunE:  showValidator,
 }
 
 func showValidator(cmd *cobra.Command, args []string) error {
@@ -33,7 +31,12 @@ func showValidator(cmd *cobra.Command, args []string) error {
 	protocol, _ := tmnet.ProtocolAndAddress(config.PrivValidator.ListenAddr)
 	switch protocol {
 	case "grpc":
-		pvsc, err := tmgrpc.DialRemoteSigner(config, config.ChainID(), logger)
+		pvsc, err := tmgrpc.DialRemoteSigner(
+			config.PrivValidator,
+			config.ChainID(),
+			logger,
+			config.Instrumentation.Prometheus,
+		)
 		if err != nil {
 			return fmt.Errorf("can't connect to remote validator %w", err)
 		}
@@ -47,12 +50,12 @@ func showValidator(cmd *cobra.Command, args []string) error {
 		}
 	default:
 
-		keyFilePath := config.PrivValidatorKeyFile()
+		keyFilePath := config.PrivValidator.KeyFile()
 		if !tmos.FileExists(keyFilePath) {
 			return fmt.Errorf("private validator file %s does not exist", keyFilePath)
 		}
 
-		pv, err := privval.LoadFilePV(keyFilePath, config.PrivValidatorStateFile())
+		pv, err := privval.LoadFilePV(keyFilePath, config.PrivValidator.StateFile())
 		if err != nil {
 			return err
 		}

cmd/tendermint/commands/testnet.go

@@ -14,10 +14,9 @@ import (
 	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/libs/bytes"
 	tmrand "github.com/tendermint/tendermint/libs/rand"
-	"github.com/tendermint/tendermint/p2p"
+	tmtime "github.com/tendermint/tendermint/libs/time"
 	"github.com/tendermint/tendermint/privval"
 	"github.com/tendermint/tendermint/types"
-	tmtime "github.com/tendermint/tendermint/types/time"
 )
 
 var (
@@ -274,11 +273,11 @@ func persistentPeersArray(config *cfg.Config) ([]string, error) {
 	for i := 0; i < nValidators+nNonValidators; i++ {
 		nodeDir := filepath.Join(outputDir, fmt.Sprintf("%s%d", nodeDirPrefix, i))
 		config.SetRoot(nodeDir)
-		nodeKey, err := p2p.LoadNodeKey(config.NodeKeyFile())
+		nodeKey, err := config.LoadNodeKeyID()
 		if err != nil {
 			return []string{}, err
 		}
-		peers[i] = p2p.IDAddressString(nodeKey.ID, fmt.Sprintf("%s:%d", hostnameOrIP(i), p2pPort))
+		peers[i] = nodeKey.AddressString(fmt.Sprintf("%s:%d", hostnameOrIP(i), p2pPort))
 	}
 	return peers, nil
 }

cmd/tendermint/main.go

@@ -15,6 +15,7 @@ func main() {
 	rootCmd := cmd.RootCmd
 	rootCmd.AddCommand(
 		cmd.GenValidatorCmd,
+		cmd.ReIndexEventCmd,
 		cmd.InitFilesCmd,
 		cmd.ProbeUpnpCmd,
 		cmd.LightCmd,
@@ -27,6 +28,8 @@ func main() {
 		cmd.ShowNodeIDCmd,
 		cmd.GenNodeKeyCmd,
 		cmd.VersionCmd,
+		cmd.InspectCmd,
+		cmd.MakeKeyMigrateCommand(),
 		debug.DebugCmd,
 		cli.NewCompletionCmd(rootCmd, true),
 	)

config/config.go

@@ -4,13 +4,15 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
 	"time"
 
+	tmjson "github.com/tendermint/tendermint/libs/json"
 	"github.com/tendermint/tendermint/libs/log"
-	abci "github.com/tendermint/tendermint/abci/client"
+	tmos "github.com/tendermint/tendermint/libs/os"
 	"github.com/tendermint/tendermint/types"
 )
 
@@ -20,11 +22,6 @@ const (
 	// FuzzModeDelay is a mode in which we randomly sleep
 	FuzzModeDelay
 
-	// LogFormatPlain is a format for colored text
-	LogFormatPlain = "plain"
-	// LogFormatJSON is a format for json output
-	LogFormatJSON = "json"
-
 	// DefaultLogLevel defines a default log level as INFO.
 	DefaultLogLevel = "info"
 
@@ -32,13 +29,43 @@ const (
 	ModeValidator = "validator"
 	ModeSeed      = "seed"
 
-	BlockchainV0 = "v0"
-	BlockchainV2 = "v2"
+	BlockSyncV0 = "v0"
+	BlockSyncV2 = "v2"
 
 	MempoolV0 = "v0"
 	MempoolV1 = "v1"
 )
 
+// NOTE: Most of the structs & relevant comments + the
+// default configuration options were used to manually
+// generate the config.toml. Please reflect any changes
+// made here in the defaultConfigTemplate constant in
+// config/toml.go
+// NOTE: libs/cli must know to look in the config dir!
+var (
+	DefaultTendermintDir = ".tendermint"
+	defaultConfigDir     = "config"
+	defaultDataDir       = "data"
+
+	defaultConfigFileName  = "config.toml"
+	defaultGenesisJSONName = "genesis.json"
+
+	defaultMode             = ModeFull
+	defaultPrivValKeyName   = "priv_validator_key.json"
+	defaultPrivValStateName = "priv_validator_state.json"
+
+	defaultNodeKeyName  = "node_key.json"
+	defaultAddrBookName = "addrbook.json"
+
+	defaultConfigFilePath   = filepath.Join(defaultConfigDir, defaultConfigFileName)
+	defaultGenesisJSONPath  = filepath.Join(defaultConfigDir, defaultGenesisJSONName)
+	defaultPrivValKeyPath   = filepath.Join(defaultConfigDir, defaultPrivValKeyName)
+	defaultPrivValStatePath = filepath.Join(defaultDataDir, defaultPrivValStateName)
+
+	defaultNodeKeyPath  = filepath.Join(defaultConfigDir, defaultNodeKeyName)
+	defaultAddrBookPath = filepath.Join(defaultConfigDir, defaultAddrBookName)
+)
+
 // Config defines the top level configuration for a Tendermint node
 type Config struct {
 	// Top level options use an anonymous struct
@@ -49,7 +76,7 @@ type Config struct {
 	P2P             *P2PConfig             `mapstructure:"p2p"`
 	Mempool         *MempoolConfig         `mapstructure:"mempool"`
 	StateSync       *StateSyncConfig       `mapstructure:"statesync"`
-	FastSync        *FastSyncConfig        `mapstructure:"fastsync"`
+	BlockSync       *BlockSyncConfig       `mapstructure:"fastsync"`
 	Consensus       *ConsensusConfig       `mapstructure:"consensus"`
 	TxIndex         *TxIndexConfig         `mapstructure:"tx-index"`
 	Instrumentation *InstrumentationConfig `mapstructure:"instrumentation"`
@@ -64,7 +91,7 @@ func DefaultConfig() *Config {
 		P2P:             DefaultP2PConfig(),
 		Mempool:         DefaultMempoolConfig(),
 		StateSync:       DefaultStateSyncConfig(),
-		FastSync:        DefaultFastSyncConfig(),
+		BlockSync:       DefaultBlockSyncConfig(),
 		Consensus:       DefaultConsensusConfig(),
 		TxIndex:         DefaultTxIndexConfig(),
 		Instrumentation: DefaultInstrumentationConfig(),
@@ -87,7 +114,7 @@ func TestConfig() *Config {
 		P2P:             TestP2PConfig(),
 		Mempool:         TestMempoolConfig(),
 		StateSync:       TestStateSyncConfig(),
-		FastSync:        TestFastSyncConfig(),
+		BlockSync:       TestBlockSyncConfig(),
 		Consensus:       TestConsensusConfig(),
 		TxIndex:         TestTxIndexConfig(),
 		Instrumentation: TestInstrumentationConfig(),
@@ -102,34 +129,10 @@ func (cfg *Config) SetRoot(root string) *Config {
 	cfg.P2P.RootDir = root
 	cfg.Mempool.RootDir = root
 	cfg.Consensus.RootDir = root
+	cfg.PrivValidator.RootDir = root
 	return cfg
 }
 
-// PrivValidatorClientKeyFile returns the full path to the priv_validator_key.json file
-func (cfg Config) PrivValidatorClientKeyFile() string {
-	return rootify(cfg.PrivValidator.ClientKey, cfg.RootDir)
-}
-
-// PrivValidatorClientCertificateFile returns the full path to the priv_validator_key.json file
-func (cfg Config) PrivValidatorClientCertificateFile() string {
-	return rootify(cfg.PrivValidator.ClientCertificate, cfg.RootDir)
-}
-
-// PrivValidatorCertificateAuthorityFile returns the full path to the priv_validator_key.json file
-func (cfg Config) PrivValidatorRootCAFile() string {
-	return rootify(cfg.PrivValidator.RootCA, cfg.RootDir)
-}
-
-// PrivValidatorKeyFile returns the full path to the priv_validator_key.json file
-func (cfg Config) PrivValidatorKeyFile() string {
-	return rootify(cfg.PrivValidator.Key, cfg.RootDir)
-}
-
-// PrivValidatorFile returns the full path to the priv_validator_state.json file
-func (cfg Config) PrivValidatorStateFile() string {
-	return rootify(cfg.PrivValidator.State, cfg.RootDir)
-}
-
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg *Config) ValidateBasic() error {
@@ -148,7 +151,7 @@ func (cfg *Config) ValidateBasic() error {
 	if err := cfg.StateSync.ValidateBasic(); err != nil {
 		return fmt.Errorf("error in [statesync] section: %w", err)
 	}
-	if err := cfg.FastSync.ValidateBasic(); err != nil {
+	if err := cfg.BlockSync.ValidateBasic(); err != nil {
 		return fmt.Errorf("error in [fastsync] section: %w", err)
 	}
 	if err := cfg.Consensus.ValidateBasic(); err != nil {
@@ -170,13 +173,14 @@ type BaseConfig struct { //nolint: maligned
 
 	// The root directory for all data.
 	// This should be set in viper so it can unmarshal into this struct
-	RootDir string
+	RootDir string `mapstructure:"home"`
 
-	// Client connection to the application. Can be local or via a socket/grpc
-	ABCI abci.Client 
+	// TCP or UNIX socket address of the ABCI application,
+	// or the name of an ABCI application compiled in with the Tendermint binary
+	ProxyApp string `mapstructure:"proxy-app"`
 
 	// A custom human readable name for this node
-	Moniker string
+	Moniker string `mapstructure:"moniker"`
 
 	// Mode of Node: full | validator | seed
 	// * validator
@@ -188,39 +192,84 @@ type BaseConfig struct { //nolint: maligned
 	// * seed
 	//   - only P2P, PEX Reactor
 	//   - No priv_validator_key.json, priv_validator_state.json
-	Mode string
+	Mode string `mapstructure:"mode"`
 
 	// If this node is many blocks behind the tip of the chain, FastSync
 	// allows them to catchup quickly by downloading blocks in parallel
 	// and verifying their commits
-	FastSyncMode bool
+	// TODO: This should be moved to the blocksync config
+	FastSyncMode bool `mapstructure:"fast-sync"`
 
-	// Database provider to initialize the DB backend
-	DBProvider DBProvider
+	// Database backend: goleveldb | cleveldb | boltdb | rocksdb
+	// * goleveldb (github.com/syndtr/goleveldb - most popular implementation)
+	//   - pure go
+	//   - stable
+	// * cleveldb (uses levigo wrapper)
+	//   - fast
+	//   - requires gcc
+	//   - use cleveldb build tag (go build -tags cleveldb)
+	// * boltdb (uses etcd's fork of bolt - github.com/etcd-io/bbolt)
+	//   - EXPERIMENTAL
+	//   - may be faster is some use-cases (random reads - indexer)
+	//   - use boltdb build tag (go build -tags boltdb)
+	// * rocksdb (uses github.com/tecbot/gorocksdb)
+	//   - EXPERIMENTAL
+	//   - requires gcc
+	//   - use rocksdb build tag (go build -tags rocksdb)
+	// * badgerdb (uses github.com/dgraph-io/badger)
+	//   - EXPERIMENTAL
+	//   - use badgerdb build tag (go build -tags badgerdb)
+	DBBackend string `mapstructure:"db-backend"`
+
+	// Database directory
+	DBPath string `mapstructure:"db-dir"`
 
 	// Output level for logging
-	Logger log.Logger
+	LogLevel string `mapstructure:"log-level"`
 
-	// Genesis of the chain
-	Genesis types.GenesisDoc
+	// Output format: 'plain' (colored text) or 'json'
+	LogFormat string `mapstructure:"log-format"`
+
+	// Path to the JSON file containing the initial validator set and other meta data
+	Genesis string `mapstructure:"genesis-file"`
 
 	// A JSON file containing the private key to use for p2p authenticated encryption
-	NodeKey string
+	NodeKey string `mapstructure:"node-key-file"`
+
+	// Mechanism to connect to the ABCI application: socket | grpc
+	ABCI string `mapstructure:"abci"`
 
 	// If true, query the ABCI app on connecting to a new peer
 	// so the app can decide if we should keep the connection or not
-	FilterPeers bool
+	FilterPeers bool `mapstructure:"filter-peers"` // false
 }
 
 // DefaultBaseConfig returns a default base configuration for a Tendermint node
 func DefaultBaseConfig() BaseConfig {
-	cfg, _ := DefaultBaseFileConfig().Build()
-	return cfg
+	return BaseConfig{
+		Genesis:      defaultGenesisJSONPath,
+		NodeKey:      defaultNodeKeyPath,
+		Mode:         defaultMode,
+		Moniker:      defaultMoniker,
+		ProxyApp:     "tcp://127.0.0.1:26658",
+		ABCI:         "socket",
+		LogLevel:     DefaultLogLevel,
+		LogFormat:    log.LogFormatPlain,
+		FastSyncMode: true,
+		FilterPeers:  false,
+		DBBackend:    "goleveldb",
+		DBPath:       "data",
+	}
 }
 
 // TestBaseConfig returns a base configuration for testing a Tendermint node
 func TestBaseConfig() BaseConfig {
-	cfg, _ := TestBaseFileConfig().Build()
+	cfg := DefaultBaseConfig()
+	cfg.chainID = "tendermint_test"
+	cfg.Mode = ModeValidator
+	cfg.ProxyApp = "kvstore"
+	cfg.FastSyncMode = false
+	cfg.DBBackend = "memdb"
 	return cfg
 }
 
@@ -228,21 +277,74 @@ func (cfg BaseConfig) ChainID() string {
 	return cfg.chainID
 }
 
+// GenesisFile returns the full path to the genesis.json file
+func (cfg BaseConfig) GenesisFile() string {
+	return rootify(cfg.Genesis, cfg.RootDir)
+}
+
 // NodeKeyFile returns the full path to the node_key.json file
 func (cfg BaseConfig) NodeKeyFile() string {
 	return rootify(cfg.NodeKey, cfg.RootDir)
 }
 
+// LoadNodeKey loads NodeKey located in filePath.
+func (cfg BaseConfig) LoadNodeKeyID() (types.NodeID, error) {
+	jsonBytes, err := ioutil.ReadFile(cfg.NodeKeyFile())
+	if err != nil {
+		return "", err
+	}
+	nodeKey := types.NodeKey{}
+	err = tmjson.Unmarshal(jsonBytes, &nodeKey)
+	if err != nil {
+		return "", err
+	}
+	nodeKey.ID = types.NodeIDFromPubKey(nodeKey.PubKey())
+	return nodeKey.ID, nil
+}
+
+// LoadOrGenNodeKey attempts to load the NodeKey from the given filePath. If
+// the file does not exist, it generates and saves a new NodeKey.
+func (cfg BaseConfig) LoadOrGenNodeKeyID() (types.NodeID, error) {
+	if tmos.FileExists(cfg.NodeKeyFile()) {
+		nodeKey, err := cfg.LoadNodeKeyID()
+		if err != nil {
+			return "", err
+		}
+		return nodeKey, nil
+	}
+
+	nodeKey := types.GenNodeKey()
+
+	if err := nodeKey.SaveAs(cfg.NodeKeyFile()); err != nil {
+		return "", err
+	}
+
+	return nodeKey.ID, nil
+}
+
+// DBDir returns the full path to the database directory
+func (cfg BaseConfig) DBDir() string {
+	return rootify(cfg.DBPath, cfg.RootDir)
+}
+
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg BaseConfig) ValidateBasic() error {
+	switch cfg.LogFormat {
+	case log.LogFormatJSON, log.LogFormatText, log.LogFormatPlain:
+	default:
+		return errors.New("unknown log format (must be 'plain', 'text' or 'json')")
+	}
+
 	switch cfg.Mode {
 	case ModeFull, ModeValidator, ModeSeed:
 	case "":
 		return errors.New("no mode has been set")
+
 	default:
 		return fmt.Errorf("unknown mode: %v", cfg.Mode)
 	}
+
 	return nil
 }
 
@@ -251,6 +353,8 @@ func (cfg BaseConfig) ValidateBasic() error {
 
 // PrivValidatorConfig defines the configuration parameters for running a validator
 type PrivValidatorConfig struct {
+	RootDir string `mapstructure:"home"`
+
 	// Path to the JSON file containing the private key to use as a validator in the consensus protocol
 	Key string `mapstructure:"key-file"`
 
@@ -281,7 +385,32 @@ func DefaultPrivValidatorConfig() *PrivValidatorConfig {
 	}
 }
 
-func (cfg PrivValidatorConfig) AreSecurityOptionsPresent() bool {
+// ClientKeyFile returns the full path to the priv_validator_key.json file
+func (cfg *PrivValidatorConfig) ClientKeyFile() string {
+	return rootify(cfg.ClientKey, cfg.RootDir)
+}
+
+// ClientCertificateFile returns the full path to the priv_validator_key.json file
+func (cfg *PrivValidatorConfig) ClientCertificateFile() string {
+	return rootify(cfg.ClientCertificate, cfg.RootDir)
+}
+
+// CertificateAuthorityFile returns the full path to the priv_validator_key.json file
+func (cfg *PrivValidatorConfig) RootCAFile() string {
+	return rootify(cfg.RootCA, cfg.RootDir)
+}
+
+// KeyFile returns the full path to the priv_validator_key.json file
+func (cfg *PrivValidatorConfig) KeyFile() string {
+	return rootify(cfg.Key, cfg.RootDir)
+}
+
+// StateFile returns the full path to the priv_validator_state.json file
+func (cfg *PrivValidatorConfig) StateFile() string {
+	return rootify(cfg.State, cfg.RootDir)
+}
+
+func (cfg *PrivValidatorConfig) AreSecurityOptionsPresent() bool {
 	switch {
 	case cfg.RootCA == "":
 		return false
@@ -318,6 +447,7 @@ type RPCConfig struct {
 
 	// TCP or UNIX socket address for the gRPC server to listen on
 	// NOTE: This server only supports /broadcast_tx_commit
+	// Deprecated: gRPC in the RPC layer of Tendermint will be removed in 0.36.
 	GRPCListenAddress string `mapstructure:"grpc-laddr"`
 
 	// Maximum number of simultaneous connections.
@@ -325,6 +455,7 @@ type RPCConfig struct {
 	// If you want to accept a larger number than the default, make sure
 	// you increase your OS limits.
 	// 0 - unlimited.
+	// Deprecated: gRPC in the RPC layer of Tendermint will be removed in 0.36.
 	GRPCMaxOpenConnections int `mapstructure:"grpc-max-open-connections"`
 
 	// Activate unsafe RPC commands like /dial-persistent-peers and /unsafe-flush-mempool
@@ -563,13 +694,14 @@ type P2PConfig struct { //nolint: maligned
 	// Force dial to fail
 	TestDialFail bool `mapstructure:"test-dial-fail"`
 
-	// DisableLegacy is used mostly for testing to enable or disable the legacy
-	// P2P stack.
-	DisableLegacy bool `mapstructure:"disable-legacy"`
+	// UseLegacy enables the "legacy" P2P implementation and
+	// disables the newer default implementation. This flag will
+	// be removed in a future release.
+	UseLegacy bool `mapstructure:"use-legacy"`
 
 	// Makes it possible to configure which queue backend the p2p
 	// layer uses. Options are: "fifo", "priority" and "wdrr",
-	// with the default being "fifo".
+	// with the default being "priority".
 	QueueType string `mapstructure:"queue-type"`
 }
 
@@ -601,6 +733,7 @@ func DefaultP2PConfig() *P2PConfig {
 		DialTimeout:             3 * time.Second,
 		TestDialFail:            false,
 		QueueType:               "priority",
+		UseLegacy:               false,
 	}
 }
 
@@ -654,25 +787,47 @@ type MempoolConfig struct {
 	RootDir   string `mapstructure:"home"`
 	Recheck   bool   `mapstructure:"recheck"`
 	Broadcast bool   `mapstructure:"broadcast"`
+
 	// Maximum number of transactions in the mempool
 	Size int `mapstructure:"size"`
+
 	// Limit the total size of all txs in the mempool.
 	// This only accounts for raw transactions (e.g. given 1MB transactions and
 	// max-txs-bytes=5MB, mempool will only accept 5 transactions).
 	MaxTxsBytes int64 `mapstructure:"max-txs-bytes"`
+
 	// Size of the cache (used to filter transactions we saw earlier) in transactions
 	CacheSize int `mapstructure:"cache-size"`
+
 	// Do not remove invalid transactions from the cache (default: false)
 	// Set to true if it's not possible for any invalid transaction to become
 	// valid again in the future.
 	KeepInvalidTxsInCache bool `mapstructure:"keep-invalid-txs-in-cache"`
+
 	// Maximum size of a single transaction
 	// NOTE: the max size of a tx transmitted over the network is {max-tx-bytes}.
 	MaxTxBytes int `mapstructure:"max-tx-bytes"`
+
 	// Maximum size of a batch of transactions to send to a peer
 	// Including space needed by encoding (one varint per transaction).
 	// XXX: Unused due to https://github.com/tendermint/tendermint/issues/5796
 	MaxBatchBytes int `mapstructure:"max-batch-bytes"`
+
+	// TTLDuration, if non-zero, defines the maximum amount of time a transaction
+	// can exist for in the mempool.
+	//
+	// Note, if TTLNumBlocks is also defined, a transaction will be removed if it
+	// has existed in the mempool at least TTLNumBlocks number of blocks or if it's
+	// insertion time into the mempool is beyond TTLDuration.
+	TTLDuration time.Duration `mapstructure:"ttl-duration"`
+
+	// TTLNumBlocks, if non-zero, defines the maximum number of blocks a transaction
+	// can exist for in the mempool.
+	//
+	// Note, if TTLDuration is also defined, a transaction will be removed if it
+	// has existed in the mempool at least TTLNumBlocks number of blocks or if
+	// it's insertion time into the mempool is beyond TTLDuration.
+	TTLNumBlocks int64 `mapstructure:"ttl-num-blocks"`
 }
 
 // DefaultMempoolConfig returns a default configuration for the Tendermint mempool.
@@ -683,10 +838,12 @@ func DefaultMempoolConfig() *MempoolConfig {
 		Broadcast: true,
 		// Each signature verification takes .5ms, Size reduced until we implement
 		// ABCI Recheck
-		Size:        5000,
-		MaxTxsBytes: 1024 * 1024 * 1024, // 1GB
-		CacheSize:   10000,
-		MaxTxBytes:  1024 * 1024, // 1MB
+		Size:         5000,
+		MaxTxsBytes:  1024 * 1024 * 1024, // 1GB
+		CacheSize:    10000,
+		MaxTxBytes:   1024 * 1024, // 1MB
+		TTLDuration:  0 * time.Second,
+		TTLNumBlocks: 0,
 	}
 }
 
@@ -712,6 +869,13 @@ func (cfg *MempoolConfig) ValidateBasic() error {
 	if cfg.MaxTxBytes < 0 {
 		return errors.New("max-tx-bytes can't be negative")
 	}
+	if cfg.TTLDuration < 0 {
+		return errors.New("ttl-duration can't be negative")
+	}
+	if cfg.TTLNumBlocks < 0 {
+		return errors.New("ttl-num-blocks can't be negative")
+	}
+
 	return nil
 }
 
@@ -720,13 +884,15 @@ func (cfg *MempoolConfig) ValidateBasic() error {
 
 // StateSyncConfig defines the configuration for the Tendermint state sync service
 type StateSyncConfig struct {
-	Enable        bool          `mapstructure:"enable"`
-	TempDir       string        `mapstructure:"temp-dir"`
-	RPCServers    []string      `mapstructure:"rpc-servers"`
-	TrustPeriod   time.Duration `mapstructure:"trust-period"`
-	TrustHeight   int64         `mapstructure:"trust-height"`
-	TrustHash     string        `mapstructure:"trust-hash"`
-	DiscoveryTime time.Duration `mapstructure:"discovery-time"`
+	Enable              bool          `mapstructure:"enable"`
+	TempDir             string        `mapstructure:"temp-dir"`
+	RPCServers          []string      `mapstructure:"rpc-servers"`
+	TrustPeriod         time.Duration `mapstructure:"trust-period"`
+	TrustHeight         int64         `mapstructure:"trust-height"`
+	TrustHash           string        `mapstructure:"trust-hash"`
+	DiscoveryTime       time.Duration `mapstructure:"discovery-time"`
+	ChunkRequestTimeout time.Duration `mapstructure:"chunk-request-timeout"`
+	Fetchers            int32         `mapstructure:"fetchers"`
 }
 
 func (cfg *StateSyncConfig) TrustHashBytes() []byte {
@@ -741,12 +907,14 @@ func (cfg *StateSyncConfig) TrustHashBytes() []byte {
 // DefaultStateSyncConfig returns a default configuration for the state sync service
 func DefaultStateSyncConfig() *StateSyncConfig {
 	return &StateSyncConfig{
-		TrustPeriod:   168 * time.Hour,
-		DiscoveryTime: 15 * time.Second,
+		TrustPeriod:         168 * time.Hour,
+		DiscoveryTime:       15 * time.Second,
+		ChunkRequestTimeout: 15 * time.Second,
+		Fetchers:            4,
 	}
 }
 
-// TestFastSyncConfig returns a default configuration for the state sync service
+// TestStateSyncConfig returns a default configuration for the state sync service
 func TestStateSyncConfig() *StateSyncConfig {
 	return DefaultStateSyncConfig()
 }
@@ -757,14 +925,17 @@ func (cfg *StateSyncConfig) ValidateBasic() error {
 		if len(cfg.RPCServers) == 0 {
 			return errors.New("rpc-servers is required")
 		}
+
 		if len(cfg.RPCServers) < 2 {
 			return errors.New("at least two rpc-servers entries is required")
 		}
+
 		for _, server := range cfg.RPCServers {
 			if len(server) == 0 {
 				return errors.New("found empty rpc-servers entry")
 			}
 		}
+
 		if cfg.DiscoveryTime != 0 && cfg.DiscoveryTime < 5*time.Second {
 			return errors.New("discovery time must be 0s or greater than five seconds")
 		}
@@ -772,49 +943,60 @@ func (cfg *StateSyncConfig) ValidateBasic() error {
 		if cfg.TrustPeriod <= 0 {
 			return errors.New("trusted-period is required")
 		}
+
 		if cfg.TrustHeight <= 0 {
 			return errors.New("trusted-height is required")
 		}
+
 		if len(cfg.TrustHash) == 0 {
 			return errors.New("trusted-hash is required")
 		}
+
 		_, err := hex.DecodeString(cfg.TrustHash)
 		if err != nil {
 			return fmt.Errorf("invalid trusted-hash: %w", err)
 		}
+
+		if cfg.ChunkRequestTimeout < 5*time.Second {
+			return errors.New("chunk-request-timeout must be at least 5 seconds")
+		}
+
+		if cfg.Fetchers <= 0 {
+			return errors.New("fetchers is required")
+		}
 	}
+
 	return nil
 }
 
 //-----------------------------------------------------------------------------
-// FastSyncConfig
 
-// FastSyncConfig defines the configuration for the Tendermint fast sync service
-type FastSyncConfig struct {
+// BlockSyncConfig (formerly known as FastSync) defines the configuration for the Tendermint block sync service
+type BlockSyncConfig struct {
 	Version string `mapstructure:"version"`
 }
 
-// DefaultFastSyncConfig returns a default configuration for the fast sync service
-func DefaultFastSyncConfig() *FastSyncConfig {
-	return &FastSyncConfig{
-		Version: BlockchainV0,
+// DefaultBlockSyncConfig returns a default configuration for the block sync service
+func DefaultBlockSyncConfig() *BlockSyncConfig {
+	return &BlockSyncConfig{
+		Version: BlockSyncV0,
 	}
 }
 
-// TestFastSyncConfig returns a default configuration for the fast sync.
-func TestFastSyncConfig() *FastSyncConfig {
-	return DefaultFastSyncConfig()
+// TestBlockSyncConfig returns a default configuration for the block sync.
+func TestBlockSyncConfig() *BlockSyncConfig {
+	return DefaultBlockSyncConfig()
 }
 
 // ValidateBasic performs basic validation.
-func (cfg *FastSyncConfig) ValidateBasic() error {
+func (cfg *BlockSyncConfig) ValidateBasic() error {
 	switch cfg.Version {
-	case BlockchainV0:
-		return nil
-	case BlockchainV2:
+	case BlockSyncV0:
 		return nil
+	case BlockSyncV2:
+		return errors.New("blocksync version v2 is no longer supported. Please use v0")
 	default:
-		return fmt.Errorf("unknown fastsync version %s", cfg.Version)
+		return fmt.Errorf("unknown blocksync version %s", cfg.Version)
 	}
 }
 

config/config_test.go

@@ -9,6 +9,24 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func TestDefaultConfig(t *testing.T) {
+	assert := assert.New(t)
+
+	// set up some defaults
+	cfg := DefaultConfig()
+	assert.NotNil(cfg.P2P)
+	assert.NotNil(cfg.Mempool)
+	assert.NotNil(cfg.Consensus)
+
+	// check the root dir stuff...
+	cfg.SetRoot("/foo")
+	cfg.Genesis = "bar"
+	cfg.DBPath = "/opt/data"
+
+	assert.Equal("/foo/bar", cfg.GenesisFile())
+	assert.Equal("/opt/data", cfg.DBDir())
+}
+
 func TestConfigValidateBasic(t *testing.T) {
 	cfg := DefaultConfig()
 	assert.NoError(t, cfg.ValidateBasic())
@@ -34,6 +52,15 @@ func TestTLSConfiguration(t *testing.T) {
 	assert.Equal("/abs/path/to/file.key", cfg.RPC.KeyFile())
 }
 
+func TestBaseConfigValidateBasic(t *testing.T) {
+	cfg := TestBaseConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	// tamper with log format
+	cfg.LogFormat = "invalid"
+	assert.Error(t, cfg.ValidateBasic())
+}
+
 func TestRPCConfigValidateBasic(t *testing.T) {
 	cfg := TestRPCConfig()
 	assert.NoError(t, cfg.ValidateBasic())
@@ -98,13 +125,13 @@ func TestStateSyncConfigValidateBasic(t *testing.T) {
 	require.NoError(t, cfg.ValidateBasic())
 }
 
-func TestFastSyncConfigValidateBasic(t *testing.T) {
-	cfg := TestFastSyncConfig()
+func TestBlockSyncConfigValidateBasic(t *testing.T) {
+	cfg := TestBlockSyncConfig()
 	assert.NoError(t, cfg.ValidateBasic())
 
 	// tamper with version
 	cfg.Version = "v2"
-	assert.NoError(t, cfg.ValidateBasic())
+	assert.Error(t, cfg.ValidateBasic())
 
 	cfg.Version = "invalid"
 	assert.Error(t, cfg.ValidateBasic())

config/db.go

@@ -9,21 +9,18 @@ import (
 // ServiceProvider takes a config and a logger and returns a ready to go Node.
 type ServiceProvider func(*Config, log.Logger) (service.Service, error)
 
-// DBProivder is an interface for initializing instances of DB
-type DBProvider interface {
-	Initialize(ID string) (db.DB, error)
+// DBContext specifies config information for loading a new DB.
+type DBContext struct {
+	ID     string
+	Config *Config
 }
 
-// DefaultDBProvider is the default provider that is constructed from the FileConfig
-type DefaultDBProvider struct {
-	backend string
-	dir string
+// DBProvider takes a DBContext and returns an instantiated DB.
+type DBProvider func(*DBContext) (db.DB, error)
+
+// DefaultDBProvider returns a database using the DBBackend and DBDir
+// specified in the Config.
+func DefaultDBProvider(ctx *DBContext) (db.DB, error) {
+	dbType := db.BackendType(ctx.Config.DBBackend)
+	return db.NewDB(ctx.ID, dbType, ctx.Config.DBDir())
 }
-
-func (dbp DefaultDBProvider) Initialize(ID string) (db.DB, error) {
-	dbType := db.BackendType(dbp.backend)
-	return db.NewDB(ID, dbType, dbp.dir)
-}
-
-
-

config/file.go

@@ -1,295 +0,0 @@
-package config
-
-import (
-	"errors"
-	"os"
-	"path/filepath"
-
-	"github.com/tendermint/tendermint/abci/client"
-	abci"github.com/tendermint/tendermint/abci/types"
-	"github.com/tendermint/tendermint/abci/example/counter"
-	"github.com/tendermint/tendermint/abci/example/kvstore"
-	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
-	"github.com/tendermint/tendermint/libs/log"
-	"github.com/tendermint/tendermint/types"
-)
-
-// NOTE: Most of the structs & relevant comments + the
-// default configuration options were used to manually
-// generate the config.toml. Please reflect any changes
-// made here in the defaultConfigTemplate constant in
-// config/toml.go
-// NOTE: libs/cli must know to look in the config dir!
-var (
-	DefaultTendermintDir = ".tendermint"
-	defaultConfigDir     = "config"
-	defaultDataDir       = "data"
-
-	defaultConfigFileName  = "config.toml"
-	defaultGenesisJSONName = "genesis.json"
-
-	defaultMode             = ModeFull
-	defaultPrivValKeyName   = "priv_validator_key.json"
-	defaultPrivValStateName = "priv_validator_state.json"
-
-	defaultNodeKeyName  = "node_key.json"
-	defaultAddrBookName = "addrbook.json"
-
-	defaultConfigFilePath   = filepath.Join(defaultConfigDir, defaultConfigFileName)
-	defaultGenesisJSONPath  = filepath.Join(defaultConfigDir, defaultGenesisJSONName)
-	defaultPrivValKeyPath   = filepath.Join(defaultConfigDir, defaultPrivValKeyName)
-	defaultPrivValStatePath = filepath.Join(defaultDataDir, defaultPrivValStateName)
-
-	defaultNodeKeyPath  = filepath.Join(defaultConfigDir, defaultNodeKeyName)
-	defaultAddrBookPath = filepath.Join(defaultConfigDir, defaultAddrBookName)
-)
-
-type FileConfig struct {
-	// Top level options use an anonymous struct
-	BaseFileConfig `mapstructure:",squash"`
-
-	// Options for services
-	RPC             *RPCConfig             `mapstructure:"rpc"`
-	P2P             *P2PConfig             `mapstructure:"p2p"`
-	Mempool         *MempoolConfig         `mapstructure:"mempool"`
-	StateSync       *StateSyncConfig       `mapstructure:"statesync"`
-	FastSync        *FastSyncConfig        `mapstructure:"fastsync"`
-	Consensus       *ConsensusConfig       `mapstructure:"consensus"`
-	TxIndex         *TxIndexConfig         `mapstructure:"tx-index"`
-	Instrumentation *InstrumentationConfig `mapstructure:"instrumentation"`
-	PrivValidator   *PrivValidatorConfig   `mapstructure:"priv-validator"`
-}
-
-// DefaultConfig returns a default configuration for a Tendermint node
-func DefaultFileConfig() *FileConfig {
-	return &FileConfig{
-		BaseFileConfig:  DefaultBaseFileConfig(),
-		RPC:             DefaultRPCConfig(),
-		P2P:             DefaultP2PConfig(),
-		Mempool:         DefaultMempoolConfig(),
-		StateSync:       DefaultStateSyncConfig(),
-		FastSync:        DefaultFastSyncConfig(),
-		Consensus:       DefaultConsensusConfig(),
-		TxIndex:         DefaultTxIndexConfig(),
-		Instrumentation: DefaultInstrumentationConfig(),
-		PrivValidator:   DefaultPrivValidatorConfig(),
-	}
-}
-
-// TestConfig returns a configuration that can be used for testing
-func TestFileConfig() *FileConfig {
-	return &FileConfig{
-		BaseFileConfig:  TestBaseFileConfig(),
-		RPC:             TestRPCConfig(),
-		P2P:             TestP2PConfig(),
-		Mempool:         TestMempoolConfig(),
-		StateSync:       TestStateSyncConfig(),
-		FastSync:        TestFastSyncConfig(),
-		Consensus:       TestConsensusConfig(),
-		TxIndex:         TestTxIndexConfig(),
-		Instrumentation: TestInstrumentationConfig(),
-		PrivValidator:   DefaultPrivValidatorConfig(),
-	}
-}
-
-func (cfg FileConfig) Build() (Config, error) {
-	baseConfig, err := cfg.BaseFileConfig.Build()
-	if err != nil {
-		return Config{}, err
-	}
-	return Config{
-		BaseConfig: baseConfig,
-
-		RPC: cfg.RPC,
-		P2P: cfg.P2P,
-		Mempool: cfg.Mempool,
-		StateSync: cfg.StateSync,
-		FastSync: cfg.FastSync,
-		Consensus: cfg.Consensus,
-		TxIndex: cfg.TxIndex,
-		Instrumentation: cfg.Instrumentation,
-		PrivValidator: cfg.PrivValidator,
-	}, nil
-}
-
-// SetRoot sets the RootDir for all Config structs
-func (cfg *FileConfig) SetRoot(root string) *FileConfig {
-	cfg.BaseFileConfig.RootDir = root
-	cfg.RPC.RootDir = root
-	cfg.P2P.RootDir = root
-	cfg.Mempool.RootDir = root
-	cfg.Consensus.RootDir = root
-	return cfg
-}
-
-type BaseFileConfig struct { //nolint: maligned
-	// chainID is unexposed and immutable but here for convenience
-	chainID string
-
-	// The root directory for all data.
-	// This should be set in viper so it can unmarshal into this struct
-	RootDir string `mapstructure:"home"`
-
-	// TCP or UNIX socket address of the ABCI application,
-	// or the name of an ABCI application compiled in with the Tendermint binary
-	ProxyApp string `mapstructure:"proxy-app"`
-
-	// A custom human readable name for this node
-	Moniker string `mapstructure:"moniker"`
-
-	// Mode of Node: full | validator | seed
-	// * validator
-	//   - all reactors
-	//   - with priv_validator_key.json, priv_validator_state.json
-	// * full
-	//   - all reactors
-	//   - No priv_validator_key.json, priv_validator_state.json
-	// * seed
-	//   - only P2P, PEX Reactor
-	//   - No priv_validator_key.json, priv_validator_state.json
-	Mode string `mapstructure:"mode"`
-
-	// If this node is many blocks behind the tip of the chain, FastSync
-	// allows them to catchup quickly by downloading blocks in parallel
-	// and verifying their commits
-	FastSyncMode bool `mapstructure:"fast-sync"`
-
-	// Database backend: goleveldb | cleveldb | boltdb | rocksdb
-	// * goleveldb (github.com/syndtr/goleveldb - most popular implementation)
-	//   - pure go
-	//   - stable
-	// * cleveldb (uses levigo wrapper)
-	//   - fast
-	//   - requires gcc
-	//   - use cleveldb build tag (go build -tags cleveldb)
-	// * boltdb (uses etcd's fork of bolt - github.com/etcd-io/bbolt)
-	//   - EXPERIMENTAL
-	//   - may be faster is some use-cases (random reads - indexer)
-	//   - use boltdb build tag (go build -tags boltdb)
-	// * rocksdb (uses github.com/tecbot/gorocksdb)
-	//   - EXPERIMENTAL
-	//   - requires gcc
-	//   - use rocksdb build tag (go build -tags rocksdb)
-	// * badgerdb (uses github.com/dgraph-io/badger)
-	//   - EXPERIMENTAL
-	//   - use badgerdb build tag (go build -tags badgerdb)
-	DBBackend string `mapstructure:"db-backend"`
-
-	// Database directory
-	DBPath string `mapstructure:"db-dir"`
-
-	// Output level for logging
-	LogLevel string `mapstructure:"log-level"`
-
-	// Output format: 'plain' (colored text) or 'json'
-	LogFormat string `mapstructure:"log-format"`
-
-	// Path to the JSON file containing the initial validator set and other meta data
-	Genesis string `mapstructure:"genesis-file"`
-
-	// A JSON file containing the private key to use for p2p authenticated encryption
-	NodeKey string `mapstructure:"node-key-file"`
-
-	// Mechanism to connect to the ABCI application: socket | grpc
-	ABCI string `mapstructure:"abci"`
-
-	// If true, query the ABCI app on connecting to a new peer
-	// so the app can decide if we should keep the connection or not
-	FilterPeers bool `mapstructure:"filter-peers"` // false
-}
-
-// DefaultBaseConfig returns a default base configuration for a Tendermint node
-func DefaultBaseFileConfig() BaseFileConfig {
-	return BaseFileConfig{
-		Genesis:      defaultGenesisJSONPath,
-		NodeKey:      defaultNodeKeyPath,
-		Mode:         defaultMode,
-		Moniker:      defaultMoniker,
-		ProxyApp:     "tcp://127.0.0.1:26658",
-		ABCI:         "socket",
-		LogLevel:     DefaultLogLevel,
-		LogFormat:    LogFormatPlain,
-		FastSyncMode: true,
-		FilterPeers:  false,
-		DBBackend:    "goleveldb",
-		DBPath:       "data",
-	}
-}
-
-// TestBaseConfig returns a base configuration for testing a Tendermint node
-func TestBaseFileConfig() BaseFileConfig {
-	cfg := DefaultBaseFileConfig()
-	cfg.chainID = "tendermint_test"
-	cfg.Mode = ModeValidator
-	cfg.ProxyApp = "kvstore"
-	cfg.FastSyncMode = false
-	cfg.DBBackend = "memdb"
-	return cfg
-}
-
-func (cfg BaseFileConfig) Build() (BaseConfig, error) {
-	abciClient, err := createClient(cfg.ProxyApp, cfg.ABCI, cfg.DBDir())
-	if err != nil {
-		return BaseConfig{}, err
-	}
-	genDoc, err := types.GenesisDocFromFile(cfg.GenesisFile())
-	if err != nil {
-		return BaseConfig{}, err
-	}
-
-	return BaseConfig{
-		chainID: cfg.chainID,
-		RootDir: cfg.RootDir,
-		ABCI: abciClient,
-		Moniker: cfg.Moniker,
-		Mode: cfg.Mode,
-		FastSyncMode: cfg.FastSyncMode,
-		DBProvider: DefaultDBProvider{
-			backend: cfg.DBBackend,
-			dir: cfg.DBDir(),
-		},
-		Logger: log.NewTMLogger(log.NewSyncWriter(os.Stdout)),
-		Genesis: *genDoc,
-		NodeKey: cfg.NodeKey,
-		FilterPeers: cfg.FilterPeers,
-	}, nil
-
-}
-
-// GenesisFile returns the full path to the genesis.json file
-func (cfg BaseFileConfig) GenesisFile() string {
-	return rootify(cfg.Genesis, cfg.RootDir)
-}
-
-// DBDir returns the full path to the database directory
-func (cfg BaseFileConfig) DBDir() string {
-	return rootify(cfg.DBPath, cfg.RootDir)
-}
-
-func (cfg BaseFileConfig) ValidateBasic() error { 
-	switch cfg.LogFormat {
-	case LogFormatPlain, LogFormatJSON:
-	default:
-		return errors.New("unknown log format (must be 'plain' or 'json')")
-	}
-	return nil
-}
-
-func createClient(addr, transport, dbDir string) (abcicli.Client, error) {
-	switch addr {
-	case "counter":
-		return abcicli.NewLocalClient(new(tmsync.RWMutex), counter.NewApplication(false)), nil
-	case "counter_serial":
-		return abcicli.NewLocalClient(new(tmsync.RWMutex), counter.NewApplication(true)), nil
-	case "kvstore":
-		return abcicli.NewLocalClient(new(tmsync.RWMutex), kvstore.NewApplication()), nil
-	case "persistent_kvstore":
-		app := kvstore.NewPersistentKVStoreApplication(dbDir)
-		return abcicli.NewLocalClient(new(tmsync.RWMutex), app), nil
-	case "noop":
-		return abcicli.NewLocalClient(new(tmsync.RWMutex), abci.NewBaseApplication()), nil
-	default:
-		mustConnect := false // loop retrying
-		return abcicli.NewClient(addr, transport, mustConnect)
-	}
-}

config/file_test.go

@@ -1,34 +0,0 @@
-package config
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDefaultConfig(t *testing.T) {
-	assert := assert.New(t)
-
-	// set up some defaults
-	cfg := DefaultFileConfig()
-	assert.NotNil(cfg.P2P)
-	assert.NotNil(cfg.Mempool)
-	assert.NotNil(cfg.Consensus)
-
-	// check the root dir stuff...
-	cfg.SetRoot("/foo")
-	cfg.Genesis = "bar"
-	cfg.DBPath = "/opt/data"
-
-	assert.Equal("/foo/bar", cfg.GenesisFile())
-	assert.Equal("/opt/data", cfg.DBDir())
-}
-
-func TestBaseConfigValidateBasic(t *testing.T) {
-	cfg := TestBaseFileConfig()
-	assert.NoError(t, cfg.ValidateBasic())
-
-	// tamper with log format
-	cfg.LogFormat = "invalid"
-	assert.Error(t, cfg.ValidateBasic())
-}

config/toml.go

@@ -45,7 +45,7 @@ func EnsureRoot(rootDir string) {
 
 // WriteConfigFile renders config using the template and writes it to configFilePath.
 // This function is called by cmd/tendermint/commands/init.go
-func WriteConfigFile(rootDir string, config *FileConfig) {
+func WriteConfigFile(rootDir string, config *Config) {
 	var buffer bytes.Buffer
 
 	if err := configTemplate.Execute(&buffer, config); err != nil {
@@ -60,7 +60,7 @@ func WriteConfigFile(rootDir string, config *FileConfig) {
 func writeDefaultConfigFileIfNone(rootDir string) {
 	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
 	if !tmos.FileExists(configFilePath) {
-		WriteConfigFile(rootDir, DefaultFileConfig())
+		WriteConfigFile(rootDir, DefaultConfig())
 	}
 }
 
@@ -200,6 +200,7 @@ cors-allowed-headers = [{{ range .RPC.CORSAllowedHeaders }}{{ printf "%q, " . }}
 
 # TCP or UNIX socket address for the gRPC server to listen on
 # NOTE: This server only supports /broadcast_tx_commit
+# Deprecated gRPC  in the RPC layer of Tendermint will be deprecated in 0.36.
 grpc-laddr = "{{ .RPC.GRPCListenAddress }}"
 
 # Maximum number of simultaneous connections.
@@ -209,6 +210,7 @@ grpc-laddr = "{{ .RPC.GRPCListenAddress }}"
 # 0 - unlimited.
 # Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files}
 # 1024 - 40 - 10 - 50 = 924 = ~900
+# Deprecated gRPC  in the RPC layer of Tendermint will be deprecated in 0.36.
 grpc-max-open-connections = {{ .RPC.GRPCMaxOpenConnections }}
 
 # Activate unsafe RPC commands like /dial-seeds and /unsafe-flush-mempool
@@ -269,7 +271,7 @@ pprof-laddr = "{{ .RPC.PprofListenAddress }}"
 [p2p]
 
 # Enable the new p2p layer.
-disable-legacy = {{ .P2P.DisableLegacy }}
+use-legacy = {{ .P2P.UseLegacy }}
 
 # Select the p2p internal queue
 queue-type = "{{ .P2P.QueueType }}"
@@ -280,7 +282,8 @@ laddr = "{{ .P2P.ListenAddress }}"
 # Address to advertise to peers for them to dial
 # If empty, will use the same port as the laddr,
 # and will introspect on the listener or use UPnP
-# to figure out the address.
+# to figure out the address. ip and port are required
+# example: 159.89.10.97:26656
 external-address = "{{ .P2P.ExternalAddress }}"
 
 # Comma separated list of seed nodes to connect to
@@ -396,6 +399,22 @@ max-tx-bytes = {{ .Mempool.MaxTxBytes }}
 # XXX: Unused due to https://github.com/tendermint/tendermint/issues/5796
 max-batch-bytes = {{ .Mempool.MaxBatchBytes }}
 
+# ttl-duration, if non-zero, defines the maximum amount of time a transaction
+# can exist for in the mempool.
+#
+# Note, if ttl-num-blocks is also defined, a transaction will be removed if it
+# has existed in the mempool at least ttl-num-blocks number of blocks or if it's
+# insertion time into the mempool is beyond ttl-duration.
+ttl-duration = "{{ .Mempool.TTLDuration }}"
+
+# ttl-num-blocks, if non-zero, defines the maximum number of blocks a transaction
+# can exist for in the mempool.
+#
+# Note, if ttl-duration is also defined, a transaction will be removed if it
+# has existed in the mempool at least ttl-num-blocks number of blocks or if
+# it's insertion time into the mempool is beyond ttl-duration.
+ttl-num-blocks = {{ .Mempool.TTLNumBlocks }}
+
 #######################################################
 ###         State Sync Configuration Options        ###
 #######################################################
@@ -425,15 +444,22 @@ discovery-time = "{{ .StateSync.DiscoveryTime }}"
 # Will create a new, randomly named directory within, and remove it when done.
 temp-dir = "{{ .StateSync.TempDir }}"
 
+# The timeout duration before re-requesting a chunk, possibly from a different
+# peer (default: 15 seconds).
+chunk-request-timeout = "{{ .StateSync.ChunkRequestTimeout }}"
+
+# The number of concurrent chunk and block fetchers to run (default: 4).
+fetchers = "{{ .StateSync.Fetchers }}"
+
 #######################################################
-###       Fast Sync Configuration Connections       ###
+###       Block Sync Configuration Connections       ###
 #######################################################
 [fastsync]
 
-# Fast Sync version to use:
-#   1) "v0" (default) - the legacy fast sync implementation
-#   2) "v2" - complete redesign of v0, optimized for testability & readability
-version = "{{ .FastSync.Version }}"
+# Block Sync version to use:
+#   1) "v0" (default) - the legacy block sync implementation
+#   2) "v2" - DEPRECATED, please use v0
+version = "{{ .BlockSync.Version }}"
 
 #######################################################
 ###         Consensus Configuration Options         ###
@@ -523,11 +549,11 @@ namespace = "{{ .Instrumentation.Namespace }}"
 
 /****** these are for test settings ***********/
 
-func ResetTestRoot(testName string) *FileConfig {
+func ResetTestRoot(testName string) *Config {
 	return ResetTestRootWithChainID(testName, "")
 }
 
-func ResetTestRootWithChainID(testName string, chainID string) *FileConfig {
+func ResetTestRootWithChainID(testName string, chainID string) *Config {
 	// create a unique, concurrency-safe test directory under os.TempDir()
 	rootDir, err := ioutil.TempDir("", fmt.Sprintf("%s-%s_", chainID, testName))
 	if err != nil {
@@ -541,7 +567,7 @@ func ResetTestRootWithChainID(testName string, chainID string) *FileConfig {
 		panic(err)
 	}
 
-	conf := DefaultFileConfig()
+	conf := DefaultConfig()
 	genesisFilePath := filepath.Join(rootDir, conf.Genesis)
 	privKeyFilePath := filepath.Join(rootDir, conf.PrivValidator.Key)
 	privStateFilePath := filepath.Join(rootDir, conf.PrivValidator.State)
@@ -559,7 +585,7 @@ func ResetTestRootWithChainID(testName string, chainID string) *FileConfig {
 	mustWriteFile(privKeyFilePath, []byte(testPrivValidatorKey), 0644)
 	mustWriteFile(privStateFilePath, []byte(testPrivValidatorState), 0644)
 
-	config := TestFileConfig().SetRoot(rootDir)
+	config := TestConfig().SetRoot(rootDir)
 	return config
 }
 

config/toml_test.go

@@ -30,7 +30,7 @@ func TestEnsureRoot(t *testing.T) {
 	// create root dir
 	EnsureRoot(tmpDir)
 
-	WriteConfigFile(tmpDir, DefaultFileConfig())
+	WriteConfigFile(tmpDir, DefaultConfig())
 
 	// make sure config is set properly
 	data, err := ioutil.ReadFile(filepath.Join(tmpDir, defaultConfigFilePath))
@@ -62,7 +62,7 @@ func TestEnsureTestRoot(t *testing.T) {
 	}
 
 	// TODO: make sure the cfg returned and testconfig are the same!
-	baseConfig := DefaultBaseFileConfig()
+	baseConfig := DefaultBaseConfig()
 	pvConfig := DefaultPrivValidatorConfig()
 	ensureFiles(t, rootDir, defaultDataDir, baseConfig.Genesis, pvConfig.Key, pvConfig.State)
 }

crypto/batch/batch.go

@@ -20,3 +20,14 @@ func CreateBatchVerifier(pk crypto.PubKey) (crypto.BatchVerifier, bool) {
 	// case where the key does not support batch verification
 	return nil, false
 }
+
+// SupportsBatchVerifier checks if a key type implements the batch verifier
+// interface.
+func SupportsBatchVerifier(pk crypto.PubKey) bool {
+	switch pk.Type() {
+	case ed25519.KeyType, sr25519.KeyType:
+		return true
+	}
+
+	return false
+}

crypto/crypto.go

@@ -46,7 +46,9 @@ type Symmetric interface {
 type BatchVerifier interface {
 	// Add appends an entry into the BatchVerifier.
 	Add(key PubKey, message, signature []byte) error
-	// Verify verifies all the entries in the BatchVerifier.
-	// If the verification fails it is unknown which entry failed and each entry will need to be verified individually.
-	Verify() bool
+	// Verify verifies all the entries in the BatchVerifier, and returns
+	// if every signature in the batch is valid, and a vector of bools
+	// indicating the verification status of each signature (in the order
+	// that signatures were added to the batch).
+	Verify() (bool, []bool)
 }

crypto/ed25519/bench_test.go

@@ -28,22 +28,37 @@ func BenchmarkVerification(b *testing.B) {
 }
 
 func BenchmarkVerifyBatch(b *testing.B) {
+	msg := []byte("BatchVerifyTest")
+
 	for _, sigsCount := range []int{1, 8, 64, 1024} {
 		sigsCount := sigsCount
 		b.Run(fmt.Sprintf("sig-count-%d", sigsCount), func(b *testing.B) {
-			b.ReportAllocs()
-			v := NewBatchVerifier()
+			// Pre-generate all of the keys, and signatures, but do not
+			// benchmark key-generation and signing.
+			pubs := make([]crypto.PubKey, 0, sigsCount)
+			sigs := make([][]byte, 0, sigsCount)
 			for i := 0; i < sigsCount; i++ {
 				priv := GenPrivKey()
-				pub := priv.PubKey()
-				msg := []byte("BatchVerifyTest")
 				sig, _ := priv.Sign(msg)
-				err := v.Add(pub, msg, sig)
-				require.NoError(b, err)
+				pubs = append(pubs, priv.PubKey().(PubKey))
+				sigs = append(sigs, sig)
 			}
+			b.ResetTimer()
+
+			b.ReportAllocs()
 			// NOTE: dividing by n so that metrics are per-signature
 			for i := 0; i < b.N/sigsCount; i++ {
-				if !v.Verify() {
+				// The benchmark could just benchmark the Verify()
+				// routine, but there is non-trivial overhead associated
+				// with BatchVerifier.Add(), which should be included
+				// in the benchmark.
+				v := NewBatchVerifier()
+				for i := 0; i < sigsCount; i++ {
+					err := v.Add(pubs[i], msg, sigs[i])
+					require.NoError(b, err)
+				}
+
+				if ok, _ := v.Verify(); !ok {
 					b.Fatal("signature set failed batch verification")
 				}
 			}

crypto/ed25519/ed25519.go

@@ -2,13 +2,13 @@ package ed25519
 
 import (
 	"bytes"
-	"crypto/ed25519"
 	"crypto/subtle"
 	"errors"
 	"fmt"
 	"io"
 
-	"github.com/hdevalence/ed25519consensus"
+	"github.com/oasisprotocol/curve25519-voi/primitives/ed25519"
+	"github.com/oasisprotocol/curve25519-voi/primitives/ed25519/extra/cache"
 
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/tmhash"
@@ -17,7 +17,18 @@ import (
 
 //-------------------------------------
 
-var _ crypto.PrivKey = PrivKey{}
+var (
+	_ crypto.PrivKey = PrivKey{}
+
+	// curve25519-voi's Ed25519 implementation supports configurable
+	// verification behavior, and tendermint uses the ZIP-215 verification
+	// semantics.
+	verifyOptions = &ed25519.Options{
+		Verify: ed25519.VerifyOptionsZIP_215,
+	}
+
+	cachingVerifier = cache.NewVerifier(cache.NewLRUCache(cacheSize))
+)
 
 const (
 	PrivKeyName = "tendermint/PrivKeyEd25519"
@@ -34,6 +45,14 @@ const (
 	SeedSize = 32
 
 	KeyType = "ed25519"
+
+	// cacheSize is the number of public keys that will be cached in
+	// an expanded format for repeated signature verification.
+	//
+	// TODO/perf: Either this should exclude single verification, or be
+	// tuned to `> validatorSize + maxTxnsPerBlock` to avoid cache
+	// thrashing.
+	cacheSize = 4096
 )
 
 func init() {
@@ -107,14 +126,12 @@ func GenPrivKey() PrivKey {
 
 // genPrivKey generates a new ed25519 private key using the provided reader.
 func genPrivKey(rand io.Reader) PrivKey {
-	seed := make([]byte, SeedSize)
-
-	_, err := io.ReadFull(rand, seed)
+	_, priv, err := ed25519.GenerateKey(rand)
 	if err != nil {
 		panic(err)
 	}
 
-	return PrivKey(ed25519.NewKeyFromSeed(seed))
+	return PrivKey(priv)
 }
 
 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
@@ -153,7 +170,7 @@ func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool {
 		return false
 	}
 
-	return ed25519consensus.Verify(ed25519.PublicKey(pubKey), msg, sig)
+	return cachingVerifier.VerifyWithOptions(ed25519.PublicKey(pubKey), msg, sig, verifyOptions)
 }
 
 func (pubKey PubKey) String() string {
@@ -175,30 +192,36 @@ func (pubKey PubKey) Equals(other crypto.PubKey) bool {
 var _ crypto.BatchVerifier = &BatchVerifier{}
 
 // BatchVerifier implements batch verification for ed25519.
-// https://github.com/hdevalence/ed25519consensus is used for batch verification
 type BatchVerifier struct {
-	ed25519consensus.BatchVerifier
+	*ed25519.BatchVerifier
 }
 
 func NewBatchVerifier() crypto.BatchVerifier {
-	return &BatchVerifier{ed25519consensus.NewBatchVerifier()}
+	return &BatchVerifier{ed25519.NewBatchVerifier()}
 }
 
 func (b *BatchVerifier) Add(key crypto.PubKey, msg, signature []byte) error {
-	if l := len(key.Bytes()); l != PubKeySize {
+	pkEd, ok := key.(PubKey)
+	if !ok {
+		return fmt.Errorf("pubkey is not Ed25519")
+	}
+
+	pkBytes := pkEd.Bytes()
+
+	if l := len(pkBytes); l != PubKeySize {
 		return fmt.Errorf("pubkey size is incorrect; expected: %d, got %d", PubKeySize, l)
 	}
 
-	// check that the signature is the correct length & the last byte is set correctly
-	if len(signature) != SignatureSize || signature[63]&224 != 0 {
+	// check that the signature is the correct length
+	if len(signature) != SignatureSize {
 		return errors.New("invalid signature")
 	}
 
-	b.BatchVerifier.Add(ed25519.PublicKey(key.Bytes()), msg, signature)
+	cachingVerifier.AddWithOptions(b.BatchVerifier, ed25519.PublicKey(pkBytes), msg, signature, verifyOptions)
 
 	return nil
 }
 
-func (b *BatchVerifier) Verify() bool {
-	return b.BatchVerifier.Verify()
+func (b *BatchVerifier) Verify() (bool, []bool) {
+	return b.BatchVerifier.Verify(crypto.CReader())
 }

crypto/ed25519/ed25519_test.go

@@ -50,5 +50,6 @@ func TestBatchSafe(t *testing.T) {
 		require.NoError(t, err)
 	}
 
-	require.True(t, v.Verify())
+	ok, _ := v.Verify()
+	require.True(t, ok)
 }

crypto/merkle/proof.go

@@ -204,7 +204,10 @@ func (spn *ProofNode) FlattenAunts() [][]byte {
 		case spn.Right != nil:
 			innerHashes = append(innerHashes, spn.Right.Hash)
 		default:
-			break
+			// FIXME(fromberger): Per the documentation above, exactly one of
+			// these fields should be set. If that is true, this should probably
+			// be a panic since it violates the invariant. If not, when can it
+			// be OK to have no siblings? Does this occur at the leaves?
 		}
 		spn = spn.Parent
 	}

crypto/secp256k1/secp256k1.go

@@ -9,10 +9,11 @@ import (
 	"math/big"
 
 	secp256k1 "github.com/btcsuite/btcd/btcec"
-	"golang.org/x/crypto/ripemd160" // nolint: staticcheck // necessary for Bitcoin address format
-
 	"github.com/tendermint/tendermint/crypto"
 	tmjson "github.com/tendermint/tendermint/libs/json"
+
+	// necessary for Bitcoin address format
+	"golang.org/x/crypto/ripemd160" // nolint
 )
 
 //-------------------------------------

crypto/sr25519/batch.go

@@ -3,40 +3,44 @@ package sr25519
 import (
 	"fmt"
 
-	schnorrkel "github.com/ChainSafe/go-schnorrkel"
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
 
 	"github.com/tendermint/tendermint/crypto"
 )
 
-var _ crypto.BatchVerifier = BatchVerifier{}
+var _ crypto.BatchVerifier = &BatchVerifier{}
 
 // BatchVerifier implements batch verification for sr25519.
-// https://github.com/ChainSafe/go-schnorrkel is used for batch verification
 type BatchVerifier struct {
-	*schnorrkel.BatchVerifier
+	*sr25519.BatchVerifier
 }
 
 func NewBatchVerifier() crypto.BatchVerifier {
-	return BatchVerifier{schnorrkel.NewBatchVerifier()}
+	return &BatchVerifier{sr25519.NewBatchVerifier()}
 }
 
-func (b BatchVerifier) Add(key crypto.PubKey, msg, sig []byte) error {
-	var sig64 [SignatureSize]byte
-	copy(sig64[:], sig)
-	signature := new(schnorrkel.Signature)
-	err := signature.Decode(sig64)
-	if err != nil {
-		return fmt.Errorf("unable to decode signature: %w", err)
+func (b *BatchVerifier) Add(key crypto.PubKey, msg, signature []byte) error {
+	pk, ok := key.(PubKey)
+	if !ok {
+		return fmt.Errorf("sr25519: pubkey is not sr25519")
 	}
 
-	signingContext := schnorrkel.NewSigningContext([]byte{}, msg)
+	var srpk sr25519.PublicKey
+	if err := srpk.UnmarshalBinary(pk); err != nil {
+		return fmt.Errorf("sr25519: invalid public key: %w", err)
+	}
 
-	var pk [PubKeySize]byte
-	copy(pk[:], key.Bytes())
+	var sig sr25519.Signature
+	if err := sig.UnmarshalBinary(signature); err != nil {
+		return fmt.Errorf("sr25519: unable to decode signature: %w", err)
+	}
 
-	return b.BatchVerifier.Add(signingContext, signature, schnorrkel.NewPublicKey(pk))
+	st := signingCtx.NewTranscriptBytes(msg)
+	b.BatchVerifier.Add(&srpk, st, &sig)
+
+	return nil
 }
 
-func (b BatchVerifier) Verify() bool {
-	return b.BatchVerifier.Verify()
+func (b *BatchVerifier) Verify() (bool, []bool) {
+	return b.BatchVerifier.Verify(crypto.CReader())
 }

crypto/sr25519/bench_test.go

@@ -28,22 +28,37 @@ func BenchmarkVerification(b *testing.B) {
 }
 
 func BenchmarkVerifyBatch(b *testing.B) {
-	for _, n := range []int{1, 8, 64, 1024} {
-		n := n
-		b.Run(fmt.Sprintf("sig-count-%d", n), func(b *testing.B) {
-			b.ReportAllocs()
-			v := NewBatchVerifier()
-			for i := 0; i < n; i++ {
+	msg := []byte("BatchVerifyTest")
+
+	for _, sigsCount := range []int{1, 8, 64, 1024} {
+		sigsCount := sigsCount
+		b.Run(fmt.Sprintf("sig-count-%d", sigsCount), func(b *testing.B) {
+			// Pre-generate all of the keys, and signatures, but do not
+			// benchmark key-generation and signing.
+			pubs := make([]crypto.PubKey, 0, sigsCount)
+			sigs := make([][]byte, 0, sigsCount)
+			for i := 0; i < sigsCount; i++ {
 				priv := GenPrivKey()
-				pub := priv.PubKey()
-				msg := []byte("BatchVerifyTest")
 				sig, _ := priv.Sign(msg)
-				err := v.Add(pub, msg, sig)
-				require.NoError(b, err)
+				pubs = append(pubs, priv.PubKey().(PubKey))
+				sigs = append(sigs, sig)
 			}
+			b.ResetTimer()
+
+			b.ReportAllocs()
 			// NOTE: dividing by n so that metrics are per-signature
-			for i := 0; i < b.N/n; i++ {
-				if !v.Verify() {
+			for i := 0; i < b.N/sigsCount; i++ {
+				// The benchmark could just benchmark the Verify()
+				// routine, but there is non-trivial overhead associated
+				// with BatchVerifier.Add(), which should be included
+				// in the benchmark.
+				v := NewBatchVerifier()
+				for i := 0; i < sigsCount; i++ {
+					err := v.Add(pubs[i], msg, sigs[i])
+					require.NoError(b, err)
+				}
+
+				if ok, _ := v.Verify(); !ok {
 					b.Fatal("signature set failed batch verification")
 				}
 			}

crypto/sr25519/encoding.go

@@ -1,23 +1,13 @@
 package sr25519
 
-import (
-	"github.com/tendermint/tendermint/crypto"
-	tmjson "github.com/tendermint/tendermint/libs/json"
-)
-
-var _ crypto.PrivKey = PrivKey{}
+import tmjson "github.com/tendermint/tendermint/libs/json"
 
 const (
 	PrivKeyName = "tendermint/PrivKeySr25519"
 	PubKeyName  = "tendermint/PubKeySr25519"
-
-	// SignatureSize is the size of an Edwards25519 signature. Namely the size of a compressed
-	// Sr25519 point, and a field element. Both of which are 32 bytes.
-	SignatureSize = 64
 )
 
 func init() {
-
 	tmjson.RegisterType(PubKey{}, PubKeyName)
 	tmjson.RegisterType(PrivKey{}, PrivKeyName)
 }

crypto/sr25519/privkey.go

@@ -1,70 +1,84 @@
 package sr25519
 
 import (
-	"crypto/subtle"
+	"encoding/json"
 	"fmt"
 	"io"
 
-	"github.com/tendermint/tendermint/crypto"
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
 
-	schnorrkel "github.com/ChainSafe/go-schnorrkel"
+	"github.com/tendermint/tendermint/crypto"
 )
 
-// PrivKeySize is the number of bytes in an Sr25519 private key.
-const PrivKeySize = 32
+var (
+	_ crypto.PrivKey = PrivKey{}
 
-// PrivKeySr25519 implements crypto.PrivKey.
-type PrivKey []byte
+	signingCtx = sr25519.NewSigningContext([]byte{})
+)
 
-// Bytes returns the byte representation of the PrivKey.
+const (
+	// PrivKeySize is the size of a sr25519 signature in bytes.
+	PrivKeySize = sr25519.MiniSecretKeySize
+
+	KeyType = "sr25519"
+)
+
+// PrivKey implements crypto.PrivKey.
+type PrivKey struct {
+	msk sr25519.MiniSecretKey
+	kp  *sr25519.KeyPair
+}
+
+// Bytes returns the byte-encoded PrivKey.
 func (privKey PrivKey) Bytes() []byte {
-	return []byte(privKey)
+	if privKey.kp == nil {
+		return nil
+	}
+	return privKey.msk[:]
 }
 
 // Sign produces a signature on the provided message.
 func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
-	var p [PrivKeySize]byte
-	copy(p[:], privKey)
-	miniSecretKey, err := schnorrkel.NewMiniSecretKeyFromRaw(p)
-	if err != nil {
-		return []byte{}, err
-	}
-	secretKey := miniSecretKey.ExpandEd25519()
-
-	signingContext := schnorrkel.NewSigningContext([]byte{}, msg)
-
-	sig, err := secretKey.Sign(signingContext)
-	if err != nil {
-		return []byte{}, err
+	if privKey.kp == nil {
+		return nil, fmt.Errorf("sr25519: uninitialized private key")
 	}
 
-	sigBytes := sig.Encode()
-	return sigBytes[:], nil
+	st := signingCtx.NewTranscriptBytes(msg)
+
+	sig, err := privKey.kp.Sign(crypto.CReader(), st)
+	if err != nil {
+		return nil, fmt.Errorf("sr25519: failed to sign message: %w", err)
+	}
+
+	sigBytes, err := sig.MarshalBinary()
+	if err != nil {
+		return nil, fmt.Errorf("sr25519: failed to serialize signature: %w", err)
+	}
+
+	return sigBytes, nil
 }
 
 // PubKey gets the corresponding public key from the private key.
+//
+// Panics if the private key is not initialized.
 func (privKey PrivKey) PubKey() crypto.PubKey {
-	var p [PrivKeySize]byte
-	copy(p[:], privKey)
-	miniSecretKey, err := schnorrkel.NewMiniSecretKeyFromRaw(p)
-	if err != nil {
-		panic(fmt.Sprintf("Invalid private key: %v", err))
+	if privKey.kp == nil {
+		panic("sr25519: uninitialized private key")
 	}
-	secretKey := miniSecretKey.ExpandEd25519()
 
-	pubkey, err := secretKey.Public()
+	b, err := privKey.kp.PublicKey().MarshalBinary()
 	if err != nil {
-		panic(fmt.Sprintf("Could not generate public key: %v", err))
+		panic("sr25519: failed to serialize public key: " + err.Error())
 	}
-	key := pubkey.Encode()
-	return PubKey(key[:])
+
+	return PubKey(b)
 }
 
 // Equals - you probably don't need to use this.
 // Runs in constant time based on length of the keys.
 func (privKey PrivKey) Equals(other crypto.PrivKey) bool {
-	if otherEd, ok := other.(PrivKey); ok {
-		return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1
+	if otherSr, ok := other.(PrivKey); ok {
+		return privKey.msk.Equal(&otherSr.msk)
 	}
 	return false
 }
@@ -73,6 +87,44 @@ func (privKey PrivKey) Type() string {
 	return KeyType
 }
 
+func (privKey PrivKey) MarshalJSON() ([]byte, error) {
+	var b []byte
+
+	// Handle uninitialized private keys gracefully.
+	if privKey.kp != nil {
+		b = privKey.Bytes()
+	}
+
+	return json.Marshal(b)
+}
+
+func (privKey *PrivKey) UnmarshalJSON(data []byte) error {
+	for i := range privKey.msk {
+		privKey.msk[i] = 0
+	}
+	privKey.kp = nil
+
+	var b []byte
+	if err := json.Unmarshal(data, &b); err != nil {
+		return fmt.Errorf("sr25519: failed to deserialize JSON: %w", err)
+	}
+	if len(b) == 0 {
+		return nil
+	}
+
+	msk, err := sr25519.NewMiniSecretKeyFromBytes(b)
+	if err != nil {
+		return err
+	}
+
+	sk := msk.ExpandEd25519()
+
+	privKey.msk = *msk
+	privKey.kp = sk.KeyPair()
+
+	return nil
+}
+
 // GenPrivKey generates a new sr25519 private key.
 // It uses OS randomness in conjunction with the current global random seed
 // in tendermint/libs/common to generate the private key.
@@ -80,20 +132,18 @@ func GenPrivKey() PrivKey {
 	return genPrivKey(crypto.CReader())
 }
 
-// genPrivKey generates a new sr25519 private key using the provided reader.
-func genPrivKey(rand io.Reader) PrivKey {
-	var seed [64]byte
-
-	out := make([]byte, 64)
-	_, err := io.ReadFull(rand, out)
+func genPrivKey(rng io.Reader) PrivKey {
+	msk, err := sr25519.GenerateMiniSecretKey(rng)
 	if err != nil {
-		panic(err)
+		panic("sr25519: failed to generate MiniSecretKey: " + err.Error())
 	}
 
-	copy(seed[:], out)
+	sk := msk.ExpandEd25519()
 
-	key := schnorrkel.NewMiniSecretKey(seed).ExpandEd25519().Encode()
-	return key[:]
+	return PrivKey{
+		msk: *msk,
+		kp:  sk.KeyPair(),
+	}
 }
 
 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
@@ -102,9 +152,14 @@ func genPrivKey(rand io.Reader) PrivKey {
 // if it's derived from user input.
 func GenPrivKeyFromSecret(secret []byte) PrivKey {
 	seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
-	var bz [PrivKeySize]byte
-	copy(bz[:], seed)
-	privKey, _ := schnorrkel.NewMiniSecretKeyFromRaw(bz)
-	key := privKey.ExpandEd25519().Encode()
-	return key[:]
+
+	var privKey PrivKey
+	if err := privKey.msk.UnmarshalBinary(seed); err != nil {
+		panic("sr25519: failed to deserialize MiniSecretKey: " + err.Error())
+	}
+
+	sk := privKey.msk.ExpandEd25519()
+	privKey.kp = sk.KeyPair()
+
+	return privKey
 }

crypto/sr25519/pubkey.go

@@ -4,74 +4,65 @@ import (
 	"bytes"
 	"fmt"
 
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
+
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/tmhash"
-
-	schnorrkel "github.com/ChainSafe/go-schnorrkel"
 )
 
 var _ crypto.PubKey = PubKey{}
 
-// PubKeySize is the number of bytes in an Sr25519 public key.
 const (
-	PubKeySize = 32
-	KeyType    = "sr25519"
+	// PubKeySize is the size of a sr25519 public key in bytes.
+	PubKeySize = sr25519.PublicKeySize
+
+	// SignatureSize is the size of a sr25519 signature in bytes.
+	SignatureSize = sr25519.SignatureSize
 )
 
-// PubKeySr25519 implements crypto.PubKey for the Sr25519 signature scheme.
+// PubKey implements crypto.PubKey.
 type PubKey []byte
 
 // Address is the SHA256-20 of the raw pubkey bytes.
 func (pubKey PubKey) Address() crypto.Address {
-	return crypto.Address(tmhash.SumTruncated(pubKey[:]))
+	if len(pubKey) != PubKeySize {
+		panic("pubkey is incorrect size")
+	}
+	return crypto.Address(tmhash.SumTruncated(pubKey))
 }
 
-// Bytes returns the byte representation of the PubKey.
+// Bytes returns the PubKey byte format.
 func (pubKey PubKey) Bytes() []byte {
 	return []byte(pubKey)
 }
 
-func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool {
-	// make sure we use the same algorithm to sign
-	if len(sig) != SignatureSize {
-		return false
+func (pubKey PubKey) Equals(other crypto.PubKey) bool {
+	if otherSr, ok := other.(PubKey); ok {
+		return bytes.Equal(pubKey[:], otherSr[:])
 	}
-	var sig64 [SignatureSize]byte
-	copy(sig64[:], sig)
 
-	publicKey := &(schnorrkel.PublicKey{})
-	var p [PubKeySize]byte
-	copy(p[:], pubKey)
-	err := publicKey.Decode(p)
-	if err != nil {
+	return false
+}
+
+func (pubKey PubKey) VerifySignature(msg []byte, sigBytes []byte) bool {
+	var srpk sr25519.PublicKey
+	if err := srpk.UnmarshalBinary(pubKey); err != nil {
 		return false
 	}
 
-	signingContext := schnorrkel.NewSigningContext([]byte{}, msg)
-
-	signature := &(schnorrkel.Signature{})
-	err = signature.Decode(sig64)
-	if err != nil {
+	var sig sr25519.Signature
+	if err := sig.UnmarshalBinary(sigBytes); err != nil {
 		return false
 	}
 
-	return publicKey.Verify(signature, signingContext)
+	st := signingCtx.NewTranscriptBytes(msg)
+	return srpk.Verify(st, &sig)
+}
+
+func (pubKey PubKey) Type() string {
+	return KeyType
 }
 
 func (pubKey PubKey) String() string {
 	return fmt.Sprintf("PubKeySr25519{%X}", []byte(pubKey))
 }
-
-// Equals - checks that two public keys are the same time
-// Runs in constant time based on length of the keys.
-func (pubKey PubKey) Equals(other crypto.PubKey) bool {
-	if otherEd, ok := other.(PubKey); ok {
-		return bytes.Equal(pubKey[:], otherEd[:])
-	}
-	return false
-}
-
-func (pubKey PubKey) Type() string {
-	return KeyType
-
-}

crypto/sr25519/sr25519_test.go

@@ -1,6 +1,8 @@
 package sr25519_test
 
 import (
+	"encoding/base64"
+	"encoding/json"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -11,7 +13,6 @@ import (
 )
 
 func TestSignAndValidateSr25519(t *testing.T) {
-
 	privKey := sr25519.GenPrivKey()
 	pubKey := privKey.PubKey()
 
@@ -32,6 +33,7 @@ func TestSignAndValidateSr25519(t *testing.T) {
 
 func TestBatchSafe(t *testing.T) {
 	v := sr25519.NewBatchVerifier()
+	vFail := sr25519.NewBatchVerifier()
 	for i := 0; i <= 38; i++ {
 		priv := sr25519.GenPrivKey()
 		pub := priv.PubKey()
@@ -48,9 +50,49 @@ func TestBatchSafe(t *testing.T) {
 
 		err = v.Add(pub, msg, sig)
 		require.NoError(t, err)
+
+		switch i % 2 {
+		case 0:
+			err = vFail.Add(pub, msg, sig)
+		case 1:
+			msg[2] ^= byte(0x01)
+			err = vFail.Add(pub, msg, sig)
+		}
+		require.NoError(t, err)
 	}
 
-	if !v.Verify() {
-		t.Error("failed batch verification")
+	ok, valid := v.Verify()
+	require.True(t, ok, "failed batch verification")
+	for i, ok := range valid {
+		require.Truef(t, ok, "sig[%d] should be marked valid", i)
+	}
+
+	ok, valid = vFail.Verify()
+	require.False(t, ok, "succeeded batch verification (invalid batch)")
+	for i, ok := range valid {
+		expected := (i % 2) == 0
+		require.Equalf(t, expected, ok, "sig[%d] should be %v", i, expected)
 	}
 }
+
+func TestJSON(t *testing.T) {
+	privKey := sr25519.GenPrivKey()
+
+	t.Run("PrivKey", func(t *testing.T) {
+		b, err := json.Marshal(privKey)
+		require.NoError(t, err)
+
+		// b should be the base64 encoded MiniSecretKey, enclosed by doublequotes.
+		b64 := base64.StdEncoding.EncodeToString(privKey.Bytes())
+		b64 = "\"" + b64 + "\""
+		require.Equal(t, []byte(b64), b)
+
+		var privKey2 sr25519.PrivKey
+		err = json.Unmarshal(b, &privKey2)
+		require.NoError(t, err)
+		require.Len(t, privKey2.Bytes(), sr25519.PrivKeySize)
+		require.EqualValues(t, privKey.Bytes(), privKey2.Bytes())
+	})
+
+	// PubKeys are just []byte, so there is no special handling.
+}

docs/app-dev/abci-cli.md

@@ -31,7 +31,6 @@ Available Commands:
   check_tx    Validate a tx
   commit      Commit the application state and return the Merkle root hash
   console     Start an interactive abci console for multiple commands
-  counter     ABCI demo example
   deliver_tx  Deliver a new tx to the application
   kvstore     ABCI demo example
   echo        Have the application echo a message
@@ -214,137 +213,9 @@ we do `deliver_tx "abc=efg"` it will store `(abc, efg)`.
 Similarly, you could put the commands in a file and run
 `abci-cli --verbose batch < myfile`.
 
-## Counter - Another Example
-
-Now that we've got the hang of it, let's try another application, the
-"counter" app.
-
-Like the kvstore app, its code can be found
-[here](https://github.com/tendermint/tendermint/blob/master/abci/cmd/abci-cli/abci-cli.go)
-and looks like:
-
-```go
-func cmdCounter(cmd *cobra.Command, args []string) error {
-
-    app := counter.NewCounterApplication(flagSerial)
-
-    logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
-
-    // Start the listener
-    srv, err := server.NewServer(flagAddrC, flagAbci, app)
-    if err != nil {
-        return err
-    }
-    srv.SetLogger(logger.With("module", "abci-server"))
-    if err := srv.Start(); err != nil {
-        return err
-    }
-
-    // Stop upon receiving SIGTERM or CTRL-C.
-    tmos.TrapSignal(logger, func() {
-        // Cleanup
-        srv.Stop()
-    })
-
-    // Run forever.
-    select {}
-}
-```
-
-The counter app doesn't use a Merkle tree, it just counts how many times
-we've sent a transaction, asked for a hash, or committed the state. The
-result of `commit` is just the number of transactions sent.
-
-This application has two modes: `serial=off` and `serial=on`.
-
-When `serial=on`, transactions must be a big-endian encoded incrementing
-integer, starting at 0.
-
-If `serial=off`, there are no restrictions on transactions.
-
-We can toggle the value of `serial` using the `set_option` ABCI message.
-
-When `serial=on`, some transactions are invalid. In a live blockchain,
-transactions collect in memory before they are committed into blocks. To
-avoid wasting resources on invalid transactions, ABCI provides the
-`check_tx` message, which application developers can use to accept or
-reject transactions, before they are stored in memory or gossipped to
-other peers.
-
-In this instance of the counter app, `check_tx` only allows transactions
-whose integer is greater than the last committed one.
-
-Let's kill the console and the kvstore application, and start the
-counter app:
-
-```sh
-abci-cli counter
-```
-
-In another window, start the `abci-cli console`:
-
-```sh
-
-> check_tx 0x00
--> code: OK
-
-> check_tx 0xff
--> code: OK
-
-> deliver_tx 0x00
--> code: OK
-
-> check_tx 0x00
--> code: BadNonce
--> log: Invalid nonce. Expected >= 1, got 0
-
-> deliver_tx 0x01
--> code: OK
-
-> deliver_tx 0x04
--> code: BadNonce
--> log: Invalid nonce. Expected 2, got 4
-
-> info
--> code: OK
--> data: {"hashes":0,"txs":2}
--> data.hex: 0x7B22686173686573223A302C22747873223A327D
-```
-
-This is a very simple application, but between `counter` and `kvstore`,
-its easy to see how you can build out arbitrary application states on
-top of the ABCI. [Hyperledger's
-Burrow](https://github.com/hyperledger/burrow) also runs atop ABCI,
-bringing with it Ethereum-like accounts, the Ethereum virtual-machine,
-Monax's permissioning scheme, and native contracts extensions.
-
-But the ultimate flexibility comes from being able to write the
-application easily in any language.
-
-We have implemented the counter in a number of languages [see the
-example directory](https://github.com/tendermint/tendermint/tree/master/abci/example).
-
-To run the Node.js version, fist download & install [the Javascript ABCI server](https://github.com/tendermint/js-abci):
-
-```sh
-git clone https://github.com/tendermint/js-abci.git
-cd js-abci
-npm install abci
-```
-
-Now you can start the app:
-
-```sh
-node example/counter.js
-```
-
-(you'll have to kill the other counter application process). In another
-window, run the console and those previous ABCI commands. You should get
-the same results as for the Go version.
-
 ## Bounties
 
-Want to write the counter app in your favorite language?! We'd be happy
+Want to write an app in your favorite language?! We'd be happy
 to add you to our [ecosystem](https://github.com/tendermint/awesome#ecosystem)!
 See [funding](https://github.com/interchainio/funding) opportunities from the
 [Interchain Foundation](https://interchain.io/) for implementations in new languages and more.

docs/app-dev/getting-started.md

@@ -37,8 +37,8 @@ cd $GOPATH/src/github.com/tendermint/tendermint
 make install_abci
 ```
 
-Now you should have the `abci-cli` installed; you'll see a couple of
-commands (`counter` and `kvstore`) that are example applications written
+Now you should have the `abci-cli` installed; you'll notice the `kvstore`
+command, an example application written
 in Go. See below for an application written in JavaScript.
 
 Now, let's run some apps!
@@ -165,92 +165,6 @@ curl -s 'localhost:26657/abci_query?data="name"'
 Try some other transactions and queries to make sure everything is
 working!
 
-## Counter - Another Example
-
-Now that we've got the hang of it, let's try another application, the
-`counter` app.
-
-The counter app doesn't use a Merkle tree, it just counts how many times
-we've sent a transaction, or committed the state.
-
-This application has two modes: `serial=off` and `serial=on`.
-
-When `serial=on`, transactions must be a big-endian encoded incrementing
-integer, starting at 0.
-
-If `serial=off`, there are no restrictions on transactions.
-
-In a live blockchain, transactions collect in memory before they are
-committed into blocks. To avoid wasting resources on invalid
-transactions, ABCI provides the `CheckTx` message, which application
-developers can use to accept or reject transactions, before they are
-stored in memory or gossipped to other peers.
-
-In this instance of the counter app, with `serial=on`, `CheckTx` only
-allows transactions whose integer is greater than the last committed
-one.
-
-Let's kill the previous instance of `tendermint` and the `kvstore`
-application, and start the counter app. We can enable `serial=on` with a
-flag:
-
-```sh
-abci-cli counter --serial
-```
-
-In another window, reset then start Tendermint:
-
-```sh
-tendermint unsafe_reset_all
-tendermint start
-```
-
-Once again, you can see the blocks streaming by. Let's send some
-transactions. Since we have set `serial=on`, the first transaction must
-be the number `0`:
-
-```sh
-curl localhost:26657/broadcast_tx_commit?tx=0x00
-```
-
-Note the empty (hence successful) response. The next transaction must be
-the number `1`. If instead, we try to send a `5`, we get an error:
-
-```json
-> curl localhost:26657/broadcast_tx_commit?tx=0x05
-{
-  "jsonrpc": "2.0",
-  "id": "",
-  "result": {
-    "check_tx": {},
-    "deliver_tx": {
-      "code": 2,
-      "log": "Invalid nonce. Expected 1, got 5"
-    },
-    "hash": "33B93DFF98749B0D6996A70F64071347060DC19C",
-    "height": 34
-  }
-}
-```
-
-But if we send a `1`, it works again:
-
-```json
-> curl localhost:26657/broadcast_tx_commit?tx=0x01
-{
-  "jsonrpc": "2.0",
-  "id": "",
-  "result": {
-    "check_tx": {},
-    "deliver_tx": {},
-    "hash": "F17854A977F6FA7EEA1BD758E296710B86F72F3D",
-    "height": 60
-  }
-}
-```
-
-For more details on the `broadcast_tx` API, see [the guide on using
-Tendermint](../tendermint-core/using-tendermint.md).
 
 ## CounterJS - Example in Another Language
 

docs/app-dev/indexing-transactions.md

@@ -31,24 +31,61 @@ For example:
 
 would be equal to the composite key of `jack.account.number`.
 
-Let's take a look at the `[tx_index]` config section:
+By default, Tendermint will index all transactions by their respective hashes
+and height and blocks by their height.
+
+## Configuration
+
+Operators can configure indexing via the `[tx_index]` section. The `indexer`
+field takes a series of supported indexers. If `null` is included, indexing will
+be turned off regardless of other values provided.
 
 ```toml
-##### transactions indexer configuration options #####
-[tx_index]
+[tx-index]
 
-# What indexer to use for transactions
+# The backend database list to back the indexer.
+# If list contains null, meaning no indexer service will be used.
+#
+# The application will set which txs to index. In some cases a node operator will be able
+# to decide which txs to index based on configuration set in the application.
 #
 # Options:
 #   1) "null"
 #   2) "kv" (default) - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend).
-indexer = "kv"
+#     - When "kv" is chosen "tx.height" and "tx.hash" will always be indexed.
+#   3) "psql" - the indexer services backed by PostgreSQL.
+# indexer = []
 ```
 
-By default, Tendermint will index all transactions by their respective hashes
-and height and blocks by their height.
+### Supported Indexers
 
-You can turn off indexing completely by setting `tx_index` to `null`.
+#### KV
+
+The `kv` indexer type is an embedded key-value store supported by the main
+underling Tendermint database. Using the `kv` indexer type allows you to query
+for block and transaction events directly against Tendermint's RPC. However, the
+query syntax is limited and so this indexer type might be deprecated or removed
+entirely in the future.
+
+#### PostgreSQL
+
+The `psql` indexer type allows an operator to enable block and transaction event
+indexing by proxying it to an external PostgreSQL instance allowing for the events
+to be stored in relational models. Since the events are stored in a RDBMS, operators
+can leverage SQL to perform a series of rich and complex queries that are not
+supported by the `kv` indexer type. Since operators can leverage SQL directly,
+searching is not enabled for the `psql` indexer type via Tendermint's RPC -- any
+such query will fail.
+
+Note, the SQL schema is stored in `state/indexer/sink/psql/schema.sql` and operators
+must explicitly create the relations prior to starting Tendermint and enabling
+the `psql` indexer type.
+
+Example:
+
+```shell
+$ psql ... -f state/indexer/sink/psql/schema.sql
+```
 
 ## Default Indexes
 

docs/architecture/README.md

@@ -61,7 +61,7 @@ Note the context/background should be written in the present tense.
 - [ADR-053: State-Sync-Prototype](./adr-053-state-sync-prototype.md)
 - [ADR-054: Crypto-Encoding-2](./adr-054-crypto-encoding-2.md)
 - [ADR-055: Protobuf-Design](./adr-055-protobuf-design.md)
-- [ADR-056: Light-Client-Amnesia-Attacks](./adr-056-light-client-amnesia-attacks)
+- [ADR-056: Light-Client-Amnesia-Attacks](./adr-056-light-client-amnesia-attacks.md)
 - [ADR-059: Evidence-Composition-and-Lifecycle](./adr-059-evidence-composition-and-lifecycle.md)
 - [ADR-062: P2P-Architecture](./adr-062-p2p-architecture.md)
 - [ADR-063: Privval-gRPC](./adr-063-privval-grpc.md)
@@ -97,3 +97,6 @@ Note the context/background should be written in the present tense.
 - [ADR-041: Proposer-Selection-via-ABCI](./adr-041-proposer-selection-via-abci.md)
 - [ADR-045: ABCI-Evidence](./adr-045-abci-evidence.md)
 - [ADR-057: RPC](./adr-057-RPC.md)
+- [ADR-069: Node Initialization](./adr-069-flexible-node-initialization.md)
+- [ADR-071: Proposer-Based Timestamps](adr-071-proposer-based-timestamps.md)
+- [ADR-072: Restore Requests for Comments](./adr-072-request-for-comments.md)

docs/architecture/adr-042-state-sync.md

@@ -97,8 +97,7 @@ design for tendermint was originally tracked in
 [#828](https://github.com/tendermint/tendermint/issues/828).
 
 #### Eager StateSync
-Warp Sync as implemented in Parity
-["Warp Sync"](https://wiki.parity.io/Warp-Sync-Snapshot-Format.html) to rapidly
+Warp Sync as implemented in OpenEthereum to rapidly
 download both blocks and state snapshots from peers. Data is carved into ~4MB
 chunks and snappy compressed. Hashes of snappy compressed chunks are stored in a
 manifest file which co-ordinates the state-sync. Obtaining a correct manifest
@@ -234,5 +233,3 @@ Proposed
 [WIP General/Lazy State-Sync pseudo-spec](https://github.com/tendermint/tendermint/issues/3639) - Jae Proposal
 [Warp Sync Implementation](https://github.com/tendermint/tendermint/pull/3594) - ackratos
 [Chunk Proposal](https://github.com/tendermint/tendermint/pull/3799) - Bucky proposed
-
-

docs/architecture/adr-044-lite-client-with-weak-subjectivity.md

@@ -119,7 +119,7 @@ network usage.
 ---
 
 Check out the formal specification
-[here](https://docs.tendermint.com/master/spec/consensus/light-client.html).
+[here](https://github.com/tendermint/spec/tree/master/spec/light-client).
 
 ## Status
 

docs/architecture/adr-045-abci-evidence.md

@@ -18,7 +18,7 @@ graceful here, but that's for another day.
 
 It's possible to fool lite clients without there being a fork on the
 main chain - so called Fork-Lite. See the
-[fork accountability](https://docs.tendermint.com/master/spec/consensus/fork-accountability.html)
+[fork accountability](https://docs.tendermint.com/master/spec/light-client/accountability/)
 document for more details. For a sequential lite client, this can happen via
 equivocation or amnesia attacks. For a skipping lite client this can also happen
 via lunatic validator attacks. There must be some way for applications to punish

docs/architecture/adr-047-handling-evidence-from-light-client.md

@@ -179,7 +179,7 @@ This then ends the process and the verify function that was called at the start
 the user.
 
 For a detailed overview of how each of these three attacks can be conducted please refer to the
-[fork accountability spec]((https://github.com/tendermint/spec/blob/master/spec/consensus/light-client/accountability.md)).
+[fork accountability spec](https://github.com/tendermint/spec/blob/master/spec/consensus/light-client/accountability.md).
 
 ## Full Node Verification
 

docs/architecture/adr-059-evidence-composition-and-lifecycle.md

@@ -4,7 +4,8 @@
 
 - 04/09/2020: Initial Draft (Unabridged)
 - 07/09/2020: First Version
-- 13.03.21: Ammendment to accomodate forward lunatic attack
+- 13/03/2021: Ammendment to accomodate forward lunatic attack
+- 29/06/2021: Add information about ABCI specific fields
 
 ## Scope
 
@@ -111,6 +112,11 @@ We have two concrete types of evidence that fulfil this interface
 type LightClientAttackEvidence struct {
   ConflictingBlock *LightBlock
   CommonHeight int64 // the last height at which the primary provider and witness provider had the same header
+
+  // abci specific information
+	ByzantineValidators []*Validator // validators in the validator set that misbehaved in creating the conflicting block
+	TotalVotingPower    int64        // total voting power of the validator set at the common height
+	Timestamp           time.Time    // timestamp of the block at the common height
 }
 ```
 where the `Hash()` is the hash of the header and commonHeight.
@@ -121,6 +127,11 @@ Note: It was also discussed whether to include the commit hash which captures th
 type DuplicateVoteEvidence {
   VoteA *Vote
   VoteB *Vote
+
+  // abci specific information
+	TotalVotingPower int64
+	ValidatorPower   int64
+	Timestamp        time.Time
 }
 ```
 where the `Hash()` is the hash of the two votes
@@ -174,19 +185,11 @@ For `LightClientAttack`
 
 - Lastly, for each validator, check the look up table to make sure there already isn't evidence against this validator
 
-After verification we persist the evidence with the key `height/hash` to the pending evidence database in the evidence pool with the following format:
+After verification we persist the evidence with the key `height/hash` to the pending evidence database in the evidence pool.
 
-```go
-type EvidenceInfo struct {
-  ev Evidence
-  time time.Time
-  validators []Validator
-  totalVotingPower int64
-}
-```
-
-`time`, `validators` and `totalVotingPower` are need to form the `abci.Evidence` that we send to the application layer. More in this to come later.
+#### ABCI Evidence
 
+Both evidence structures contain data (such as timestamp) that are necessary to be passed to the application but do not strictly constitute evidence of misbehaviour. As such, these fields are verified last. If any of these fields are invalid to a node i.e. they don't correspond with their state, nodes will reconstruct a new evidence struct from the existing fields and repopulate the abci specific fields with their own state data.
 
 #### Broadcasting and receiving evidence
 

docs/architecture/adr-060-go-api-stability.md

@@ -59,7 +59,7 @@ When preparing our public API for 1.0, we should keep these principles in mind:
 The following is the minimum set of public APIs that will be included in 1.0, in some form:
 
 - `abci`
-- `node` and related packages (e.g. possibly `config`, `libs/log`, and `version`)
+- packages used for constructing nodes `config`, `libs/log`, and `version`
 - Client APIs, i.e. `rpc/client`, `light`, and `privval`.
 - `crypto` (possibly as a separate repo)
 
@@ -91,9 +91,9 @@ For comparison, the following are the number of Tendermint imports in the Cosmos
       4 github.com/tendermint/tendermint/libs/rand
       1 github.com/tendermint/tendermint/libs/strings
       5 github.com/tendermint/tendermint/light
-      1 github.com/tendermint/tendermint/mempool
+      1 github.com/tendermint/tendermint/internal/mempool
       3 github.com/tendermint/tendermint/node
-      5 github.com/tendermint/tendermint/p2p
+      5 github.com/tendermint/tendermint/internal/p2p
       4 github.com/tendermint/tendermint/privval
      10 github.com/tendermint/tendermint/proto/tendermint/crypto
       1 github.com/tendermint/tendermint/proto/tendermint/libs/bits

docs/architecture/adr-065-custom-event-indexing.md

@@ -24,6 +24,7 @@
 - April 1, 2021: Initial Draft (@alexanderbez)
 - April 28, 2021: Specify search capabilities are only supported through the KV indexer (@marbar3778)
 - May 19, 2021: Update the SQL schema and the eventsink interface (@jayt106)
+- Aug 30, 2021: Update the SQL schema and the psql implementation (@creachadair)
 
 ## Status
 
@@ -145,163 +146,190 @@ The postgres eventsink will not support `tx_search`, `block_search`, `GetTxByHas
 ```sql
 -- Table Definition ----------------------------------------------
 
-CREATE TYPE block_event_type AS ENUM ('begin_block', 'end_block', '');
+-- The blocks table records metadata about each block.
+-- The block record does not include its events or transactions (see tx_results).
+CREATE TABLE blocks (
+  rowid      BIGSERIAL PRIMARY KEY,
 
-CREATE TABLE block_events (
-    id SERIAL PRIMARY KEY,
-    key VARCHAR NOT NULL,
-    value VARCHAR NOT NULL,
-    height INTEGER NOT NULL,
-    type block_event_type,
-    created_at TIMESTAMPTZ NOT NULL,
-    chain_id VARCHAR NOT NULL
+  height     BIGINT NOT NULL,
+  chain_id   VARCHAR NOT NULL,
+
+  -- When this block header was logged into the sink, in UTC.
+  created_at TIMESTAMPTZ NOT NULL,
+
+  UNIQUE (height, chain_id)
 );
 
+-- Index blocks by height and chain, since we need to resolve block IDs when
+-- indexing transaction records and transaction events.
+CREATE INDEX idx_blocks_height_chain ON blocks(height, chain_id);
+
+-- The tx_results table records metadata about transaction results.  Note that
+-- the events from a transaction are stored separately.
 CREATE TABLE tx_results (
-    id SERIAL PRIMARY KEY,
-    tx_result BYTEA NOT NULL,
-    created_at TIMESTAMPTZ NOT NULL
+  rowid BIGSERIAL PRIMARY KEY,
+
+  -- The block to which this transaction belongs.
+  block_id BIGINT NOT NULL REFERENCES blocks(rowid),
+  -- The sequential index of the transaction within the block.
+  index INTEGER NOT NULL,
+  -- When this result record was logged into the sink, in UTC.
+  created_at TIMESTAMPTZ NOT NULL,
+  -- The hex-encoded hash of the transaction.
+  tx_hash VARCHAR NOT NULL,
+  -- The protobuf wire encoding of the TxResult message.
+  tx_result BYTEA NOT NULL,
+
+  UNIQUE (block_id, index)
 );
 
-CREATE TABLE tx_events (
-    id SERIAL PRIMARY KEY,
-    key VARCHAR NOT NULL,
-    value VARCHAR NOT NULL,
-    height INTEGER NOT NULL,
-    hash VARCHAR NOT NULL,
-    tx_result_id SERIAL,
-    created_at TIMESTAMPTZ NOT NULL,
-    chain_id VARCHAR NOT NULL,
-    FOREIGN KEY (tx_result_id)
-        REFERENCES tx_results(id)
-        ON DELETE CASCADE
+-- The events table records events. All events (both block and transaction) are
+-- associated with a block ID; transaction events also have a transaction ID.
+CREATE TABLE events (
+  rowid BIGSERIAL PRIMARY KEY,
+
+  -- The block and transaction this event belongs to.
+  -- If tx_id is NULL, this is a block event.
+  block_id BIGINT NOT NULL REFERENCES blocks(rowid),
+  tx_id    BIGINT NULL REFERENCES tx_results(rowid),
+
+  -- The application-defined type label for the event.
+  type VARCHAR NOT NULL
 );
 
--- Indices -------------------------------------------------------
+-- The attributes table records event attributes.
+CREATE TABLE attributes (
+   event_id      BIGINT NOT NULL REFERENCES events(rowid),
+   key           VARCHAR NOT NULL, -- bare key
+   composite_key VARCHAR NOT NULL, -- composed type.key
+   value         VARCHAR NULL,
 
-CREATE INDEX idx_block_events_key_value ON block_events(key, value);
-CREATE INDEX idx_tx_events_key_value ON tx_events(key, value);
-CREATE INDEX idx_tx_events_hash ON tx_events(hash);
+   UNIQUE (event_id, key)
+);
+
+-- A joined view of events and their attributes. Events that do not have any
+-- attributes are represented as a single row with empty key and value fields.
+CREATE VIEW event_attributes AS
+  SELECT block_id, tx_id, type, key, composite_key, value
+  FROM events LEFT JOIN attributes ON (events.rowid = attributes.event_id);
+
+-- A joined view of all block events (those having tx_id NULL).
+CREATE VIEW block_events AS
+  SELECT blocks.rowid as block_id, height, chain_id, type, key, composite_key, value
+  FROM blocks JOIN event_attributes ON (blocks.rowid = event_attributes.block_id)
+  WHERE event_attributes.tx_id IS NULL;
+
+-- A joined view of all transaction events.
+CREATE VIEW tx_events AS
+  SELECT height, index, chain_id, type, key, composite_key, value, tx_results.created_at
+  FROM blocks JOIN tx_results ON (blocks.rowid = tx_results.block_id)
+  JOIN event_attributes ON (tx_results.rowid = event_attributes.tx_id)
+  WHERE event_attributes.tx_id IS NOT NULL;
 ```
 
 The `PSQLEventSink` will implement the `EventSink` interface as follows
 (some details omitted for brevity):
 
-
 ```go
-func NewPSQLEventSink(connStr string, chainID string) (*PSQLEventSink, error) {
-  db, err := sql.Open("postgres", connStr)
-  if err != nil {
-    return nil, err
-  }
+func NewEventSink(connStr, chainID string) (*EventSink, error) {
+	db, err := sql.Open(driverName, connStr)
+	// ...
 
-  // ...
+	return &EventSink{
+		store:   db,
+		chainID: chainID,
+	}, nil
 }
 
-func (es *PSQLEventSink) IndexBlockEvents(h types.EventDataNewBlockHeader) error {
-  sqlStmt := sq.Insert("block_events").Columns("key", "value", "height", "type", "created_at", "chain_id")
+func (es *EventSink) IndexBlockEvents(h types.EventDataNewBlockHeader) error {
+	ts := time.Now().UTC()
 
-  // index the reserved block height index
-  ts := time.Now()
-  sqlStmt = sqlStmt.Values(types.BlockHeightKey, h.Header.Height, h.Header.Height, "", ts, es.chainID)
+	return runInTransaction(es.store, func(tx *sql.Tx) error {
+		// Add the block to the blocks table and report back its row ID for use
+		// in indexing the events for the block.
+		blockID, err := queryWithID(tx, `
+INSERT INTO blocks (height, chain_id, created_at)
+  VALUES ($1, $2, $3)
+  ON CONFLICT DO NOTHING
+  RETURNING rowid;
+`, h.Header.Height, es.chainID, ts)
+		// ...
 
-  for _, event := range h.ResultBeginBlock.Events {
-    // only index events with a non-empty type
-    if len(event.Type) == 0 {
-      continue
-    }
-
-    for _, attr := range event.Attributes {
-      if len(attr.Key) == 0 {
-        continue
-      }
-
-      // index iff the event specified index:true and it's not a reserved event
-      compositeKey := fmt.Sprintf("%s.%s", event.Type, string(attr.Key))
-      if compositeKey == types.BlockHeightKey {
-        return fmt.Errorf("event type and attribute key \"%s\" is reserved; please use a different key", compositeKey)
-      }
-
-      if attr.GetIndex() {
-        sqlStmt = sqlStmt.Values(compositeKey, string(attr.Value), h.Header.Height, BlockEventTypeBeginBlock, ts, es.chainID)
-      }
-    }
-  }
-
-  // index end_block events...
-  // execute sqlStmt db query...
+		// Insert the special block meta-event for height.
+		if err := insertEvents(tx, blockID, 0, []abci.Event{
+			makeIndexedEvent(types.BlockHeightKey, fmt.Sprint(h.Header.Height)),
+		}); err != nil {
+			return fmt.Errorf("block meta-events: %w", err)
+		}
+		// Insert all the block events. Order is important here,
+		if err := insertEvents(tx, blockID, 0, h.ResultBeginBlock.Events); err != nil {
+			return fmt.Errorf("begin-block events: %w", err)
+		}
+		if err := insertEvents(tx, blockID, 0, h.ResultEndBlock.Events); err != nil {
+			return fmt.Errorf("end-block events: %w", err)
+		}
+		return nil
+	})
 }
 
-func (es *PSQLEventSink) IndexTxEvents(txr []*abci.TxResult) error {
-  sqlStmtEvents := sq.Insert("tx_events").Columns("key", "value", "height", "hash", "tx_result_id", "created_at", "chain_id")
-  sqlStmtTxResult := sq.Insert("tx_results").Columns("tx_result", "created_at")
+func (es *EventSink) IndexTxEvents(txrs []*abci.TxResult) error {
+	ts := time.Now().UTC()
 
-  ts := time.Now()
-  for _, tx := range txr {
-    // store the tx result
-    txBz, err := proto.Marshal(tx)
-    if err != nil {
-      return err
-    }
+	for _, txr := range txrs {
+		// Encode the result message in protobuf wire format for indexing.
+		resultData, err := proto.Marshal(txr)
+		// ...
 
-    sqlStmtTxResult = sqlStmtTxResult.Values(txBz, ts)
+		// Index the hash of the underlying transaction as a hex string.
+		txHash := fmt.Sprintf("%X", types.Tx(txr.Tx).Hash())
 
-    // execute sqlStmtTxResult db query...
-    var txID uint32
-    err = sqlStmtTxResult.QueryRow().Scan(&txID)
-		if err != nil {
+		if err := runInTransaction(es.store, func(tx *sql.Tx) error {
+			// Find the block associated with this transaction.
+			blockID, err := queryWithID(tx, `
+SELECT rowid FROM blocks WHERE height = $1 AND chain_id = $2;
+`, txr.Height, es.chainID)
+			// ...
+
+			// Insert a record for this tx_result and capture its ID for indexing events.
+			txID, err := queryWithID(tx, `
+INSERT INTO tx_results (block_id, index, created_at, tx_hash, tx_result)
+  VALUES ($1, $2, $3, $4, $5)
+  ON CONFLICT DO NOTHING
+  RETURNING rowid;
+`, blockID, txr.Index, ts, txHash, resultData)
+			// ...
+
+			// Insert the special transaction meta-events for hash and height.
+			if err := insertEvents(tx, blockID, txID, []abci.Event{
+				makeIndexedEvent(types.TxHashKey, txHash),
+				makeIndexedEvent(types.TxHeightKey, fmt.Sprint(txr.Height)),
+			}); err != nil {
+				return fmt.Errorf("indexing transaction meta-events: %w", err)
+			}
+			// Index any events packaged with the transaction.
+			if err := insertEvents(tx, blockID, txID, txr.Result.Events); err != nil {
+				return fmt.Errorf("indexing transaction events: %w", err)
+			}
+			return nil
+
+		}); err != nil {
 			return err
 		}
-
-    // index the reserved height and hash indices
-    hash := types.Tx(tx.Tx).Hash()
-    sqlStmtEvents = sqlStmtEvents.Values(types.TxHashKey, hash, tx.Height, hash, txID, ts, es.chainID)
-    sqlStmtEvents = sqlStmtEvents.Values(types.TxHeightKey, tx.Height, tx.Height, hash, txID, ts, es.chainID)
-
-    for _, event := range result.Result.Events {
-      // only index events with a non-empty type
-      if len(event.Type) == 0 {
-        continue
-      }
-
-      for _, attr := range event.Attributes {
-        if len(attr.Key) == 0 {
-          continue
-        }
-
-        // index if `index: true` is set
-        compositeTag := fmt.Sprintf("%s.%s", event.Type, string(attr.Key))
-			
-        // ensure event does not conflict with a reserved prefix key
-        if compositeTag == types.TxHashKey || compositeTag == types.TxHeightKey {
-          return fmt.Errorf("event type and attribute key \"%s\" is reserved; please use a different key", compositeTag)
-        }
-		
-        if attr.GetIndex() {
-          sqlStmtEvents = sqlStmtEvents.Values(compositeKey, string(attr.Value), tx.Height, hash, txID, ts, es.chainID)
-        }
-      }
-    }
-  }
-  
-  // execute sqlStmtEvents db query...
+	}
+	return nil
 }
 
-func (es *PSQLEventSink) SearchBlockEvents(ctx context.Context, q *query.Query) ([]int64, error) {
-  return nil, errors.New("block search is not supported via the postgres event sink")
-}
+// SearchBlockEvents is not implemented by this sink, and reports an error for all queries.
+func (es *EventSink) SearchBlockEvents(ctx context.Context, q *query.Query) ([]int64, error)
 
-func (es *PSQLEventSink) SearchTxEvents(ctx context.Context, q *query.Query) ([]*abci.TxResult, error) {
-  return nil, errors.New("tx search is not supported via the postgres event sink")
-}
+// SearchTxEvents is not implemented by this sink, and reports an error for all queries.
+func (es *EventSink) SearchTxEvents(ctx context.Context, q *query.Query) ([]*abci.TxResult, error)
 
-func (es *PSQLEventSink) GetTxByHash(hash []byte) (*abci.TxResult, error) {
-	return nil, errors.New("getTxByHash is not supported via the postgres event sink")
-}
+// GetTxByHash is not implemented by this sink, and reports an error for all queries.
+func (es *EventSink) GetTxByHash(hash []byte) (*abci.TxResult, error)
 
-func (es *PSQLEventSink) HasBlock(h int64) (bool, error) {
-	return false, errors.New("hasBlock is not supported via the postgres event sink")
-}
+// HasBlock is not implemented by this sink, and reports an error for all queries.
+func (es *EventSink) HasBlock(h int64) (bool, error)
 ```
 
 ### Configuration

docs/architecture/adr-069-flexible-node-intitalization.md

@@ -0,0 +1,273 @@
+# ADR 069: Flexible Node Initialization
+
+## Changlog
+
+- 2021-06-09: Initial Draft (@tychoish)
+
+- 2021-07-21: Major Revision (@tychoish)
+
+## Status
+
+Proposed.
+
+## Context
+
+In an effort to support [Go-API-Stability](./adr-060-go-api-stability.md),
+during the 0.35 development cycle, we have attempted to reduce the the API
+surface area by moving most of the interface of the `node` package into
+unexported functions, as well as moving the reactors to an `internal`
+package. Having this coincide with the 0.35 release made a lot of sense
+because these interfaces were _already_ changing as a result of the `p2p`
+[refactor](./adr-061-p2p-refactor-scope.md), so it made sense to think a bit
+more about how tendermint exposes this API.
+
+While the interfaces of the P2P layer and most of the node package are already
+internalized, this precludes some operational patterns that are important to
+users who use tendermint as a library. Specifically, introspecting the
+tendermint node service and replacing components is not supported in the latest
+version of the code, and some of these use cases would require maintaining a
+vendor copy of the code. Adding these features requires rather extensive
+(internal/implementation) changes to the `node` and `rpc` packages, and this
+ADR describes a model for changing the way that tendermint nodes initialize, in
+service of providing this kind of functionality.
+
+We consider node initialization, because the current implemention
+provides strong connections between all components, as well as between
+the components of the node and the RPC layer, and being able to think
+about the interactions of these components will help enable these
+features and help define the requirements of the node package.
+
+## Alternative Approaches
+
+These alternatives are presented to frame the design space and to
+contextualize the decision in terms of product requirements. These
+ideas are not inherently bad, and may even be possible or desireable
+in the (distant) future, and merely provide additional context for how
+we, in the moment came to our decision(s).
+
+### Do Nothing
+
+The current implementation is functional and sufficient for the vast
+majority of use cases (e.g., all users of the Cosmos-SDK as well as
+anyone who runs tendermint and the ABCI application in separate
+processes). In the current implementation, and even previous versions,
+modifying node initialization or injecting custom components required
+copying most of the `node` package, which required such users
+to maintain a vendored copy of tendermint.
+
+While this is (likely) not tenable in the long term, as users do want
+more modularity, and the current service implementation is brittle and
+difficult to maintain, in the short term it may be possible to delay
+implementation somewhat. Eventually, however, we will need to make the
+`node` package easier to maintain and reason about.
+
+### Generic Service Pluggability
+
+One possible system design would export interfaces (in the Golang
+sense) for all components of the system, to permit runtime dependency
+injection of all components in the system, so that users can compose
+tendermint nodes of arbitrary user-supplied components.
+
+Although this level of customization would provide benefits, it would be a huge
+undertaking (particularly with regards to API design work) that we do not have
+scope for at the moment.  Eventually providing support for some kinds of
+pluggability may be useful, so the current solution does not explicitly
+foreclose the possibility of this alternative.
+
+### Abstract Dependency Based Startup and Shutdown
+
+The main proposal in this document makes tendermint node initialization simpler
+and more abstract, but the system lacks a number of
+features which daemon/service initialization could provide, such as a
+system allowing the authors of services to control initialization and shutdown order
+of components using dependency relationships.
+
+Such a system could work by allowing services to declare
+initialization order dependencies to other reactors (by ID, perhaps)
+so that the node could decide the initialization based on the
+dependencies declared by services rather than requiring the node to
+encode this logic directly.
+
+This level of configuration is probably more complicated than is needed.  Given
+that the authors of components in the current implementation of tendermint
+already *do* need to know about other components, a dependency-based system
+would probably be overly-abstract at this stage.
+
+## Decisions
+
+- To the greatest extent possible, factor the code base so that
+  packages are responsible for their own initialization, and minimize
+  the amount of code in the `node` package itself.
+
+- As a design goal, reduce direct coupling and dependencies between
+  components in the implementation of `node`.
+
+- Begin iterating on a more-flexible internal framework for
+  initializing tendermint nodes to make the initatilization process
+  less hard-coded by the implementation of the node objects.
+
+  - Reactors should not need to expose their interfaces *within* the
+	implementation of the node type
+
+  - This refactoring should be entirely opaque to users.
+
+  - These node initialization changes should not require a
+	reevaluation of the `service.Service` or a generic initialization
+	orchestration framework.
+
+- Do not proactively provide a system for injecting
+  components/services within a tendtermint node, though make it
+  possible to retrofit this kind of plugability in the future if
+  needed.
+
+- Prioritize implementation of p2p-based statesync reactor to obviate
+  need for users to inject a custom state-sync provider.
+
+## Detailed Design
+
+The [current
+nodeImpl](https://github.com/tendermint/tendermint/blob/master/node/node.go#L47)
+includes direct references to the implementations of each of the
+reactors, which should be replaced by references to `service.Service`
+objects. This will require moving construction of the [rpc
+service](https://github.com/tendermint/tendermint/blob/master/node/node.go#L771)
+into the constructor of
+[makeNode](https://github.com/tendermint/tendermint/blob/master/node/node.go#L126). One
+possible implementation of this would be to eliminate the current
+`ConfigureRPC` method on the node package and instead [configure it
+here](https://github.com/tendermint/tendermint/pull/6798/files#diff-375d57e386f20eaa5f09f02bb9d28bfc48ac3dca18d0325f59492208219e5618R441).
+
+To avoid adding complexity to the `node` package, we will add a
+composite service implementation to the `service` package
+that implements `service.Service` and is composed of a sequence of
+underlying `service.Service` objects and handles their
+startup/shutdown in the specified sequential order.
+
+Consensus, blocksync (*née* fast sync), and statesync all depend on
+each other, and have significant initialization dependencies that are
+presently encoded in the `node` package. As part of this change, a
+new package/component (likely named `blocks` located at
+`internal/blocks`) will encapsulate the initialization of these block
+management areas of the code.
+
+### Injectable Component Option
+
+This section briefly describes a possible implementation for
+user-supplied services running within a node. This should not be
+implemented unless user-supplied components are a hard requirement for
+a user.
+
+In order to allow components to be replaced, a new public function
+will be added to the public interface of `node` with a signature that
+resembles the following:
+
+```go
+func NewWithServices(conf *config.Config,
+	logger log.Logger,
+	cf proxy.ClientCreator,
+	gen *types.GenesisDoc,
+	srvs []service.Service,
+) (service.Service, error) {
+```
+
+The `service.Service` objects will be initialized in the order supplied, after
+all pre-configured/default services have started (and shut down in reverse
+order).  The given services may implement additional interfaces, allowing them
+to replace specific default services. `NewWithServices` will validate input
+service lists with the following rules:
+
+- None of the services may already be running.
+- The caller may not supply more than one replacement reactor for a given
+  default service type.
+
+If callers violate any of these rules, `NewWithServices` will return
+an error. To retract support for this kind of operation in the future,
+the function can be modified to *always* return an error.
+
+## Consequences
+
+### Positive
+
+- The node package will become easier to maintain.
+
+- It will become easier to add additional services within tendermint
+  nodes.
+
+- It will become possible to replace default components in the node
+  package without vendoring the tendermint repo and modifying internal
+  code.
+
+- The current end-to-end (e2e) test suite will be able to prevent any
+  regressions, and the new functionality can be thoroughly unit tested.
+
+- The scope of this project is very narrow, which minimizes risk.
+
+### Negative
+
+- This increases our reliance on the `service.Service` interface which
+  is probably not an interface that we want to fully commit to.
+
+- This proposal implements a fairly minimal set of functionality and
+  leaves open the possibility for many additional features which are
+  not included in the scope of this proposal.
+
+### Neutral
+
+N/A
+
+## Open Questions
+
+- To what extent does this new initialization framework need to accommodate
+  the legacy p2p stack? Would it be possible to delay a great deal of this
+  work to the 0.36 cycle to avoid this complexity?
+
+  - Answer: _depends on timing_, and the requirement to ship pluggable reactors in 0.35.
+
+- Where should additional public types be exported for the 0.35
+  release?
+
+  Related to the general project of API stabilization we want to deprecate
+  the `types` package, and move its contents into a new `pkg` hierarchy;
+  however, the design of the `pkg` interface is currently underspecified.
+  If `types` is going to remain for the 0.35 release, then we should consider
+  the impact of using multiple organizing modalities for this code within a
+  single release.
+
+## Future Work
+
+- Improve or simplify the `service.Service` interface. There are some
+  pretty clear limitations with this interface as written (there's no
+  way to timeout slow startup or shut down, the cycle between the
+  `service.BaseService` and `service.Service` implementations is
+  troubling, the default panic in `OnReset` seems troubling.)
+
+- As part of the refactor of `service.Service` have all services/nodes
+  respect the lifetime of a `context.Context` object, and avoid the
+  current practice of creating `context.Context` objects in p2p and
+  reactor code. This would be required for in-process multi-tenancy.
+
+- Support explicit dependencies between components and allow for
+  parallel startup, so that different reactors can startup at the same
+  time, where possible.
+
+## References
+
+- [this
+  branch](https://github.com/tendermint/tendermint/tree/tychoish/scratch-node-minimize)
+  contains experimental work in the implementation of the node package
+  to unwind some of the hard dependencies between components.
+
+- [the component
+  graph](https://peter.bourgon.org/go-for-industrial-programming/#the-component-graph)
+  as a framing for internal service construction.
+
+## Appendix
+
+### Dependencies
+
+There's a relationship between the blockchain and consensus reactor
+described by the following dependency graph makes replacing some of
+these components more difficult relative to other reactors or
+components.
+
+![consensus blockchain dependency graph](./img/consensus_blockchain.png)

docs/architecture/adr-071-proposer-based-timestamps.md

@@ -0,0 +1,445 @@
+# ADR 71: Proposer-Based Timestamps
+
+* [Changelog](#changelog)
+* [Status](#status)
+* [Context](#context)
+* [Alternative Approaches](#alternative-approaches)
+	* [Remove timestamps altogether](#remove-timestamps-altogether)
+* [Decision](#decision)
+* [Detailed Design](#detailed-design)
+	* [Overview](#overview)
+	* [Proposal Timestamp and Block Timestamp](#proposal-timestamp-and-block-timestamp)
+	* [Saving the timestamp across heights](#saving-the-timestamp-across-heights)
+	* [Changes to `CommitSig`](#changes-to-commitsig)
+	* [Changes to `Commit`](#changes-to-commit)
+	* [Changes to `Vote` messages](#changes-to-vote-messages)
+	* [New consensus parameters](#new-consensus-parameters)
+	* [Changes to `Header`](#changes-to-header)
+	* [Changes to the block proposal step](#changes-to-the-block-proposal-step)
+		* [Proposer selects proposal timestamp](#proposer-selects-proposal-timestamp)
+		* [Proposer selects block timestamp](#proposer-selects-block-timestamp)
+		* [Proposer waits](#proposer-waits)
+		* [Changes to the propose step timeout](#changes-to-the-propose-step-timeout)
+	* [Changes to validation rules](#changes-to-validation-rules)
+		* [Proposal timestamp validation](#proposal-timestamp-validation)
+		* [Block timestamp validation](#block-timestamp-validation)
+	* [Changes to the prevote step](#changes-to-the-prevote-step)
+	* [Changes to the precommit step](#changes-to-the-precommit-step)
+	* [Changes to locking a block](#changes-to-locking-a-block)
+	* [Remove voteTime Completely](#remove-votetime-completely)
+* [Future Improvements](#future-improvements)
+* [Consequences](#consequences)
+	* [Positive](#positive)
+	* [Neutral](#neutral)
+	* [Negative](#negative)
+* [References](#references)
+
+## Changelog
+
+ - July 15 2021: Created by @williambanfield 
+ - Aug 4 2021: Draft completed by @williambanfield
+ - Aug 5 2021: Draft updated to include data structure changes by @williambanfield
+ - Aug 20 2021: Language edits completed by @williambanfield
+
+## Status
+
+ **Accepted**
+
+## Context
+
+Tendermint currently provides a monotonically increasing source of time known as [BFTTime](https://github.com/tendermint/spec/blob/master/spec/consensus/bft-time.md).
+This mechanism for producing a source of time is reasonably simple.
+Each correct validator adds a timestamp to each `Precommit` message it sends.
+The timestamp it sends is either the validator's current known Unix time or one millisecond greater than the previous block time, depending on which value is greater.
+When a block is produced, the proposer chooses the block timestamp as the weighted median of the times in all of the `Precommit` messages the proposer received.
+The weighting is proportional to the amount of voting power, or stake, a validator has on the network.
+This mechanism for producing timestamps is both deterministic and byzantine fault tolerant.
+ 
+This current mechanism for producing timestamps has a few drawbacks.
+Validators do not have to agree at all on how close the selected block timestamp is to their own currently known Unix time.
+Additionally, any amount of voting power `>1/3` may directly control the block timestamp.
+As a result, it is quite possible that the timestamp is not particularly meaningful.
+
+These drawbacks present issues in the Tendermint protocol.
+Timestamps are used by light clients to verify blocks.
+Light clients rely on correspondence between their own currently known Unix time and the block timestamp to verify blocks they see; 
+However, their currently known Unix time may be greatly divergent from the block timestamp as a result of the limitations of `BFTTime`.
+
+The proposer-based timestamps specification suggests an alternative approach for producing block timestamps that remedies these issues.
+Proposer-based timestamps alter the current mechanism for producing block timestamps in two main ways:
+
+1. The block proposer is amended to offer up its currently known Unix time as the timestamp for the next block. 
+1. Correct validators only approve the proposed block timestamp if it is close enough to their own currently known Unix time. 
+
+The result of these changes is a more meaningful timestamp that cannot be controlled by `<= 2/3` of the validator voting power. 
+This document outlines the necessary code changes in Tendermint to implement the corresponding [proposer-based timestamps specification](https://github.com/tendermint/spec/tree/master/spec/consensus/proposer-based-timestamp).
+
+## Alternative Approaches
+
+### Remove timestamps altogether
+
+Computer clocks are bound to skew for a variety of reasons.
+Using timestamps in our protocol means either accepting the timestamps as not reliable or impacting the protocol’s liveness guarantees.
+This design requires impacting the protocol’s liveness in order to make the timestamps more reliable.
+An alternate approach is to remove timestamps altogether from the block protocol.
+`BFTTime` is deterministic but may be arbitrarily inaccurate.
+However, having a reliable source of time is quite useful for applications and protocols built on top of a blockchain.
+
+We therefore decided not to remove the timestamp. 
+Applications often wish for some transactions to occur on a certain day, on a regular period, or after some time following a different event.
+All of these require some meaningful representation of agreed upon time.
+The following protocols and application features require a reliable source of time:
+* Tendermint Light Clients [rely on correspondence between their known time](https://github.com/tendermint/spec/blob/master/spec/light-client/verification/README.md#definitions-1) and the block time for block verification.
+* Tendermint Evidence validity is determined [either in terms of heights or in terms of time](https://github.com/tendermint/spec/blob/8029cf7a0fcc89a5004e173ec065aa48ad5ba3c8/spec/consensus/evidence.md#verification).
+* Unbonding of staked assets in the Cosmos Hub [occurs after a period of 21 days](https://github.com/cosmos/governance/blob/ce75de4019b0129f6efcbb0e752cd2cc9e6136d3/params-change/Staking.md#unbondingtime).
+* IBC packets can use either a [timestamp or a height to timeout packet delivery](https://docs.cosmos.network/v0.43/ibc/overview.html#acknowledgements).
+
+Finally, inflation distribution in the Cosmos Hub uses an approximation of time to calculate an annual percentage rate. 
+This approximation of time is calculated using [block heights with an estimated number of blocks produced in a year](https://github.com/cosmos/governance/blob/master/params-change/Mint.md#blocksperyear). 
+Proposer-based timestamps will allow this inflation calculation to use a more meaningful and accurate source of time.
+
+
+## Decision
+
+Implement proposer-based timestamps and remove `BFTTime`.
+
+## Detailed Design
+
+### Overview
+
+Implementing proposer-based timestamps will require a few changes to Tendermint’s code.
+These changes will be to the following components:
+* The `internal/consensus/` package.
+* The `state/` package.
+* The `Vote`, `CommitSig`, `Commit` and `Header` types.
+* The consensus parameters.
+
+### Proposal Timestamp and Block Timestamp
+
+This design discusses two timestamps: (1) The timestamp in the block and (2) the timestamp in the proposal message.
+The existence and use of both of these timestamps can get a bit confusing, so some background is given here to clarify their uses.
+
+The [proposal message currently has a timestamp](https://github.com/tendermint/tendermint/blob/e5312942e30331e7c42b75426da2c6c9c00ae476/types/proposal.go#L31).
+This timestamp is the current Unix time known to the proposer when sending the `Proposal` message.
+This timestamp is not currently used as part of consensus.
+The changes in this ADR will begin using the proposal message timestamp as part of consensus.
+We will refer to this as the **proposal timestamp** throughout this design.
+
+The block has a timestamp field [in the header](https://github.com/tendermint/tendermint/blob/dc7c212c41a360bfe6eb38a6dd8c709bbc39aae7/types/block.go#L338).
+This timestamp is set currently as part of Tendermint’s `BFTtime` algorithm.
+It is set when a block is proposed and it is checked by the validators when they are deciding to prevote the block.
+This field will continue to be used but the logic for creating and validating this timestamp will change.
+We will refer to this as the **block timestamp** throughout this design.
+
+At a high level, the proposal timestamp from height `H` is used as the block timestamp at height `H+1`.
+The following image shows this relationship.
+The rest of this document describes the code changes that will make this possible.
+
+![](./img/pbts-message.png)
+
+### Saving the timestamp across heights
+
+Currently, `BFTtime` uses `LastCommit` to construct the block timestamp.
+The `LastCommit` is created at height `H-1` and is saved in the state store to be included in the block at height `H`.
+`BFTtime` takes the weighted median of the timestamps in `LastCommit.CommitSig` to build the timestamp for height `H`. 
+
+For proposer-based timestamps, the `LastCommit.CommitSig` timestamps will no longer be used to build the timestamps for height `H`.
+Instead, the proposal timestamp from height `H-1` will become the block timestamp for height `H`.
+To enable this, we will add a `Timestamp` field to the `Commit` struct.
+This field will be populated at each height with the proposal timestamp decided on at the previous height.
+This timestamp will also be saved with the rest of the commit in the state store [when the commit is finalized](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/internal/consensus/state.go#L1611) so that it can be recovered if Tendermint crashes.
+Changes to the `CommitSig` and `Commit` struct are detailed below. 
+
+### Changes to `CommitSig`
+
+The [CommitSig](https://github.com/tendermint/tendermint/blob/a419f4df76fe4aed668a6c74696deabb9fe73211/types/block.go#L604) struct currently contains a timestamp. 
+This timestamp is the current Unix time known to the validator when it issued a `Precommit` for the block.
+This timestamp is no longer used and will be removed in this change.
+
+`CommitSig` will be updated as follows:
+
+```diff
+type CommitSig struct {
+	BlockIDFlag      BlockIDFlag `json:"block_id_flag"`
+	ValidatorAddress Address     `json:"validator_address"`
+--	Timestamp        time.Time   `json:"timestamp"`
+	Signature        []byte      `json:"signature"`
+}
+```
+
+### Changes to `Commit`
+
+The [Commit](https://github.com/tendermint/tendermint/blob/a419f4df76fe4aed668a6c74696deabb9fe73211/types/block.go#L746) struct does not currently contain a timestamp. 
+The timestamps in the `Commit.CommitSig` entries are currently used to build the block timestamp.
+With these timestamps removed, the commit time will instead be stored in the `Commit` struct.
+
+`Commit` will be updated as follows. 
+
+```diff
+type Commit struct {
+	Height     int64       `json:"height"`
+	Round      int32       `json:"round"`
+++	Timestamp  time.Time  `json:"timestamp"` 
+	BlockID    BlockID     `json:"block_id"`
+	Signatures []CommitSig `json:"signatures"`
+}
+```
+
+### Changes to `Vote` messages
+
+`Precommit` and `Prevote` messages use a common [Vote struct](https://github.com/tendermint/tendermint/blob/a419f4df76fe4aed668a6c74696deabb9fe73211/types/vote.go#L50).
+This struct currently contains a timestamp.
+This timestamp is set using the [voteTime](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/internal/consensus/state.go#L2241) function and therefore vote times correspond to the current Unix time known to the validator.
+For precommits, this timestamp is used to construct the [CommitSig that is included in the block in the LastCommit](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/types/block.go#L754) field.
+For prevotes, this field is unused.
+Proposer-based timestamps will use the [RoundState.Proposal](https://github.com/tendermint/tendermint/blob/c3ae6f5b58e07b29c62bfdc5715b6bf8ae5ee951/internal/consensus/types/round_state.go#L76) timestamp to construct the `signedBytes` `CommitSig`.
+This timestamp is therefore no longer useful and will be dropped.
+
+`Vote` will be updated as follows:
+
+```diff
+type Vote struct {
+	Type             tmproto.SignedMsgType `json:"type"`
+	Height           int64                 `json:"height"`
+	Round            int32                 `json:"round"`    
+	BlockID          BlockID               `json:"block_id"` // zero if vote is nil.
+--	Timestamp        time.Time             `json:"timestamp"`
+	ValidatorAddress Address               `json:"validator_address"`
+	ValidatorIndex   int32                 `json:"validator_index"`
+	Signature        []byte                `json:"signature"`
+}
+```
+
+### New consensus parameters
+
+The proposer-based timestamp specification includes multiple new parameters that must be the same among all validators.
+These parameters are `PRECISION`, `MSGDELAY`, and `ACCURACY`.
+
+The `PRECISION` and `MSGDELAY` parameters are used to determine if the proposed timestamp is acceptable.
+A validator will only Prevote a proposal if the proposal timestamp is considered `timely`.
+A proposal timestamp is considered `timely` if it is within `PRECISION` and `MSGDELAY` of the Unix time known to the validator.
+More specifically, a proposal timestamp is `timely` if `validatorLocalTime - PRECISION < proposalTime < validatorLocalTime + PRECISION + MSGDELAY`. 
+
+Because the `PRECISION` and `MSGDELAY` parameters must be the same across all validators, they will be added to the [consensus parameters](https://github.com/tendermint/tendermint/blob/master/proto/tendermint/types/params.proto#L13) as [durations](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration).
+
+The proposer-based timestamp specification also includes a [new ACCURACY parameter](https://github.com/tendermint/spec/blob/master/spec/consensus/proposer-based-timestamp/pbts-sysmodel_001_draft.md#pbts-clocksync-external0).
+Intuitively, `ACCURACY` represents the difference between the ‘real’ time and the currently known time of correct validators.
+The currently known Unix time of any validator is always somewhat different from real time.
+`ACCURACY` is the largest such difference between each validator's time and real time taken as an absolute value. 
+This is not something a computer can determine on its own and must be specified as an estimate by community running a Tendermint-based chain.
+It is used in the new algorithm to [calculate a timeout for the propose step](https://github.com/tendermint/spec/blob/master/spec/consensus/proposer-based-timestamp/pbts-algorithm_001_draft.md#pbts-alg-startround0).
+`ACCURACY` is assumed to be the same across all validators and therefore should be included as a consensus parameter.
+
+The consensus will be updated to include this `Timestamp` field as follows:
+
+```diff
+type ConsensusParams struct {
+	Block     BlockParams     `json:"block"`
+	Evidence  EvidenceParams  `json:"evidence"`
+	Validator ValidatorParams `json:"validator"`
+	Version   VersionParams   `json:"version"`
+++	Timestamp TimestampParams `json:"timestamp"`
+}
+```
+
+```go
+type TimestampParams struct {
+	Accuracy  time.Duration `json:"accuracy"`
+	Precision time.Duration `json:"precision"`
+	MsgDelay  time.Duration `json:"msg_delay"`
+}
+```
+
+### Changes to `Header`
+
+The [Header](https://github.com/tendermint/tendermint/blob/a419f4df76fe4aed668a6c74696deabb9fe73211/types/block.go#L338) struct currently contains a timestamp.
+This timestamp is set as the `BFTtime` derived from the block's `LastCommit.CommitSig` timestamps.
+This timestamp will no longer be derived from the `LastCommit.CommitSig` timestamps and will instead be included directly into the block's `LastCommit`.
+This timestamp will therfore be identical in both the `Header` and the `LastCommit`.
+To clarify that the timestamp in the header corresponds to the `LastCommit`'s time, we will rename this timestamp field to `last_timestamp`.
+
+`Header` will be updated as follows:
+
+```diff
+type Header struct {
+	// basic block info
+	Version       version.Consensus `json:"version"`
+	ChainID       string            `json:"chain_id"`
+	Height        int64             `json:"height"`
+--	Time          time.Time         `json:"time"`
+++	LastTimestamp time.Time         `json:"last_timestamp"`
+
+	// prev block info
+	LastBlockID BlockID `json:"last_block_id"`
+
+	// hashes of block data
+	LastCommitHash tmbytes.HexBytes `json:"last_commit_hash"`
+	DataHash       tmbytes.HexBytes `json:"data_hash"`
+
+	// hashes from the app output from the prev block
+	ValidatorsHash     tmbytes.HexBytes `json:"validators_hash"`
+	NextValidatorsHash tmbytes.HexBytes `json:"next_validators_hash"`
+	ConsensusHash      tmbytes.HexBytes `json:"consensus_hash"`
+	AppHash            tmbytes.HexBytes `json:"app_hash"`
+
+	// root hash of all results from the txs from the previous block
+	LastResultsHash tmbytes.HexBytes `json:"last_results_hash"`
+
+	// consensus info
+	EvidenceHash    tmbytes.HexBytes `json:"evidence_hash"`
+	ProposerAddress Address          `json:"proposer_address"`
+}
+```
+
+### Changes to the block proposal step
+
+#### Proposer selects proposal timestamp
+
+The proposal logic already [sets the Unix time known to the validator](https://github.com/tendermint/tendermint/blob/2abfe20114ee3bb3adfee817589033529a804e4d/types/proposal.go#L44) into the `Proposal` message.
+This satisfies the proposer-based timestamp specification and does not need to change. 
+
+#### Proposer selects block timestamp
+
+The proposal timestamp that was decided in height `H-1` will be stored in the `State` struct's in the `RoundState.LastCommit` field.
+The proposer will select this timestamp to use as the block timestamp at height `H`.
+
+#### Proposer waits
+
+Block timestamps must be monotonically increasing.
+In `BFTTime`, if a validator’s clock was behind, the [validator added 1 millisecond to the previous block’s time and used that in its vote messages](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/internal/consensus/state.go#L2246).
+A goal of adding proposer-based timestamps is to enforce some degree of clock synchronization, so having a mechanism that completely ignores the Unix time of the validator time no longer works.
+
+Validator clocks will not be perfectly in sync.
+Therefore, the proposer’s current known Unix time may be less than the `LastCommit.Timestamp`.
+If the proposer’s current known Unix time is less than the `LastCommit.Timestamp`, the proposer will sleep until its known Unix time exceeds `LastCommit.Timestamp`.
+
+This change will require amending the [defaultDecideProposal](https://github.com/tendermint/tendermint/blob/822893615564cb20b002dd5cf3b42b8d364cb7d9/internal/consensus/state.go#L1180) method.
+This method should now block until the proposer’s time is greater than `LastCommit.Timestamp`.
+
+#### Changes to the propose step timeout
+
+Currently, a validator waiting for a proposal will proceed past the propose step if the configured propose timeout is reached and no proposal is seen.
+Proposer-based timestamps requires changing this timeout logic. 
+
+The proposer will now wait until its current known Unix time exceeds the `LastCommit.Timestamp` to propose a block.
+The validators must now take this and some other factors into account when deciding when to timeout the propose step.
+Specifically, the propose step timeout must also take into account potential inaccuracy in the validator’s clock and in the clock of the proposer.
+Additionally, there may be a delay communicating the proposal message from the proposer to the other validators. 
+
+Therefore, validators waiting for a proposal must wait until after the `LastCommit.Timestamp` before timing out.
+To account for possible inaccuracy in its own clock, inaccuracy in the proposer’s clock, and message delay, validators waiting for a proposal will wait until `LastCommit.Timesatmp + 2*ACCURACY + MSGDELAY`.
+ The spec defines this as `waitingTime`.
+ 
+The [propose step’s timeout is set in enterPropose](https://github.com/tendermint/tendermint/blob/822893615564cb20b002dd5cf3b42b8d364cb7d9/internal/consensus/state.go#L1108) in `state.go`. 
+`enterPropose` will be changed to calculate waiting time using the new consensus parameters.
+The timeout in `enterPropose` will then be set as the maximum of `waitingTime` and the [configured proposal step timeout](https://github.com/tendermint/tendermint/blob/dc7c212c41a360bfe6eb38a6dd8c709bbc39aae7/config/config.go#L1013).
+
+### Changes to validation rules
+
+The rules for validating that a proposal is valid will need slight modification to implement proposer-based timestamps.
+Specifically, we will change the validation logic to ensure that the proposal timestamp is `timely` and we will modify the way the block timestamp is validated as well.
+
+#### Proposal timestamp validation
+
+Adding proposal timestamp validation is a reasonably straightforward change.
+The current Unix time known to the proposer is already included in the [Proposal message](https://github.com/tendermint/tendermint/blob/dc7c212c41a360bfe6eb38a6dd8c709bbc39aae7/types/proposal.go#L31).
+Once the proposal is received, the complete message is stored in the `RoundState.Proposal` field.
+The precommit and prevote validation logic does not currently use this timestamp.
+This validation logic will be updated to check that the proposal timestamp is within `PRECISION` of the current Unix time known to the validators.
+If the timestamp is not within `PRECISION` of the current Unix time known to the validator, the proposal will not be considered it valid.
+The validator will also check that the proposal time is greater than the block timestamp from the previous height.
+
+If no valid proposal is received by the proposal timeout, the validator will prevote nil.
+This is identical to the current logic.
+
+#### Block timestamp validation
+
+The [validBlock function](https://github.com/tendermint/tendermint/blob/c3ae6f5b58e07b29c62bfdc5715b6bf8ae5ee951/state/validation.go#L14) currently [validates the proposed block timestamp in three ways](https://github.com/tendermint/tendermint/blob/c3ae6f5b58e07b29c62bfdc5715b6bf8ae5ee951/state/validation.go#L118).
+First, the validation logic checks that this timestamp is greater than the previous block’s timestamp.
+Additionally, it validates that the block timestamp is correctly calculated as the weighted median of the timestamps in the [block’s LastCommit](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/types/block.go#L48).
+Finally, the logic also authenticates the timestamps in the `LastCommit`.
+The cryptographic signature in each `CommitSig` is created by signing a hash of fields in the block with the validator’s private key.
+One of the items in this `signedBytes` hash is derived from the timestamp in the `CommitSig`.
+To authenticate the `CommitSig` timestamp, the validator builds a hash of fields that includes the timestamp and checks this hash against the provided signature. 
+This takes place in the [VerifyCommit function](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/types/validation.go#L25).
+
+The logic to validate that the block timestamp is greater than the previous block’s timestamp also works for proposer-based timestamps and will not change.
+
+`BFTTime` validation is no longer applicable and will be removed.
+Validators will no longer check that the block timestamp is a weighted median of `LastCommit` timestamps.
+This will mean removing the call to [MedianTime in the validateBlock function](https://github.com/tendermint/tendermint/blob/4db71da68e82d5cb732b235eeb2fd69d62114b45/state/validation.go#L117).
+The `MedianTime` function can be completely removed. 
+The `LastCommit` timestamps may also be removed. 
+
+The `signedBytes` validation logic in `VerifyCommit` will be slightly altered.
+The `CommitSig`s in the block’s `LastCommit` will no longer each contain a timestamp.
+The validation logic will instead include the `LastCommit.Timestamp` in the hash of fields for generating the `signedBytes`.
+The cryptographic signatures included in the `CommitSig`s will then be checked against this `signedBytes` hash to authenticate the timestamp.
+Specifically, the `VerifyCommit` function will be updated to use this new timestamp.  
+
+### Changes to the prevote step
+
+Currently, a validator will prevote a proposal in one of three cases:
+
+* Case 1:  Validator has no locked block and receives a valid proposal.
+* Case 2:  Validator has a locked block and receives a valid proposal matching its locked block.
+* Case 3:  Validator has a locked block, sees a valid proposal not matching its locked block but sees +⅔ prevotes for the new proposal’s block. 
+
+The only change we will make to the prevote step is to what a validator considers a valid proposal as detailed above.
+
+### Changes to the precommit step
+
+The precommit step will not require much modification.
+Its proposal validation rules will change in the same ways that validation will change in the prevote step.
+
+### Changes to locking a block
+When a validator receives a valid proposed block and +2/3 prevotes for that block, it stores the block as its ‘locked block’ in the [RoundState.ValidBlock](https://github.com/tendermint/tendermint/blob/e8013281281985e3ada7819f42502b09623d24a0/internal/consensus/types/round_state.go#L85) field.
+In each subsequent round it will prevote that block.
+A validator will only change which block it has locked if it sees +2/3 prevotes for a different block.
+
+This mechanism will remain largely unchanged.
+The only difference is the addition of proposal timestamp validation.
+A validator will prevote nil in a round if the proposal message it received is not `timely`.
+Prevoting nil in this case will not cause a validator to ‘unlock’ its locked block.
+This difference is an incidental result of the changes to prevote validation.
+It is included in this design for completeness and to clarify that no additional changes will be made to block locking. 
+
+### Remove voteTime Completely
+
+[voteTime](https://github.com/tendermint/tendermint/blob/822893615564cb20b002dd5cf3b42b8d364cb7d9/internal/consensus/state.go#L2229) is a mechanism for calculating the next `BFTTime` given both the validator's current known Unix time and the previous block timestamp.
+If the previous block timestamp is greater than the validator's current known Unix time, then voteTime returns a value one millisecond greater than the previous block timestamp.
+This logic is used in multiple places and is no longer needed for proposer-based timestamps.
+It should therefore be removed completely.
+
+## Future Improvements
+
+* Implement BLS signature aggregation.
+By removing fields from the `Precommit` messages, we are able to aggregate signatures.
+
+## Consequences
+
+### Positive
+
+* `<2/3` of validators can no longer influence block timestamps.
+* Block timestamp will have stronger correspondence to real time.
+* Improves the reliability of light client block verification.
+* Enables BLS signature aggregation.
+* Enables evidence handling to use time instead of height for evidence validity.
+
+### Neutral
+
+* Alters Tendermint’s liveness properties.
+Liveness now requires that all correct validators have synchronized clocks within a bound.
+Liveness will now also require that validators’ clocks move forward, which was not required under `BFTTime`.
+
+### Negative
+
+* May increase the length of the propose step if there is a large skew between the previous proposer and the current proposer’s local Unix time.
+This skew will be bound by the `PRECISION` value, so it is unlikely to be too large.
+
+* Current chains with block timestamps far in the future will either need to pause consensus until after the erroneous block timestamp or must maintain synchronized but very inaccurate clocks.
+
+## References
+
+* [PBTS Spec](https://github.com/tendermint/spec/tree/master/spec/consensus/proposer-based-timestamp)
+* [BFTTime spec](https://github.com/tendermint/spec/blob/master/spec/consensus/bft-time.md)

docs/architecture/adr-072-request-for-comments.md

@@ -0,0 +1,105 @@
+# ADR 72: Restore Requests for Comments
+
+## Changelog
+
+- 20-Aug-2021: Initial draft (@creachadair)
+
+## Status
+
+Proposed
+
+## Context
+
+In the past, we kept a collection of Request for Comments (RFC) documents in `docs/rfc`.
+Prior to the creation of the ADR process, these documents were used to document
+design and implementation decisions about Tendermint Core. The RFC directory
+was removed in favor of ADRs, in commit 3761aa69 (PR
+[\#6345](https://github.com/tendermint/tendermint/pull/6345)).
+
+For issues where an explicit design decision or implementation change is
+required, an ADR is generally preferable to an open-ended RFC: An ADR is
+relatively narrowly-focused, identifies a specific design or implementation
+question, and documents the consensus answer to that question.
+
+Some discussions are more open-ended, however, or don't require a specific
+decision to be made (yet). Such conversations are still valuable to document,
+and several members of the Tendermint team have been doing so by writing gists
+or Google docs to share them around. That works well enough in the moment, but
+gists do not support any kind of collaborative editing, and both gists and docs
+are hard to discover after the fact. Google docs have much better collaborative
+editing, but are worse for discoverability, especially when contributors span
+different Google accounts.
+
+Discoverability is important, because these kinds of open-ended discussions are
+useful to people who come later -- either as new team members or as outside
+contributors seeking to use and understand the thoughts behind our designs and
+the architectural decisions that arose from those discussion.
+
+With these in mind, I propose that:
+
+-  We re-create a new, initially empty `docs/rfc` directory in the repository,
+   and use it to capture these kinds of open-ended discussions in supplement to
+   ADRs.
+
+-  Unlike in the previous RFC scheme, documents in this new directory will
+   _not_ be used directly for decision-making. This is the key difference
+   between an RFC and an ADR.
+
+   Instead, an RFC will exist to document background, articulate general
+   principles, and serve as a historical record of discussion and motivation.
+
+   In this system, an RFC may _only_ result in a decision indirectly, via ADR
+   documents created in response to the RFC.
+
+   **In short:** If a decision is required, write an ADR; otherwise if a
+   sufficiently broad discussion is needed, write an RFC.
+
+Just so that there is a consistent format, I also propose that:
+
+-  RFC files are named `rfc-XXX-title.{md,rst,txt}` and are written in plain
+   text, Markdown, or ReStructured Text.
+
+-  Like an ADR, an RFC should include a high-level change log at the top of the
+   document, and sections for:
+
+     * Abstract: A brief, high-level synopsis of the topic.
+     * Background: Any background necessary to understand the topic.
+     * Discussion: Detailed discussion of the issue being considered.
+
+-  Unlike an ADR, an RFC does _not_ include sections for Decisions, Detailed
+   Design, or evaluation of proposed solutions. If an RFC leads to a proposal
+   for an actual architectural change, that must be recorded in an ADR in the
+   usual way, and may refer back to the RFC in its References section.
+
+## Alternative Approaches
+
+Leaving aside implementation details, the main alternative to this proposal is
+to leave things as they are now, with ADRs as the only log of record and other
+discussions being held informally in whatever medium is convenient at the time.
+
+## Decision
+
+(pending)
+
+## Detailed Design
+
+- Create a new `docs/rfc` directory in the `tendermint` repository. Note that
+  this proposal intentionally does _not_ pull back the previous contents of
+  that path from Git history, as those documents were appropriately merged into
+  the ADR process.
+
+- Create a `README.md` for RFCs that explains the rules and their relationship
+  to ADRs.
+
+- Create an `rfc-template.md` file for RFC files.
+
+## Consequences
+
+### Positive
+
+- We will have a more discoverable place to record open-ended discussions that
+  do not immediately result in a design change.
+
+### Negative
+
+- Potentially some people could be confused about the RFC/ADR distinction.