fix tests amd errors

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1.4.1...v1.5.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/CODEOWNERS

@@ -7,17 +7,5 @@
 # global owners are only requested if there isn't a more specific
 # codeowner specified below. For this reason, the global codeowners
 # are often repeated in package-level definitions.
-*       @alexanderbez @ebuchman @tessr
+*       @alexanderbez @ebuchman @cmwaters @tessr @tychoish
 
-# Overrides for tooling packages
-.github/ @marbar3778 @alexanderbez @ebuchman @tessr
-DOCKER/ @marbar3778 @alexanderbez @ebuchman @tessr
-
-# Overrides for core Tendermint packages
-abci/  @marbar3778 @alexanderbez @ebuchman @tessr
-evidence/ @cmwaters @ebuchman @tessr
-light/ @cmwaters @ebuchman @tessr
-
-# Overrides for docs
-*.md @marbar3778 @alexanderbez @ebuchman @tessr
-docs/ @marbar3778 @alexanderbez @ebuchman @tessr

.github/workflows/coverage.yml

@@ -10,7 +10,7 @@ jobs:
   split-test-files:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - name: Create a file with all the pkgs
         run: go list ./... > pkgs.txt
       - name: Split pkgs into 4 files
@@ -45,7 +45,7 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: "1.16"
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |
@@ -67,7 +67,7 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: "1.16"
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |
@@ -95,7 +95,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: tests
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |
@@ -121,7 +121,7 @@ jobs:
       - run: |
           cat ./*profile.out | grep -v "mode: atomic" >> coverage.txt
         if: env.GIT_DIFF
-      - uses: codecov/codecov-action@v1.3.1
+      - uses: codecov/codecov-action@v1.5.2
         with:
           file: ./coverage.txt
         if: env.GIT_DIFF

.github/workflows/docker.yml

@@ -14,7 +14,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v2.3.4
       - name: Prepare
         id: prep
         run: |
@@ -40,17 +40,17 @@ jobs:
           platforms: all
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v1.5.0
 
       - name: Login to DockerHub
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v1
+        uses: docker/login-action@v1.10.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v2.6.1
         with:
           context: .
           file: ./DOCKER/Dockerfile

.github/workflows/docs.yml

@@ -1,32 +0,0 @@
-name: Documentation
-# This job builds and deploys documentation to github pages.
-# It runs on every push to master, and can be manually triggered.
-on:
-  workflow_dispatch: # allow running workflow manually
-  push:
-    branches:
-      - master
-
-jobs:
-  build-and-deploy:
-    runs-on: ubuntu-latest
-    container:
-      image: tendermintdev/docker-website-deployment
-    steps:
-      - name: Checkout 🛎️
-        uses: actions/checkout@v2.3.1
-        with:
-          persist-credentials: false
-          fetch-depth: 0
-
-      - name: Install and Build 🔧
-        run: |
-          apk add rsync
-          make build-docs
-
-      - name: Deploy 🚀
-        uses: JamesIves/github-pages-deploy-action@4.1.0
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          BRANCH: gh-pages
-          FOLDER: ~/output

.github/workflows/e2e-nightly-34x.yml

@@ -25,7 +25,7 @@ jobs:
         with:
           go-version: '1.16'
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
         with:
           ref: 'v0.34.x'
 
@@ -49,7 +49,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal
@@ -65,7 +65,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on success
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal

.github/workflows/e2e-nightly-master.yml

@@ -16,6 +16,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        p2p: ['legacy', 'new', 'hybrid']
         group: ['00', '01', '02', '03']
     runs-on: ubuntu-latest
     timeout-minutes: 60
@@ -24,7 +25,7 @@ jobs:
         with:
           go-version: '1.16'
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
 
       - name: Build
         working-directory: test/e2e
@@ -34,11 +35,11 @@ jobs:
       - name: Generate testnets
         working-directory: test/e2e
         # When changing -g, also change the matrix groups above
-        run: ./build/generator -g 4 -d networks/nightly
+        run: ./build/generator -g 4 -d networks/nightly/${{ matrix.p2p }} -p ${{ matrix.p2p }} 
 
-      - name: Run testnets in group ${{ matrix.group }}
+      - name: Run ${{ matrix.p2p }} p2p testnets in group ${{ matrix.group }}
         working-directory: test/e2e
-        run: ./run-multiple.sh networks/nightly/*-group${{ matrix.group }}-*.toml
+        run: ./run-multiple.sh networks/nightly/${{ matrix.p2p }}/*-group${{ matrix.group }}-*.toml
 
   e2e-nightly-fail-2:
     needs: e2e-nightly-test-2
@@ -46,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal
@@ -62,7 +63,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on success
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal

.github/workflows/e2e.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: '1.16'
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |

.github/workflows/fuzz-nightly.yml

@@ -17,7 +17,7 @@ jobs:
         with:
           go-version: '1.16'
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
 
       - name: Install go-fuzz
         working-directory: test/fuzz
@@ -76,7 +76,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack if any crashers
-        uses: rtCamp/action-slack-notify@f565a63638bd3615e76249bffab00fcb9dab90f7
+        uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
         env:
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
           SLACK_CHANNEL: tendermint-internal

.github/workflows/janitor.yml

@@ -0,0 +1,16 @@
+name: Janitor
+# Janitor cleans up previous runs of various workflows
+# To add more workflows to cancel visit https://api.github.com/repos/tendermint/tendermint/actions/workflows and find the actions name
+on:
+  pull_request:
+
+jobs:
+  cancel:
+    name: "Cancel Previous Runs"
+    runs-on: ubuntu-latest
+    timeout-minutes: 3
+    steps:
+      - uses: styfle/cancel-workflow-action@0.9.0
+        with:
+          workflow_id: 1041851,1401230,2837803
+          access_token: ${{ github.token }}

.github/workflows/jepsen.yml

@@ -46,7 +46,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the Jepsen repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v2.3.4
         with:
           repository: 'tendermint/jepsen'
 

.github/workflows/linkchecker.yml

@@ -6,7 +6,7 @@ jobs:
   markdown-link-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v2.3.4
       - uses: gaurav-nelson/github-action-markdown-link-check@1.0.12
         with:
           folder-path: "docs"

.github/workflows/lint.yml

@@ -13,14 +13,14 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 8
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |
             **/**.go
             go.mod
             go.sum
-      - uses: golangci/golangci-lint-action@v2.5.1
+      - uses: golangci/golangci-lint-action@v2.5.2
         with:
           # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
           version: v1.38

.github/workflows/linter.yml

@@ -11,6 +11,7 @@ on:
     branches: [master]
     paths:
       - "**.md"
+      - "**.yml"
 
 jobs:
   build:
@@ -18,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v2.3.4
       - name: Lint Code Base
         uses: docker://github/super-linter:v3
         env:
@@ -27,5 +28,5 @@ jobs:
           DEFAULT_BRANCH: master
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           VALIDATE_MD: true
-          VALIDATE_OPAENAPI: true
+          VALIDATE_OPENAPI: true
           VALIDATE_YAML: true

.github/workflows/proto-docker.yml

@@ -16,7 +16,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v2.3.4
       - name: Prepare
         id: prep
         run: |
@@ -34,16 +34,16 @@ jobs:
           echo ::set-output name=tags::${TAGS}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v1.5.0
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v1.10.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v2.6.1
         with:
           context: ./tools/proto
           file: ./tools/proto/Dockerfile

.github/workflows/proto.yml

@@ -11,13 +11,13 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 4
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v2.3.4
       - name: lint
         run: make proto-lint
   proto-breakage:
     runs-on: ubuntu-latest
     timeout-minutes: 4
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v2.3.4
       - name: check-breakage
         run: make proto-check-breaking-ci

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v2.3.4
         with:
           fetch-depth: 0
 

.github/workflows/stale.yml

@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v3
+      - uses: actions/stale@v3.0.19
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-pr-message: "This pull request has been automatically marked as stale because it has not had

.github/workflows/tests.yml

@@ -10,14 +10,6 @@ on:
       - release/**
 
 jobs:
-  cleanup-runs:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: rokroskar/workflow-run-cleanup-action@master
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-    if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/master'"
-
   build:
     name: Build
     runs-on: ubuntu-latest
@@ -26,7 +18,7 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: "1.16"
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |
@@ -36,7 +28,7 @@ jobs:
       - name: install
         run: make install install_abci
         if: "env.GIT_DIFF != ''"
-      - uses: actions/cache@v2.1.4
+      - uses: actions/cache@v2.1.6
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -44,7 +36,7 @@ jobs:
             ${{ runner.os }}-go-
         if: env.GIT_DIFF
       # Cache binaries for use by other jobs
-      - uses: actions/cache@v2.1.4
+      - uses: actions/cache@v2.1.6
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-${{ github.sha }}-tm-binary
@@ -58,21 +50,21 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: "1.16"
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |
             **/**.go
             go.mod
             go.sum
-      - uses: actions/cache@v2.1.4
+      - uses: actions/cache@v2.1.6
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
         if: env.GIT_DIFF
-      - uses: actions/cache@v2.1.4
+      - uses: actions/cache@v2.1.6
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-${{ github.sha }}-tm-binary
@@ -90,21 +82,21 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: "1.16"
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |
             **/**.go
             go.mod
             go.sum
-      - uses: actions/cache@v2.1.4
+      - uses: actions/cache@v2.1.6
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
         if: env.GIT_DIFF
-      - uses: actions/cache@v2.1.4
+      - uses: actions/cache@v2.1.6
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-${{ github.sha }}-tm-binary
@@ -121,21 +113,21 @@ jobs:
       - uses: actions/setup-go@v2
         with:
           go-version: "1.16"
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.4
       - uses: technote-space/get-diff-action@v4
         with:
           PATTERNS: |
             **/**.go
             go.mod
             go.sum
-      - uses: actions/cache@v2.1.4
+      - uses: actions/cache@v2.1.6
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
         if: env.GIT_DIFF
-      - uses: actions/cache@v2.1.4
+      - uses: actions/cache@v2.1.6
         with:
           path: ~/go/bin
           key: ${{ runner.os }}-${{ github.sha }}-tm-binary

.gitignore

@@ -24,6 +24,7 @@ docs/.vuepress/dist
 docs/_build
 docs/dist
 docs/node_modules/
+docs/spec
 index.html.md
 libs/pubsub/query/fuzz_test/output
 profile\.out
@@ -35,10 +36,10 @@ shunit2
 terraform.tfstate
 terraform.tfstate.backup
 terraform.tfstate.d
+test/app/grpc_client
 test/e2e/build
 test/e2e/networks/*/
 test/logs
-test/maverick/maverick
 test/p2p/data/
 vendor
 test/fuzz/**/corpus

.golangci.yml

@@ -39,6 +39,7 @@ linters:
     # - wsl
     # - gocognit
     - nolintlint
+    - asciicheck
 
 issues:
   exclude-rules:

CHANGELOG.md

@@ -1,5 +1,67 @@
 # Changelog
 
+Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
+
+## v0.34.11
+
+*June 18, 2021*
+
+This release improves the robustness of statesync; tweaking channel priorities and timeouts and
+adding two new parameters to the state sync config.
+
+### BREAKING CHANGES
+
+- Apps
+    - [Version] \#6494 `TMCoreSemVer` is not required to be set as a ldflag any longer.
+
+### IMPROVEMENTS
+
+- [statesync] \#6566 Allow state sync fetchers and request timeout to be configurable. (@alexanderbez)
+- [statesync] \#6378 Retry requests for snapshots and add a minimum discovery time (5s) for new snapshots. (@tychoish)
+- [statesync] \#6582 Increase chunk priority and add multiple retry chunk requests (@cmwaters)
+
+### BUG FIXES
+
+- [evidence] \#6375 Fix bug with inconsistent LightClientAttackEvidence hashing (@cmwaters)
+
+## v0.34.10
+
+*April 14, 2021*
+
+This release fixes a bug where peers would sometimes try to send messages 
+on incorrect channels. Special thanks to our friends at Oasis Labs for surfacing
+this issue! 
+
+- [p2p/node] [\#6339](https://github.com/tendermint/tendermint/issues/6339) Fix bug with using custom channels (@cmwaters)
+- [light] [\#6346](https://github.com/tendermint/tendermint/issues/6346) Correctly handle too high errors to improve client robustness (@cmwaters)
+
+## v0.34.9
+
+*April 8, 2021*
+
+This release fixes a moderate severity security issue, Security Advisory Alderfly, 
+which impacts all networks that rely on Tendermint light clients.
+Further details will be released once networks have upgraded.
+
+This release also includes a small Go API-breaking change, to reduce panics in the RPC layer.
+
+Special thanks to our external contributors on this release: @gchaincl
+
+### BREAKING CHANGES
+
+- Go API
+    - [rpc/jsonrpc/server] [\#6204](https://github.com/tendermint/tendermint/issues/6204) Modify `WriteRPCResponseHTTP(Error)` to return an error (@melekes)
+
+### FEATURES
+
+- [rpc] [\#6226](https://github.com/tendermint/tendermint/issues/6226) Index block events and expose a new RPC method, `/block_search`, to allow querying for blocks by `BeginBlock` and `EndBlock` events (@alexanderbez)
+
+### BUG FIXES
+
+- [rpc/jsonrpc/server] [\#6191](https://github.com/tendermint/tendermint/issues/6191) Correctly unmarshal `RPCRequest` when data is `null` (@melekes)
+- [p2p] [\#6289](https://github.com/tendermint/tendermint/issues/6289) Fix "unknown channels" bug on CustomReactors (@gchaincl)
+- [light/evidence] Adds logic to handle forward lunatic attacks (@cmwaters)
+
 ## v0.34.8
 
 *February 25, 2021*
@@ -7,8 +69,6 @@
 This release, in conjunction with [a fix in the Cosmos SDK](https://github.com/cosmos/cosmos-sdk/pull/8641),
 introduces changes that should mean the logs are much, much quieter. 🎉
 
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### IMPROVEMENTS
 
 - [libs/log] [\#6174](https://github.com/tendermint/tendermint/issues/6174) Include timestamp (`ts` field; `time.RFC3339Nano` format) in JSON logger output (@melekes)
@@ -46,8 +106,6 @@ use remote signer implementations instead of `FilePV` in production.
 Thank you to @joe-bowman for his assistance with this vulnerability and a particular
 shout-out to @marbar3778 for diagnosing it quickly.
 
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BUG FIXES
 
 - [consensus] [\#6128](https://github.com/tendermint/tendermint/pull/6128) Remove privValidator from log call (@tessr)
@@ -68,8 +126,6 @@ Thank you to our friends at Crypto.com for the initial report of this memory lea
 
 Special thanks to other external contributors on this release: @yayajacky, @odidev, @laniehei, and @c29r3!
 
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BUG FIXES
 
 - [light] [\#6022](https://github.com/tendermint/tendermint/pull/6022) Fix a bug when the number of validators equals 100 (@melekes)
@@ -88,8 +144,6 @@ or https://nvd.nist.gov/vuln/detail/CVE-2021-21271.
 Tendermint Core v0.34.3 also updates GoGo Protobuf to 1.3.2 in order to pick up the fix for
 https://nvd.nist.gov/vuln/detail/CVE-2021-3121. 
 
-Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BUG FIXES
 
 - [evidence] [[security fix]](https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg) Use correct source of evidence time (@cmwaters)
@@ -103,8 +157,6 @@ This release fixes a substantial bug in evidence handling where evidence could
 sometimes be broadcast before the block containing that evidence was fully committed,
 resulting in some nodes panicking when trying to verify said evidence.
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES
 
 - Go API
@@ -128,8 +180,6 @@ disconnecting from this node. As a temporary remedy (until the mempool package
 is refactored), the `max-batch-bytes` was disabled. Transactions will be sent
 one by one without batching.
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES
 
 - CLI/RPC/Config
@@ -158,8 +208,6 @@ Holy smokes, this is a big one! For a more reader-friendly overview of the chang
 Special thanks to external contributors on this release: @james-ray, @fedekunze, @favadi, @alessio,
 @joe-bowman, @cuonglm, @SadPencil and @dongsam.
 
-And as always, friendly reminder, that we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES
 
 - CLI/RPC/Config
@@ -400,9 +448,6 @@ as 2/3+ of the signatures are checked._
 
 Special thanks to @njmurarka at Bluzelle Networks for reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [consensus] Do not allow signatures for a wrong block in commits (@ebuchman)
@@ -418,8 +463,6 @@ need to update your code.**
 
 Special thanks to external contributors on this release: @tau3,
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -479,8 +522,6 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 
 Special thanks to external contributors on this release: @whylee259, @greg-szabo
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -567,9 +608,6 @@ Notes:
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [mempool] Reserve IDs in InitPeer instead of AddPeer (@tessr)
@@ -582,8 +620,6 @@ program](https://hackerone.com/tendermint).
 Special thanks to external contributors on this release:
 @antho1404, @michaelfig, @gterzian, @tau3, @Shivani912
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - CLI/RPC/Config
@@ -634,9 +670,6 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 Special thanks to external contributors on this release:
 @princesinha19
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### FEATURES:
 
 - [rpc] [\#3333](https://github.com/tendermint/tendermint/issues/3333) Add `order_by` to `/tx_search` endpoint, allowing to change default ordering from asc to desc (@princesinha19)
@@ -655,9 +688,6 @@ program](https://hackerone.com/tendermint).
 
 Special thanks to external contributors on this release: @mrekucci, @PSalant726, @princesinha19, @greg-szabo, @dongsam, @cuonglm, @jgimeno, @yenkhoon
 
-Friendly reminder, we have a [bug bounty
-program.](https://hackerone.com/tendermint).
-
 *January 14, 2020*
 
 This release contains breaking changes to the `Block#Header`, specifically
@@ -886,9 +916,6 @@ Notes:
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [mempool] Reserve IDs in InitPeer instead of AddPeer (@tessr)
@@ -900,9 +927,6 @@ _January, 9, 2020_
 
 Special thanks to external contributors on this release: @greg-szabo, @gregzaitsev, @yenkhoon
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### FEATURES:
 
 - [rpc/lib] [\#4248](https://github.com/tendermint/tendermint/issues/4248) RPC client basic authentication support (@greg-szabo)
@@ -924,9 +948,6 @@ program](https://hackerone.com/tendermint).
 
 Special thanks to external contributors on this release: @erikgrinaker, @guagualvcha, @hsyis, @cosmostuba, @whunmr, @austinabell
 
-Friendly reminder, we have a [bug bounty
-program.](https://hackerone.com/tendermint).
-
 
 ### BREAKING CHANGES:
 
@@ -966,9 +987,6 @@ identified and fixed here.
 Special thanks to [elvishacker](https://hackerone.com/elvishacker) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -995,9 +1013,6 @@ accepting new peers and only allowing `ed25519` pubkeys.
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for pointing
 this out.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [p2p] [\#4030](https://github.com/tendermint/tendermint/issues/4030) Only allow ed25519 pubkeys when connecting
@@ -1013,9 +1028,6 @@ All clients are recommended to upgrade. See
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for discovering
 and reporting this issue.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### SECURITY:
 
 - [p2p] [\#4030](https://github.com/tendermint/tendermint/issues/4030) Fix for panic on nil public key send to a peer
@@ -1026,9 +1038,6 @@ program](https://hackerone.com/tendermint).
 
 Special thanks to external contributors on this release: @jon-certik, @gracenoah, @PSalant726, @gchaincl
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - CLI/RPC/Config
@@ -1064,9 +1073,6 @@ guide.
 Special thanks to external contributors on this release:
 @gchaincl, @bluele, @climber73
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### IMPROVEMENTS:
 
 - [consensus] [\#3839](https://github.com/tendermint/tendermint/issues/3839) Reduce "Error attempting to add vote" message severity (Error -> Info)
@@ -1087,9 +1093,6 @@ program](https://hackerone.com/tendermint).
 Special thanks to external contributors on this release:
 @ruseinov, @bluele, @guagualvcha
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -1129,9 +1132,6 @@ This release contains a minor enhancement to the ABCI and some breaking changes
 - CheckTx requests include a `CheckTxType` enum that can be set to `Recheck` to indicate to the application that this transaction was already checked/validated and certain expensive operations (like checking signatures) can be skipped
 - Removed various functions from `libs` pkgs
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 - Go API
@@ -1177,9 +1177,6 @@ and the RPC, namely:
   [docs](https://github.com/tendermint/tendermint/blob/60827f75623b92eff132dc0eff5b49d2025c591e/docs/spec/abci/abci.md#events)
 - Bind RPC to localhost by default, not to the public interface [UPGRADING/RPC_Changes](./UPGRADING.md#rpc_changes)
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
-
 ### BREAKING CHANGES:
 
 * CLI/RPC/Config
@@ -1280,8 +1277,6 @@ Notes:
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### SECURITY:
 
@@ -1302,8 +1297,6 @@ identified and fixed here.
 Special thanks to [elvishacker](https://hackerone.com/elvishacker) for finding
 and reporting this.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES:
 
@@ -1331,8 +1324,6 @@ accepting new peers and only allowing `ed25519` pubkeys.
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for pointing
 this out.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### SECURITY:
 
@@ -1349,8 +1340,6 @@ All clients are recommended to upgrade. See
 Special thanks to [fudongbai](https://hackerone.com/fudongbai) for discovering
 and reporting this issue.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### SECURITY:
 
@@ -1646,8 +1635,6 @@ See the [v0.31.0
 Milestone](https://github.com/tendermint/tendermint/milestone/19?closed=1) for
 more details.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES:
 
@@ -1868,8 +1855,6 @@ This release contains two important fixes: one for p2p layer where we sometimes
 were not closing connections and one for consensus layer where consensus with
 no empty blocks (`create_empty_blocks = false`) could halt.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### IMPROVEMENTS:
 - [pex] [\#3037](https://github.com/tendermint/tendermint/issues/3037) Only log "Reached max attempts to dial" once
@@ -1909,8 +1894,6 @@ While we are trying to stabilize the Block protocol to preserve compatibility
 with old chains, there may be some final changes yet to come before Cosmos
 launch as we continue to audit and test the software.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES:
 
@@ -1959,8 +1942,6 @@ program](https://hackerone.com/tendermint).
 Special thanks to external contributors on this release:
 @HaoyangLiu
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BUG FIXES:
 - [consensus] Fix consensus halt from proposing blocks with too much evidence
@@ -2089,8 +2070,6 @@ Special thanks to @dlguddus for discovering a [major
 issue](https://github.com/tendermint/tendermint/issues/2718#issuecomment-440888677)
 in the proposer selection algorithm.
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 This release is primarily about fixes to the proposer selection algorithm
 in preparation for the [Cosmos Game of
@@ -2153,8 +2132,6 @@ Special thanks to external contributors on this release:
 @ackratos, @goolAdapter, @james-ray, @joe-bowman, @kostko,
 @nagarajmanjunath, @tomtau
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### FEATURES:
 
@@ -2194,8 +2171,6 @@ program](https://hackerone.com/tendermint).
 Special thanks to external contributors on this release:
 @danil-lashin, @kevlubkcm, @krhubert, @srmo
 
-Friendly reminder, we have a [bug bounty
-program](https://hackerone.com/tendermint).
 
 ### BREAKING CHANGES:
 
@@ -2240,8 +2215,6 @@ program](https://hackerone.com/tendermint).
 
 Special thanks to external contributors on this release: @hleb-albau, @zhuzeyu
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### FEATURES:
 
 - [rpc] [\#2582](https://github.com/tendermint/tendermint/issues/2582) Enable CORS on RPC API (@hleb-albau)
@@ -2259,8 +2232,6 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 
 Special thanks to external contributors on this release: @katakonst
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 ### IMPROVEMENTS:
 
 - [consensus] [\#2704](https://github.com/tendermint/tendermint/issues/2704) Simplify valid POL round logic
@@ -2434,8 +2405,6 @@ It also addresses some issues found via security audit, removes various unused
 functions from `libs/common`, and implements
 [ADR-012](https://github.com/tendermint/tendermint/blob/develop/docs/architecture/adr-012-peer-transport.md).
 
-Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermint).
-
 BREAKING CHANGES:
 
 * CLI/RPC/Config

CHANGELOG_PENDING.md

@@ -9,25 +9,43 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
 ### BREAKING CHANGES
 
 - CLI/RPC/Config
+  - [pubsub/events] \#6634 The `ResultEvent.Events` field is now of type `[]abci.Event` preserving event order instead of `map[string][]string`. (@alexanderbez)
   - [config] \#5598 The `test_fuzz` and `test_fuzz_config` P2P settings have been removed. (@erikgrinaker)
   - [config] \#5728 `fast_sync = "v1"` is no longer supported (@melekes)
   - [cli] \#5772 `gen_node_key` prints JSON-encoded `NodeKey` rather than ID and does not save it to `node_key.json` (@melekes)
   - [cli] \#5777 use hyphen-case instead of snake_case for all cli commands and config parameters (@cmwaters)
   - [rpc] \#6019 standardise RPC errors and return the correct status code (@bipulprasad & @cmwaters)
   - [rpc] \#6168 Change default sorting to desc for `/tx_search` results (@melekes)
+  - [cli] \#6282 User must specify the node mode when using `tendermint init` (@cmwaters)
+  - [state/indexer] \#6382 reconstruct indexer, move txindex into the indexer package (@JayT106)
+  - [cli] \#6372 Introduce `BootstrapPeers` as part of the new p2p stack. Peers to be connected on  startup (@cmwaters)
+  - [config] \#6462 Move `PrivValidator` configuration out of `BaseConfig` into its own section. (@tychoish)
+  - [rpc] \#6610 Add MaxPeerBlockHeight into /status rpc call (@JayT106)
+  - [libs/CList] \#6626 Automatically detach the prev/next elements in Remove function (@JayT106)
 
 - Apps
+  - [ABCI] \#6408 Change the `key` and `value` fields from `[]byte` to `string` in the `EventAttribute` type. (@alexanderbez)
   - [ABCI] \#5447 Remove `SetOption` method from `ABCI.Client` interface
   - [ABCI] \#5447 Reset `Oneof` indexes for  `Request` and `Response`.
   - [ABCI] \#5818 Use protoio for msg length delimitation. Migrates from int64 to uint64 length delimiters.
+  - [Version] \#6494 `TMCoreSemVer` has been renamed to `TMVersion`.
+    - It is not required any longer to set ldflags to set version strings
 
 - P2P Protocol
 
 - Go API
+  - [pubsub] \#6634 The `Query#Matches` method along with other pubsub methods, now accepts a `[]abci.Event` instead of `map[string][]string`. (@alexanderbez)
+  - [p2p] \#6618 Move `p2p.NodeInfo` into `types` to support use of the SDK. (@tychoish)
+  - [p2p] \#6583 Make `p2p.NodeID` and `p2p.NetAddress` exported types to support their use in the RPC layer. (@tychoish)
+  - [node] \#6540 Reduce surface area of the `node` package by making most of the implementation details private. (@tychoish)
+  - [p2p] \#6547 Move the entire `p2p` package and all reactor implementations into `internal`.  (@tychoish)
+  - [libs/log] \#6534 Remove the existing custom Tendermint logger backed by go-kit. The logging interface, `Logger`, remains. Tendermint still provides a default logger backed by the performant zerolog logger. (@alexanderbez)
+  - [libs/time] \#6495 Move types/time to libs/time to improve consistency. (@tychoish)
+  - [mempool] \#6529 The `Context` field has been removed from the `TxInfo` type. `CheckTx` now requires a `Context` argument. (@alexanderbez)
   - [abci/client, proxy] \#5673 `Async` funcs return an error, `Sync` and `Async` funcs accept `context.Context` (@melekes)
-  - [p2p] Removed unused function `MakePoWTarget`. (@erikgrinaker)
+  - [p2p] Remove unused function `MakePoWTarget`. (@erikgrinaker)
   - [libs/bits] \#5720 Validate `BitArray` in `FromProto`, which now returns an error (@melekes)
-  - [proto/p2p] Renamed `DefaultNodeInfo` and `DefaultNodeInfoOther` to `NodeInfo` and `NodeInfoOther` (@erikgrinaker)
+  - [proto/p2p] Rename `DefaultNodeInfo` and `DefaultNodeInfoOther` to `NodeInfo` and `NodeInfoOther` (@erikgrinaker)
   - [proto/p2p] Rename `NodeInfo.default_node_id` to `node_id` (@erikgrinaker)
   - [libs/os] Kill() and {Must,}{Read,Write}File() functions have been removed. (@alessio)
   - [store] \#5848 Remove block store state in favor of using the db iterators directly (@cmwaters)
@@ -42,20 +60,49 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
   - [rpc/client/http] \#6176 Remove `endpoint` arg from `New`, `NewWithTimeout` and `NewWithClient` (@melekes)
   - [rpc/client/http] \#6176 Unexpose `WSEvents` (@melekes)
   - [rpc/jsonrpc/client/ws_client] \#6176 `NewWS` no longer accepts options (use `NewWSWithOptions` and `OnReconnect` funcs to configure the client) (@melekes)
-  - [rpc/jsonrpc/server] \#6204 Modify `WriteRPCResponseHTTP(Error)` to return an error (@melekes)
+  - [internal/libs] \#6366 Move `autofile`, `clist`,`fail`,`flowrate`, `protoio`, `sync`, `tempfile`, `test` and `timer` lib packages to an internal folder
+  - [libs/rand] \#6364 Remove most of libs/rand in favour of standard lib's `math/rand` (@liamsi)
+  - [mempool] \#6466 The original mempool reactor has been versioned as `v0` and moved to a sub-package under the root `mempool` package.
+    Some core types have been kept in the `mempool` package such as `TxCache` and it's implementations, the `Mempool` interface itself
+    and `TxInfo`. (@alexanderbez)
+  - [crypto/sr25519] \#6526 Do not re-execute the Ed25519-style key derivation step when doing signing and verification.  The derivation is now done once and only once.  This breaks `sr25519.GenPrivKeyFromSecret` output compatibility. (@Yawning)
+  - [types] \#6627 Move `NodeKey` to types to make the type public. 
+  - [config] \#6627 Extend `config` to contain methods `LoadNodeKeyID` and `LoadorGenNodeKeyID`
 
 - Blockchain Protocol
 
 - Data Storage
   - [store/state/evidence/light] \#5771 Use an order-preserving varint key encoding (@cmwaters)
+  - [mempool] \#6396 Remove mempool's write ahead log (WAL), (previously unused by the tendermint code). (@tychoish)
+  - [state] \#6541 Move pruneBlocks from consensus/state to state/execution. (@JayT106)
+
+- Tooling
+  - [tools] \#6498 Set OS home dir to instead of the hardcoded PATH. (@JayT106)
 
 ### FEATURES
 
 - [config] Add `--mode` flag and config variable. See [ADR-52](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-052-tendermint-mode.md) @dongsam
+- [rpc] \#6329 Don't cap page size in unsafe mode (@gotjoshua, @cmwaters)
+- [pex] \#6305 v2 pex reactor with backwards compatability. Introduces two new pex messages to
+  accomodate for the new p2p stack. Removes the notion of seeds and crawling. All peer
+  exchange reactors behave the same. (@cmwaters)
+- [crypto] \#6376 Enable sr25519 as a validator key
+- [mempool] \#6466 Introduction of a prioritized mempool. (@alexanderbez)
+  - `Priority` and `Sender` have been introduced into the `ResponseCheckTx` type, where the `priority` will determine the prioritization of
+  the transaction when a proposer reaps transactions for a block proposal. The `sender` field acts as an index.
+  - Operators may toggle between the legacy mempool reactor, `v0`, and the new prioritized reactor, `v1`, by setting the
+  `mempool.version` configuration, where `v1` is the default configuration.
+  - Applications that do not specify a priority, i.e. zero, will have transactions reaped by the order in which they are received by the node.
+  - Transactions are gossiped in FIFO order as they are in `v0`.
+- [config/indexer] \#6411 Introduce support for custom event indexing data sources, specifically PostgreSQL. (@JayT106)
 
 ### IMPROVEMENTS
-
+- [libs/log] Console log formatting changes as a result of \#6534 and \#6589. (@tychoish)
+- [statesync] \#6566 Allow state sync fetchers and request timeout to be configurable. (@alexanderbez)
+- [types] \#6478 Add `block_id` to `newblock` event (@jeebster)
 - [crypto/ed25519] \#5632 Adopt zip215 `ed25519` verification. (@marbar3778)
+- [crypto/ed25519] \#6526 Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `ed25519` signing and verification. (@Yawning)
+- [crypto/sr25519] \#6526 Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `sr25519` signing and verification. (@Yawning)
 - [privval] \#5603 Add `--key` to `init`, `gen_validator`, `testnet` & `unsafe_reset_priv_validator` for use in generating `secp256k1` keys.
 - [privval] \#5725 Add gRPC support to private validator.
 - [privval] \#5876 `tendermint show-validator` will query the remote signer if gRPC is being used (@marbar3778)
@@ -75,15 +122,28 @@ Friendly reminder: We have a [bug bounty program](https://hackerone.com/tendermi
 - [node] \#6059 Validate and complete genesis doc before saving to state store (@silasdavis)
 - [state] \#6067 Batch save state data (@githubsands & @cmwaters)
 - [crypto] \#6120 Implement batch verification interface for ed25519 and sr25519. (@marbar3778)
-- [types] \#6120 use batch verification for verifying commits signatures. 
-  - If the key type supports the batch verification API it will try to batch verify. If the verification fails we will single verify each signature. 
+- [types] \#6120 use batch verification for verifying commits signatures.
+  - If the key type supports the batch verification API it will try to batch verify. If the verification fails we will single verify each signature.
 - [privval/file] \#6185 Return error on `LoadFilePV`, `LoadFilePVEmptyState`. Allows for better programmatic control of Tendermint.
-- [privval] /#6240 Add `context.Context` to privval interface. 
+- [privval] \#6240 Add `context.Context` to privval interface.
+- [rpc] \#6265 set cache control in http-rpc response header (@JayT106)
+- [statesync] \#6378 Retry requests for snapshots and add a minimum discovery time (5s) for new snapshots.
+- [node/state] \#6370 graceful shutdown in the consensus reactor (@JayT106)
+- [crypto/merkle] \#6443 Improve HashAlternatives performance (@cuonglm)
+- [crypto/merkle] \#6513 Optimize HashAlternatives (@marbar3778)
+- [p2p/pex] \#6509 Improve addrBook.hash performance (@cuonglm)
+- [consensus/metrics] \#6549 Change block_size gauge to a histogram for better observability over time (@marbar3778)
+- [statesync] \#6587 Increase chunk priority and re-request chunks that don't arrive (@cmwaters)
+- [state/privval] \#6578 No GetPubKey retry beyond the proposal/voting window (@JayT106)
+- [rpc] \#6615 Add TotalGasUsed to block_results response (@crypto-facs)
+- [cmd/tendermint/commands] \#6623 replace `$HOME/.some/test/dir` with `t.TempDir` (@tanyabouman)
 
 ### BUG FIXES
 
-- [types] \#5523 Change json naming of `PartSetHeader` within `BlockID` from `parts` to `part_set_header` (@marbar3778)
 - [privval] \#5638 Increase read/write timeout to 5s and calculate ping interval based on it (@JoeKash)
 - [blockchain/v1] [\#5701](https://github.com/tendermint/tendermint/pull/5701) Handle peers without blocks (@melekes)
 - [blockchain/v1] \#5711 Fix deadlock (@melekes)
-- [rpc/jsonrpc/server] \#6191 Correctly unmarshal `RPCRequest` when data is `null` (@melekes)
+- [evidence] \#6375 Fix bug with inconsistent LightClientAttackEvidence hashing (cmwaters)
+- [rpc] \#6507 fix RPC client doesn't handle url's without ports (@JayT106)
+- [statesync] \#6463 Adds Reverse Sync feature to fetch historical light blocks after state sync in order to verify any evidence (@cmwaters)
+- [fastsync] \#6590 Update the metrics during fast-sync (@JayT106)

CONTRIBUTING.md

@@ -26,7 +26,8 @@ will indicate their support with a heartfelt emoji.
 
 If the issue would benefit from thorough discussion, maintainers may
 request that you create a [Request For
-Comment](https://github.com/tendermint/spec/tree/master/rfc). Discussion
+Comment](https://github.com/tendermint/spec/tree/master/rfc)
+in the Tendermint spec repo. Discussion
 at the RFC stage will build collective understanding of the dimensions
 of the problems and help structure conversations around trade-offs.
 
@@ -244,6 +245,7 @@ If there were no release candidates, and you'd like to cut a major release direc
      all PRs
    - Ensure that UPGRADING.md is up-to-date and includes notes on any breaking changes
       or other upgrading flows.
+   - Bump TMVersionDefault version in  `version.go`
    - Bump P2P and block protocol versions in  `version.go`, if necessary
    - Bump ABCI protocol version in `version.go`, if necessary
    - Add any release notes you would like to be added to the body of the release to `release_notes.md`.
@@ -271,6 +273,7 @@ If there were no release candidates, and you'd like to cut a major release direc
      release, and add the github aliases of external contributors to the top of
      the changelog. To lookup an alias from an email, try `bash ./scripts/authors.sh <email>`
    - Reset the `CHANGELOG_PENDING.md`
+   - Bump TMVersionDefault version in  `version.go`
    - Bump P2P and block protocol versions in  `version.go`, if necessary
    - Bump ABCI protocol version in `version.go`, if necessary
    - Make sure all significant breaking changes are covered in `UPGRADING.md`
@@ -366,15 +369,6 @@ cd test/e2e && \
   ./build/runner -f networks/ci.toml
 ```
 
-### Maverick
-
-**If you're changing the code in `consensus` package, please make sure to
-replicate all the changes in `./test/maverick/consensus`**. Maverick is a
-byzantine node used to assert that the validator gets punished for malicious
-behavior.
-
-See [README](./test/maverick/README.md) for details.
-
 ### Model-based tests (ADVANCED)
 
 *NOTE: if you're just submitting your first PR, you won't need to touch these

DOCKER/Dockerfile

@@ -1,5 +1,5 @@
 # stage 1 Generate Tendermint Binary
-FROM golang:1.15-alpine as builder
+FROM golang:1.16-alpine as builder
 RUN apk update && \
     apk upgrade && \
     apk --no-cache add make

DOCKER/Dockerfile.build_c-amazonlinux

@@ -9,7 +9,7 @@ RUN wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm &
 RUN yum -y groupinstall "Development Tools"
 RUN yum -y install leveldb-devel which
 
-ENV GOVERSION=1.12.9
+ENV GOVERSION=1.16.5
 
 RUN cd /tmp && \
     wget https://dl.google.com/go/go${GOVERSION}.linux-amd64.tar.gz && \

DOCKER/README.md

@@ -31,8 +31,8 @@ To get started developing applications, see the [application developers guide](h
 A quick example of a built-in app and Tendermint core in one container.
 
 ```sh
-docker run -it --rm -v "/tmp:/tendermint" tendermint/tendermint init
-docker run -it --rm -v "/tmp:/tendermint" tendermint/tendermint node --proxy-app=kvstore
+docker run -it --rm -v "/tmp:/tendermint" tendermint/tendermint init validator
+docker run -it --rm -v "/tmp:/tendermint" tendermint/tendermint start --proxy-app=kvstore
 ```
 
 ## Local cluster

DOCKER/docker-entrypoint.sh

@@ -3,7 +3,7 @@ set -e
 
 if [ ! -d "$TMHOME/config" ]; then
 	echo "Running tendermint init to create (default) configuration for docker run."
-	tendermint init
+	tendermint init validator
 
 	sed -i \
 		-e "s/^proxy-app\s*=.*/proxy-app = \"$PROXY_APP\"/" \

Makefile

@@ -12,7 +12,7 @@ else
 VERSION := $(shell git describe)
 endif
 
-LD_FLAGS = -X github.com/tendermint/tendermint/version.TMCoreSemVer=$(VERSION)
+LD_FLAGS = -X github.com/tendermint/tendermint/version.TMVersion=$(VERSION)
 BUILD_FLAGS = -mod=readonly -ldflags "$(LD_FLAGS)"
 HTTPS_GIT := https://github.com/tendermint/tendermint.git
 DOCKER_BUF := docker run -v $(shell pwd):/workspace --workdir /workspace bufbuild/buf

README.md

@@ -8,7 +8,7 @@ Or [Blockchain](<https://en.wikipedia.org/wiki/Blockchain_(database)>), for shor
 
 [![version](https://img.shields.io/github/tag/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/releases/latest)
 [![API Reference](https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667)](https://pkg.go.dev/github.com/tendermint/tendermint)
-[![Go version](https://img.shields.io/badge/go-1.15-blue.svg)](https://github.com/moovweb/gvm)
+[![Go version](https://img.shields.io/badge/go-1.16-blue.svg)](https://github.com/moovweb/gvm)
 [![Discord chat](https://img.shields.io/discord/669268347736686612.svg)](https://discord.gg/vcExX9T)
 [![license](https://img.shields.io/github/license/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/blob/master/LICENSE)
 [![tendermint/tendermint](https://tokei.rs/b1/github/tendermint/tendermint?category=lines)](https://github.com/tendermint/tendermint)
@@ -18,8 +18,7 @@ Or [Blockchain](<https://en.wikipedia.org/wiki/Blockchain_(database)>), for shor
 |--------|--------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------|
 | master | ![Tests](https://github.com/tendermint/tendermint/workflows/Tests/badge.svg?branch=master) | [![codecov](https://codecov.io/gh/tendermint/tendermint/branch/master/graph/badge.svg)](https://codecov.io/gh/tendermint/tendermint) | ![Lint](https://github.com/tendermint/tendermint/workflows/Lint/badge.svg) |
 
-Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language -
-and securely replicates it on many machines.
+Tendermint Core is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many machines.
 
 For protocol details, see [the specification](https://github.com/tendermint/spec).
 
@@ -30,9 +29,7 @@ see our recent paper, "[The latest gossip on BFT consensus](https://arxiv.org/ab
 
 Please do not depend on master as your production branch. Use [releases](https://github.com/tendermint/tendermint/releases) instead.
 
-Tendermint is being used in production in both private and public environments,
-most notably the blockchains of the [Cosmos Network](https://cosmos.network/).
-However, we are still making breaking changes to the protocol and the APIs and have not yet released v1.0.
+Tendermint has been in the production of private and public environments, most notably the blockchains of the Cosmos Network. we haven't released v1.0 yet since we are making breaking changes to the protocol and the APIs. 
 See below for more details about [versioning](#versioning).
 
 In any case, if you intend to run Tendermint in production, we're happy to help. You can
@@ -51,7 +48,7 @@ to notify you of vulnerabilities and fixes in Tendermint Core. You can subscribe
 
 | Requirement | Notes            |
 |-------------|------------------|
-| Go version  | Go1.15 or higher |
+| Go version  | Go1.16 or higher |
 
 ## Documentation
 
@@ -167,4 +164,4 @@ If you'd like to work full-time on Tendermint Core, [we're hiring](https://inter
 
 Funding for Tendermint Core development comes primarily from the [Interchain Foundation](https://interchain.io),
 a Swiss non-profit. The Tendermint trademark is owned by [Tendermint Inc.](https://tendermint.com), the for-profit entity
- that also maintains [tendermint.com](https://tendermint.com).
+ that also maintains [tendermint.com](https://tendermint.com).

SECURITY.md

@@ -7,54 +7,55 @@ Policy](https://tendermint.com/security), we operate a [bug
 bounty](https://hackerone.com/tendermint).
 See the policy for more details on submissions and rewards, and see "Example Vulnerabilities" (below) for examples of the kinds of bugs we're most interested in.
 
-### Guidelines 
+### Guidelines
 
 We require that all researchers:
 
 * Use the bug bounty to disclose all vulnerabilities, and avoid posting vulnerability information in public places, including Github Issues, Discord channels, and Telegram groups
 * Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems (including but not limited to the Cosmos Hub), and destruction of data
-* Keep any information about vulnerabilities that you’ve discovered confidential between yourself and the Tendermint Core engineering team until the issue has been resolved and disclosed 
+* Keep any information about vulnerabilities that you’ve discovered confidential between yourself and the Tendermint Core engineering team until the issue has been resolved and disclosed
 * Avoid posting personally identifiable information, privately or publicly
 
 If you follow these guidelines when reporting an issue to us, we commit to:
 
 * Not pursue or support any legal action related to your research on this vulnerability
-* Work with you to understand, resolve and ultimately disclose the issue in a timely fashion 
+* Work with you to understand, resolve and ultimately disclose the issue in a timely fashion
 
-## Disclosure Process 
+## Disclosure Process
 
 Tendermint Core uses the following disclosure process:
 
-1. Once a security report is received, the Tendermint Core team works to verify the issue and confirm its severity level using CVSS. 
-2. The Tendermint Core team collaborates with the Gaia team to determine the vulnerability’s potential impact on the Cosmos Hub. 
-3. Patches are prepared for eligible releases of Tendermint in private repositories. See “Supported Releases” below for more information on which releases are considered eligible. 
-4. If it is determined that a CVE-ID is required, we request a CVE through a CVE Numbering Authority. 
+1. Once a security report is received, the Tendermint Core team works to verify the issue and confirm its severity level using CVSS.
+2. The Tendermint Core team collaborates with the Gaia team to determine the vulnerability’s potential impact on the Cosmos Hub.
+3. Patches are prepared for eligible releases of Tendermint in private repositories. See “Supported Releases” below for more information on which releases are considered eligible.
+4. If it is determined that a CVE-ID is required, we request a CVE through a CVE Numbering Authority.
 5. We notify the community that a security release is coming, to give users time to prepare their systems for the update. Notifications can include forum posts, tweets, and emails to partners and validators, including emails sent to the [Tendermint Security Mailing List](https://berlin.us4.list-manage.com/subscribe?u=431b35421ff7edcc77df5df10&id=3fe93307bc).
-6. 24 hours following this notification, the fixes are applied publicly and new releases are issued. 
-7. Cosmos SDK and Gaia update their Tendermint Core dependencies to use these releases, and then themselves issue new releases. 
-8. Once releases are available for Tendermint Core, Cosmos SDK and Gaia, we notify the community, again, through the same channels as above. We also publish a Security Advisory on Github and publish the CVE, as long as neither the Security Advisory nor the CVE include any information on how to exploit these vulnerabilities beyond what information is already available in the patch itself. 
-9. Once the community is notified, we will pay out any relevant bug bounties to submitters. 
-10. One week after the releases go out, we will publish a post with further details on the vulnerability as well as our response to it. 
+6. 24 hours following this notification, the fixes are applied publicly and new releases are issued.
+7. Cosmos SDK and Gaia update their Tendermint Core dependencies to use these releases, and then themselves issue new releases.
+8. Once releases are available for Tendermint Core, Cosmos SDK and Gaia, we notify the community, again, through the same channels as above. We also publish a Security Advisory on Github and publish the CVE, as long as neither the Security Advisory nor the CVE include any information on how to exploit these vulnerabilities beyond what information is already available in the patch itself.
+9. Once the community is notified, we will pay out any relevant bug bounties to submitters.
+10. One week after the releases go out, we will publish a post with further details on the vulnerability as well as our response to it.
 
-This process can take some time. Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we follow the process described above to ensure that disclosures are handled consistently and to keep Tendermint Core and its downstream dependent projects--including but not limited to Gaia and the Cosmos Hub--as secure as possible. 
+This process can take some time. Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we follow the process described above to ensure that disclosures are handled consistently and to keep Tendermint Core and its downstream dependent projects--including but not limited to Gaia and the Cosmos Hub--as secure as possible.
 
-### Example Timeline 
+### Example Timeline
 
-The following is an example timeline for the triage and response. The required roles and team members are described in parentheses after each task; however, multiple people can play each role and each person may play multiple roles. 
+The following is an example timeline for the triage and response. The required roles and team members are described in parentheses after each task; however, multiple people can play each role and each person may play multiple roles.
 
-#### > 24 Hours Before Release Time
+#### 24+ Hours Before Release Time
 
-1. Request CVE number (ADMIN) 
-2. Gather emails and other contact info for validators (COMMS LEAD) 
-3. Test fixes on a testnet  (TENDERMINT ENG, COSMOS ENG) 
-4. Write “Security Advisory” for forum (TENDERMINT LEAD) 
+1. Request CVE number (ADMIN)
+2. Gather emails and other contact info for validators (COMMS LEAD)
+3. Create patches in a private security repo, and ensure that PRs are open targeting all relevant release branches (TENDERMINT ENG, TENDERMINT LEAD)
+4. Test fixes on a testnet  (TENDERMINT ENG, COSMOS SDK ENG)
+5. Write “Security Advisory” for forum (TENDERMINT LEAD)
 
 #### 24 Hours Before Release Time
 
-1. Post “Security Advisory” pre-notification on forum (TENDERMINT LEAD) 
-2. Post Tweet linking to forum post (COMMS LEAD) 
-3. Announce security advisory/link to post in various other social channels (Telegram, Discord) (COMMS LEAD) 
-4. Send emails to validators or other users (PARTNERSHIPS LEAD) 
+1. Post “Security Advisory” pre-notification on forum (TENDERMINT LEAD)
+2. Post Tweet linking to forum post (COMMS LEAD)
+3. Announce security advisory/link to post in various other social channels (Telegram, Discord) (COMMS LEAD)
+4. Send emails to validators or other users (PARTNERSHIPS LEAD)
 
 #### Release Time
 
@@ -64,36 +65,36 @@ The following is an example timeline for the triage and response. The required r
 4. Post “Security releases” on forum (TENDERMINT LEAD)
 5. Post new Tweet linking to forum post (COMMS LEAD)
 6. Remind everyone via social channels (Telegram, Discord)  that the release is out (COMMS LEAD)
-7. Send emails to validators or other users (COMMS LEAD) 
-8. Publish Security Advisory and CVE, if CVE has no sensitive information (ADMIN) 
+7. Send emails to validators or other users (COMMS LEAD)
+8. Publish Security Advisory and CVE, if CVE has no sensitive information (ADMIN)
 
 #### After Release Time
 
 1. Write forum post with exploit details (TENDERMINT LEAD)
-2. Approve pay-out on HackerOne for submitter (ADMIN) 
+2. Approve pay-out on HackerOne for submitter (ADMIN)
 
 #### 7 Days After Release Time
 
-1. Publish CVE if it has not yet been published (ADMIN) 
+1. Publish CVE if it has not yet been published (ADMIN)
 2. Publish forum post with exploit details (TENDERMINT ENG, TENDERMINT LEAD)
 
 ## Supported Releases
 
-The Tendermint Core team commits to releasing security patch releases for both the latest minor release as well for the major/minor release that the Cosmos Hub is running. 
+The Tendermint Core team commits to releasing security patch releases for both the latest minor release as well for the major/minor release that the Cosmos Hub is running.
 
-If you are running older versions of Tendermint Core, we encourage you to upgrade at your earliest opportunity so that you can receive security patches directly from the Tendermint repo. While you are welcome to backport security patches to older versions for your own use, we will not publish or promote these backports. 
+If you are running older versions of Tendermint Core, we encourage you to upgrade at your earliest opportunity so that you can receive security patches directly from the Tendermint repo. While you are welcome to backport security patches to older versions for your own use, we will not publish or promote these backports.
 
 ## Scope
 
 The full scope of our bug bounty program is outlined on our [Hacker One program page](https://hackerone.com/tendermint). Please also note that, in the interest of the safety of our users and staff, a few things are explicitly excluded from scope:
 
-* Any third-party services 
-* Findings from physical testing, such as office access 
+* Any third-party services
+* Findings from physical testing, such as office access
 * Findings derived from social engineering (e.g., phishing)
 
-## Example Vulnerabilities 
+## Example Vulnerabilities
 
-The following is a list of examples of the kinds of vulnerabilities that we’re most interested in. It is not exhaustive: there are other kinds of issues we may also be interested in! 
+The following is a list of examples of the kinds of vulnerabilities that we’re most interested in. It is not exhaustive: there are other kinds of issues we may also be interested in!
 
 ### Specification
 
@@ -114,6 +115,9 @@ Assuming less than 1/3 of the voting power is Byzantine (malicious):
 * A node halting (liveness failure)
 * Syncing new and old nodes
 
+Assuming more than 1/3 the voting power is Byzantine:
+
+* Attacks that go unpunished (unhandled evidence)
 
 ### Networking
 
@@ -139,7 +143,7 @@ Attacks may come through the P2P network or the RPC layer:
 
 ### Libraries
 
-* Serialization (Amino)
+* Serialization
 * Reading/Writing files and databases
 
 ### Cryptography
@@ -150,5 +154,5 @@ Attacks may come through the P2P network or the RPC layer:
 
 ### Light Client
 
-* Core verification 
+* Core verification
 * Bisection/sequential algorithms

UPGRADING.md

@@ -7,10 +7,13 @@ This guide provides instructions for upgrading to specific versions of Tendermin
 ### ABCI Changes
 
 * Added `AbciVersion` to `RequestInfo`. Applications should check that the ABCI version they expect is being used in order to avoid unimplemented changes errors.
-
 * The method `SetOption` has been removed from the ABCI.Client interface. This feature was used in the early ABCI implementation's.
-
 * Messages are written to a byte stream using uin64 length delimiters instead of int64.
+* When mempool `v1` is enabled, transactions broadcasted via `sync` mode may return a successful
+  response with a transaction hash indicating that the transaction was successfully inserted into
+  the mempool. While this is true for `v0`, the `v1` mempool reactor may at a later point in time
+  evict or even drop this transaction after a hash has been returned. Thus, the user or client must
+  query for that transaction to check if it is still in the mempool.
 
 ### Config Changes
 
@@ -21,12 +24,21 @@ This guide provides instructions for upgrading to specific versions of Tendermin
 
 * Added `--mode` flag and `mode` config variable on `config.toml` for setting Mode of the Node: `full` | `validator` | `seed` (default: `full`)
   [ADR-52](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-052-tendermint-mode.md)
+  
+* `BootstrapPeers` has been added as part of the new p2p stack. This will eventually replace
+  `Seeds`. Bootstrap peers are connected with on startup if needed for peer discovery. Unlike
+  persistent peers, there's no gaurantee that the node will remain connected with these peers. 
+
+- configuration values starting with `priv-validator-` have moved to the new
+  `priv-validator` section, without the `priv-validator-` prefix.
 
 ### CLI Changes
 
+* You must now specify the node mode (validator|full|seed) in `tendermint init [mode]`
+
 * If you had previously used `tendermint gen_node_key` to generate a new node
   key, keep in mind that it no longer saves the output to a file. You can use
-  `tendermint init` or pipe the output of `tendermint gen_node_key` to
+  `tendermint init validator` or pipe the output of `tendermint gen_node_key` to
   `$TMHOME/config/node_key.json`:
 
   ```
@@ -35,13 +47,40 @@ This guide provides instructions for upgrading to specific versions of Tendermin
 
 * CLI commands and flags are all now hyphen-case instead of snake_case.
   Make sure to adjust any scripts that calls a cli command with snake_casing
+
+### API Changes
+
+The p2p layer was reimplemented as part of the 0.35 release cycle, and
+all reactors were refactored. As part of that work these
+implementations moved into the `internal` package and are no longer
+considered part of the public Go API of tendermint. These packages
+are:
+
+- `p2p`
+- `mempool`
+- `consensus`
+- `statesync`
+- `blockchain`
+- `evidence`
+
+Accordingly, the space `node` package was changed to reduce access to
+tendermint internals: applications that use tendermint as a library
+will need to change to accommodate these changes. Most notably:
+
+- The `Node` type has become internal, and all constructors return a
+  `service.Service` implementation.
+
+- The `node.DefaultNewNode` and `node.NewNode` constructors are no
+  longer exported and have been replaced with `node.New` and
+  `node.NewDefault` which provide more functional interfaces.
+
 ## v0.34.0
 
 **Upgrading to Tendermint 0.34 requires a blockchain restart.**
 This release is not compatible with previous blockchains due to changes to
 the encoding format (see "Protocol Buffers," below) and the block header (see "Blockchain Protocol").
 
-Note also that Tendermint 0.34 also requires Go 1.15 or higher.
+Note also that Tendermint 0.34 also requires Go 1.16 or higher.
 
 ### ABCI Changes
 

abci/client/client.go

@@ -6,8 +6,8 @@ import (
 	"sync"
 
 	"github.com/tendermint/tendermint/abci/types"
+	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
 	"github.com/tendermint/tendermint/libs/service"
-	tmsync "github.com/tendermint/tendermint/libs/sync"
 )
 
 const (
@@ -35,33 +35,29 @@ type Client interface {
 	FlushAsync(context.Context) (*ReqRes, error)
 	EchoAsync(ctx context.Context, msg string) (*ReqRes, error)
 	InfoAsync(context.Context, types.RequestInfo) (*ReqRes, error)
-	DeliverTxAsync(context.Context, types.RequestDeliverTx) (*ReqRes, error)
 	CheckTxAsync(context.Context, types.RequestCheckTx) (*ReqRes, error)
 	QueryAsync(context.Context, types.RequestQuery) (*ReqRes, error)
 	CommitAsync(context.Context) (*ReqRes, error)
 	InitChainAsync(context.Context, types.RequestInitChain) (*ReqRes, error)
-	BeginBlockAsync(context.Context, types.RequestBeginBlock) (*ReqRes, error)
-	EndBlockAsync(context.Context, types.RequestEndBlock) (*ReqRes, error)
 	ListSnapshotsAsync(context.Context, types.RequestListSnapshots) (*ReqRes, error)
 	OfferSnapshotAsync(context.Context, types.RequestOfferSnapshot) (*ReqRes, error)
 	LoadSnapshotChunkAsync(context.Context, types.RequestLoadSnapshotChunk) (*ReqRes, error)
 	ApplySnapshotChunkAsync(context.Context, types.RequestApplySnapshotChunk) (*ReqRes, error)
+	FinalizeBlockAsync(context.Context, types.RequestFinalizeBlock) (*ReqRes, error)
 
 	// Synchronous requests
 	FlushSync(context.Context) error
 	EchoSync(ctx context.Context, msg string) (*types.ResponseEcho, error)
 	InfoSync(context.Context, types.RequestInfo) (*types.ResponseInfo, error)
-	DeliverTxSync(context.Context, types.RequestDeliverTx) (*types.ResponseDeliverTx, error)
 	CheckTxSync(context.Context, types.RequestCheckTx) (*types.ResponseCheckTx, error)
 	QuerySync(context.Context, types.RequestQuery) (*types.ResponseQuery, error)
 	CommitSync(context.Context) (*types.ResponseCommit, error)
 	InitChainSync(context.Context, types.RequestInitChain) (*types.ResponseInitChain, error)
-	BeginBlockSync(context.Context, types.RequestBeginBlock) (*types.ResponseBeginBlock, error)
-	EndBlockSync(context.Context, types.RequestEndBlock) (*types.ResponseEndBlock, error)
 	ListSnapshotsSync(context.Context, types.RequestListSnapshots) (*types.ResponseListSnapshots, error)
 	OfferSnapshotSync(context.Context, types.RequestOfferSnapshot) (*types.ResponseOfferSnapshot, error)
 	LoadSnapshotChunkSync(context.Context, types.RequestLoadSnapshotChunk) (*types.ResponseLoadSnapshotChunk, error)
 	ApplySnapshotChunkSync(context.Context, types.RequestApplySnapshotChunk) (*types.ResponseApplySnapshotChunk, error)
+	FinalizeBlockSync(context.Context, types.RequestFinalizeBlock) (*types.ResponseFinalizeBlock, error)
 }
 
 //----------------------------------------
@@ -87,7 +83,7 @@ type ReqRes struct {
 	*sync.WaitGroup
 	*types.Response // Not set atomically, so be sure to use WaitGroup.
 
-	mtx  tmsync.Mutex
+	mtx  tmsync.RWMutex
 	done bool                  // Gets set to true once *after* WaitGroup.Done().
 	cb   func(*types.Response) // A single callback that may be set.
 }
@@ -137,16 +133,16 @@ func (r *ReqRes) InvokeCallback() {
 //
 // ref: https://github.com/tendermint/tendermint/issues/5439
 func (r *ReqRes) GetCallback() func(*types.Response) {
-	r.mtx.Lock()
-	defer r.mtx.Unlock()
+	r.mtx.RLock()
+	defer r.mtx.RUnlock()
 	return r.cb
 }
 
 // SetDone marks the ReqRes object as done.
 func (r *ReqRes) SetDone() {
 	r.mtx.Lock()
+	defer r.mtx.Unlock()
 	r.done = true
-	r.mtx.Unlock()
 }
 
 func waitGroup1() (wg *sync.WaitGroup) {

abci/client/grpc_client.go

@@ -10,9 +10,9 @@ import (
 	"google.golang.org/grpc"
 
 	"github.com/tendermint/tendermint/abci/types"
+	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
 	tmnet "github.com/tendermint/tendermint/libs/net"
 	"github.com/tendermint/tendermint/libs/service"
-	tmsync "github.com/tendermint/tendermint/libs/sync"
 )
 
 // A gRPC client.
@@ -24,7 +24,7 @@ type grpcClient struct {
 	conn     *grpc.ClientConn
 	chReqRes chan *ReqRes // dispatches "async" responses to callbacks *in order*, needed by mempool
 
-	mtx   tmsync.Mutex
+	mtx   tmsync.RWMutex
 	addr  string
 	err   error
 	resCb func(*types.Request, *types.Response) // listens to all callbacks
@@ -149,8 +149,8 @@ func (cli *grpcClient) StopForError(err error) {
 }
 
 func (cli *grpcClient) Error() error {
-	cli.mtx.Lock()
-	defer cli.mtx.Unlock()
+	cli.mtx.RLock()
+	defer cli.mtx.RUnlock()
 	return cli.err
 }
 
@@ -158,8 +158,8 @@ func (cli *grpcClient) Error() error {
 // NOTE: callback may get internally generated flush responses.
 func (cli *grpcClient) SetResponseCallback(resCb Callback) {
 	cli.mtx.Lock()
+	defer cli.mtx.Unlock()
 	cli.resCb = resCb
-	cli.mtx.Unlock()
 }
 
 //----------------------------------------
@@ -194,16 +194,6 @@ func (cli *grpcClient) InfoAsync(ctx context.Context, params types.RequestInfo)
 	return cli.finishAsyncCall(ctx, req, &types.Response{Value: &types.Response_Info{Info: res}})
 }
 
-// NOTE: call is synchronous, use ctx to break early if needed
-func (cli *grpcClient) DeliverTxAsync(ctx context.Context, params types.RequestDeliverTx) (*ReqRes, error) {
-	req := types.ToRequestDeliverTx(params)
-	res, err := cli.client.DeliverTx(ctx, req.GetDeliverTx(), grpc.WaitForReady(true))
-	if err != nil {
-		return nil, err
-	}
-	return cli.finishAsyncCall(ctx, req, &types.Response{Value: &types.Response_DeliverTx{DeliverTx: res}})
-}
-
 // NOTE: call is synchronous, use ctx to break early if needed
 func (cli *grpcClient) CheckTxAsync(ctx context.Context, params types.RequestCheckTx) (*ReqRes, error) {
 	req := types.ToRequestCheckTx(params)
@@ -244,26 +234,6 @@ func (cli *grpcClient) InitChainAsync(ctx context.Context, params types.RequestI
 	return cli.finishAsyncCall(ctx, req, &types.Response{Value: &types.Response_InitChain{InitChain: res}})
 }
 
-// NOTE: call is synchronous, use ctx to break early if needed
-func (cli *grpcClient) BeginBlockAsync(ctx context.Context, params types.RequestBeginBlock) (*ReqRes, error) {
-	req := types.ToRequestBeginBlock(params)
-	res, err := cli.client.BeginBlock(ctx, req.GetBeginBlock(), grpc.WaitForReady(true))
-	if err != nil {
-		return nil, err
-	}
-	return cli.finishAsyncCall(ctx, req, &types.Response{Value: &types.Response_BeginBlock{BeginBlock: res}})
-}
-
-// NOTE: call is synchronous, use ctx to break early if needed
-func (cli *grpcClient) EndBlockAsync(ctx context.Context, params types.RequestEndBlock) (*ReqRes, error) {
-	req := types.ToRequestEndBlock(params)
-	res, err := cli.client.EndBlock(ctx, req.GetEndBlock(), grpc.WaitForReady(true))
-	if err != nil {
-		return nil, err
-	}
-	return cli.finishAsyncCall(ctx, req, &types.Response{Value: &types.Response_EndBlock{EndBlock: res}})
-}
-
 // NOTE: call is synchronous, use ctx to break early if needed
 func (cli *grpcClient) ListSnapshotsAsync(ctx context.Context, params types.RequestListSnapshots) (*ReqRes, error) {
 	req := types.ToRequestListSnapshots(params)
@@ -314,6 +284,22 @@ func (cli *grpcClient) ApplySnapshotChunkAsync(
 	)
 }
 
+func (cli *grpcClient) FinalizeBlockAsync(
+	ctx context.Context,
+	params types.RequestFinalizeBlock,
+) (*ReqRes, error) {
+	req := types.ToRequestFinalizeBlock(params)
+	res, err := cli.client.FinalizeBlock(ctx, req.GetFinalizeBlock(), grpc.WaitForReady(true))
+	if err != nil {
+		return nil, err
+	}
+	return cli.finishAsyncCall(
+		ctx,
+		req,
+		&types.Response{Value: &types.Response_FinalizeBlock{FinalizeBlock: res}},
+	)
+}
+
 // finishAsyncCall creates a ReqRes for an async call, and immediately populates it
 // with the response. We don't complete it until it's been ordered via the channel.
 func (cli *grpcClient) finishAsyncCall(ctx context.Context, req *types.Request, res *types.Response) (*ReqRes, error) {
@@ -380,18 +366,6 @@ func (cli *grpcClient) InfoSync(
 	return cli.finishSyncCall(reqres).GetInfo(), cli.Error()
 }
 
-func (cli *grpcClient) DeliverTxSync(
-	ctx context.Context,
-	params types.RequestDeliverTx,
-) (*types.ResponseDeliverTx, error) {
-
-	reqres, err := cli.DeliverTxAsync(ctx, params)
-	if err != nil {
-		return nil, err
-	}
-	return cli.finishSyncCall(reqres).GetDeliverTx(), cli.Error()
-}
-
 func (cli *grpcClient) CheckTxSync(
 	ctx context.Context,
 	params types.RequestCheckTx,
@@ -435,30 +409,6 @@ func (cli *grpcClient) InitChainSync(
 	return cli.finishSyncCall(reqres).GetInitChain(), cli.Error()
 }
 
-func (cli *grpcClient) BeginBlockSync(
-	ctx context.Context,
-	params types.RequestBeginBlock,
-) (*types.ResponseBeginBlock, error) {
-
-	reqres, err := cli.BeginBlockAsync(ctx, params)
-	if err != nil {
-		return nil, err
-	}
-	return cli.finishSyncCall(reqres).GetBeginBlock(), cli.Error()
-}
-
-func (cli *grpcClient) EndBlockSync(
-	ctx context.Context,
-	params types.RequestEndBlock,
-) (*types.ResponseEndBlock, error) {
-
-	reqres, err := cli.EndBlockAsync(ctx, params)
-	if err != nil {
-		return nil, err
-	}
-	return cli.finishSyncCall(reqres).GetEndBlock(), cli.Error()
-}
-
 func (cli *grpcClient) ListSnapshotsSync(
 	ctx context.Context,
 	params types.RequestListSnapshots,
@@ -504,3 +454,14 @@ func (cli *grpcClient) ApplySnapshotChunkSync(
 	}
 	return cli.finishSyncCall(reqres).GetApplySnapshotChunk(), cli.Error()
 }
+
+func (cli *grpcClient) FinalizeBlockSync(
+	ctx context.Context,
+	params types.RequestFinalizeBlock) (*types.ResponseFinalizeBlock, error) {
+
+	reqres, err := cli.FinalizeBlockAsync(ctx, params)
+	if err != nil {
+		return nil, err
+	}
+	return cli.finishSyncCall(reqres).GetFinalizeBlock(), cli.Error()
+}

abci/client/local_client.go

@@ -4,8 +4,8 @@ import (
 	"context"
 
 	types "github.com/tendermint/tendermint/abci/types"
+	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
 	"github.com/tendermint/tendermint/libs/service"
-	tmsync "github.com/tendermint/tendermint/libs/sync"
 )
 
 // NOTE: use defer to unlock mutex because Application might panic (e.g., in
@@ -15,7 +15,7 @@ import (
 type localClient struct {
 	service.BaseService
 
-	mtx *tmsync.Mutex
+	mtx *tmsync.RWMutex
 	types.Application
 	Callback
 }
@@ -26,22 +26,24 @@ var _ Client = (*localClient)(nil)
 // methods of the given app.
 //
 // Both Async and Sync methods ignore the given context.Context parameter.
-func NewLocalClient(mtx *tmsync.Mutex, app types.Application) Client {
+func NewLocalClient(mtx *tmsync.RWMutex, app types.Application) Client {
 	if mtx == nil {
-		mtx = new(tmsync.Mutex)
+		mtx = &tmsync.RWMutex{}
 	}
+
 	cli := &localClient{
 		mtx:         mtx,
 		Application: app,
 	}
+
 	cli.BaseService = *service.NewBaseService(nil, "localClient", cli)
 	return cli
 }
 
 func (app *localClient) SetResponseCallback(cb Callback) {
 	app.mtx.Lock()
+	defer app.mtx.Unlock()
 	app.Callback = cb
-	app.mtx.Unlock()
 }
 
 // TODO: change types.Application to include Error()?
@@ -65,8 +67,8 @@ func (app *localClient) EchoAsync(ctx context.Context, msg string) (*ReqRes, err
 }
 
 func (app *localClient) InfoAsync(ctx context.Context, req types.RequestInfo) (*ReqRes, error) {
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
+	app.mtx.RLock()
+	defer app.mtx.RUnlock()
 
 	res := app.Application.Info(req)
 	return app.callback(
@@ -75,17 +77,6 @@ func (app *localClient) InfoAsync(ctx context.Context, req types.RequestInfo) (*
 	), nil
 }
 
-func (app *localClient) DeliverTxAsync(ctx context.Context, params types.RequestDeliverTx) (*ReqRes, error) {
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
-
-	res := app.Application.DeliverTx(params)
-	return app.callback(
-		types.ToRequestDeliverTx(params),
-		types.ToResponseDeliverTx(res),
-	), nil
-}
-
 func (app *localClient) CheckTxAsync(ctx context.Context, req types.RequestCheckTx) (*ReqRes, error) {
 	app.mtx.Lock()
 	defer app.mtx.Unlock()
@@ -98,8 +89,8 @@ func (app *localClient) CheckTxAsync(ctx context.Context, req types.RequestCheck
 }
 
 func (app *localClient) QueryAsync(ctx context.Context, req types.RequestQuery) (*ReqRes, error) {
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
+	app.mtx.RLock()
+	defer app.mtx.RUnlock()
 
 	res := app.Application.Query(req)
 	return app.callback(
@@ -130,28 +121,6 @@ func (app *localClient) InitChainAsync(ctx context.Context, req types.RequestIni
 	), nil
 }
 
-func (app *localClient) BeginBlockAsync(ctx context.Context, req types.RequestBeginBlock) (*ReqRes, error) {
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
-
-	res := app.Application.BeginBlock(req)
-	return app.callback(
-		types.ToRequestBeginBlock(req),
-		types.ToResponseBeginBlock(res),
-	), nil
-}
-
-func (app *localClient) EndBlockAsync(ctx context.Context, req types.RequestEndBlock) (*ReqRes, error) {
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
-
-	res := app.Application.EndBlock(req)
-	return app.callback(
-		types.ToRequestEndBlock(req),
-		types.ToResponseEndBlock(res),
-	), nil
-}
-
 func (app *localClient) ListSnapshotsAsync(ctx context.Context, req types.RequestListSnapshots) (*ReqRes, error) {
 	app.mtx.Lock()
 	defer app.mtx.Unlock()
@@ -202,6 +171,20 @@ func (app *localClient) ApplySnapshotChunkAsync(
 	), nil
 }
 
+func (app *localClient) FinalizeBlockAsync(
+	ctx context.Context,
+	req types.RequestFinalizeBlock,
+) (*ReqRes, error) {
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
+	res := app.Application.FinalizeBlock(req)
+	return app.callback(
+		types.ToRequestFinalizeBlock(req),
+		types.ToResponseFinalizeBlock(res),
+	), nil
+}
+
 //-------------------------------------------------------
 
 func (app *localClient) FlushSync(ctx context.Context) error {
@@ -213,25 +196,13 @@ func (app *localClient) EchoSync(ctx context.Context, msg string) (*types.Respon
 }
 
 func (app *localClient) InfoSync(ctx context.Context, req types.RequestInfo) (*types.ResponseInfo, error) {
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
+	app.mtx.RLock()
+	defer app.mtx.RUnlock()
 
 	res := app.Application.Info(req)
 	return &res, nil
 }
 
-func (app *localClient) DeliverTxSync(
-	ctx context.Context,
-	req types.RequestDeliverTx,
-) (*types.ResponseDeliverTx, error) {
-
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
-
-	res := app.Application.DeliverTx(req)
-	return &res, nil
-}
-
 func (app *localClient) CheckTxSync(
 	ctx context.Context,
 	req types.RequestCheckTx,
@@ -247,8 +218,8 @@ func (app *localClient) QuerySync(
 	ctx context.Context,
 	req types.RequestQuery,
 ) (*types.ResponseQuery, error) {
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
+	app.mtx.RLock()
+	defer app.mtx.RUnlock()
 
 	res := app.Application.Query(req)
 	return &res, nil
@@ -274,30 +245,6 @@ func (app *localClient) InitChainSync(
 	return &res, nil
 }
 
-func (app *localClient) BeginBlockSync(
-	ctx context.Context,
-	req types.RequestBeginBlock,
-) (*types.ResponseBeginBlock, error) {
-
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
-
-	res := app.Application.BeginBlock(req)
-	return &res, nil
-}
-
-func (app *localClient) EndBlockSync(
-	ctx context.Context,
-	req types.RequestEndBlock,
-) (*types.ResponseEndBlock, error) {
-
-	app.mtx.Lock()
-	defer app.mtx.Unlock()
-
-	res := app.Application.EndBlock(req)
-	return &res, nil
-}
-
 func (app *localClient) ListSnapshotsSync(
 	ctx context.Context,
 	req types.RequestListSnapshots,
@@ -344,6 +291,17 @@ func (app *localClient) ApplySnapshotChunkSync(
 	return &res, nil
 }
 
+func (app *localClient) FinalizeBlockSync(
+	ctx context.Context,
+	req types.RequestFinalizeBlock) (*types.ResponseFinalizeBlock, error) {
+
+	app.mtx.Lock()
+	defer app.mtx.Unlock()
+
+	res := app.Application.FinalizeBlock(req)
+	return &res, nil
+}
+
 //-------------------------------------------------------
 
 func (app *localClient) callback(req *types.Request, res *types.Response) *ReqRes {

abci/client/mocks/client.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.5.1. DO NOT EDIT.
+// Code generated by mockery 2.9.0. DO NOT EDIT.
 
 package mocks
 
@@ -65,52 +65,6 @@ func (_m *Client) ApplySnapshotChunkSync(_a0 context.Context, _a1 types.RequestA
 	return r0, r1
 }
 
-// BeginBlockAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) BeginBlockAsync(_a0 context.Context, _a1 types.RequestBeginBlock) (*abcicli.ReqRes, error) {
-	ret := _m.Called(_a0, _a1)
-
-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestBeginBlock) *abcicli.ReqRes); ok {
-		r0 = rf(_a0, _a1)
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
-		}
-	}
-
-	var r1 error
-	if rf, ok := ret.Get(1).(func(context.Context, types.RequestBeginBlock) error); ok {
-		r1 = rf(_a0, _a1)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// BeginBlockSync provides a mock function with given fields: _a0, _a1
-func (_m *Client) BeginBlockSync(_a0 context.Context, _a1 types.RequestBeginBlock) (*types.ResponseBeginBlock, error) {
-	ret := _m.Called(_a0, _a1)
-
-	var r0 *types.ResponseBeginBlock
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestBeginBlock) *types.ResponseBeginBlock); ok {
-		r0 = rf(_a0, _a1)
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*types.ResponseBeginBlock)
-		}
-	}
-
-	var r1 error
-	if rf, ok := ret.Get(1).(func(context.Context, types.RequestBeginBlock) error); ok {
-		r1 = rf(_a0, _a1)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
 // CheckTxAsync provides a mock function with given fields: _a0, _a1
 func (_m *Client) CheckTxAsync(_a0 context.Context, _a1 types.RequestCheckTx) (*abcicli.ReqRes, error) {
 	ret := _m.Called(_a0, _a1)
@@ -203,52 +157,6 @@ func (_m *Client) CommitSync(_a0 context.Context) (*types.ResponseCommit, error)
 	return r0, r1
 }
 
-// DeliverTxAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) DeliverTxAsync(_a0 context.Context, _a1 types.RequestDeliverTx) (*abcicli.ReqRes, error) {
-	ret := _m.Called(_a0, _a1)
-
-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestDeliverTx) *abcicli.ReqRes); ok {
-		r0 = rf(_a0, _a1)
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
-		}
-	}
-
-	var r1 error
-	if rf, ok := ret.Get(1).(func(context.Context, types.RequestDeliverTx) error); ok {
-		r1 = rf(_a0, _a1)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// DeliverTxSync provides a mock function with given fields: _a0, _a1
-func (_m *Client) DeliverTxSync(_a0 context.Context, _a1 types.RequestDeliverTx) (*types.ResponseDeliverTx, error) {
-	ret := _m.Called(_a0, _a1)
-
-	var r0 *types.ResponseDeliverTx
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestDeliverTx) *types.ResponseDeliverTx); ok {
-		r0 = rf(_a0, _a1)
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*types.ResponseDeliverTx)
-		}
-	}
-
-	var r1 error
-	if rf, ok := ret.Get(1).(func(context.Context, types.RequestDeliverTx) error); ok {
-		r1 = rf(_a0, _a1)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
 // EchoAsync provides a mock function with given fields: ctx, msg
 func (_m *Client) EchoAsync(ctx context.Context, msg string) (*abcicli.ReqRes, error) {
 	ret := _m.Called(ctx, msg)
@@ -295,52 +203,6 @@ func (_m *Client) EchoSync(ctx context.Context, msg string) (*types.ResponseEcho
 	return r0, r1
 }
 
-// EndBlockAsync provides a mock function with given fields: _a0, _a1
-func (_m *Client) EndBlockAsync(_a0 context.Context, _a1 types.RequestEndBlock) (*abcicli.ReqRes, error) {
-	ret := _m.Called(_a0, _a1)
-
-	var r0 *abcicli.ReqRes
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestEndBlock) *abcicli.ReqRes); ok {
-		r0 = rf(_a0, _a1)
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*abcicli.ReqRes)
-		}
-	}
-
-	var r1 error
-	if rf, ok := ret.Get(1).(func(context.Context, types.RequestEndBlock) error); ok {
-		r1 = rf(_a0, _a1)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// EndBlockSync provides a mock function with given fields: _a0, _a1
-func (_m *Client) EndBlockSync(_a0 context.Context, _a1 types.RequestEndBlock) (*types.ResponseEndBlock, error) {
-	ret := _m.Called(_a0, _a1)
-
-	var r0 *types.ResponseEndBlock
-	if rf, ok := ret.Get(0).(func(context.Context, types.RequestEndBlock) *types.ResponseEndBlock); ok {
-		r0 = rf(_a0, _a1)
-	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(*types.ResponseEndBlock)
-		}
-	}
-
-	var r1 error
-	if rf, ok := ret.Get(1).(func(context.Context, types.RequestEndBlock) error); ok {
-		r1 = rf(_a0, _a1)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
 // Error provides a mock function with given fields:
 func (_m *Client) Error() error {
 	ret := _m.Called()
@@ -355,6 +217,52 @@ func (_m *Client) Error() error {
 	return r0
 }
 
+// FinalizeBlockAsync provides a mock function with given fields: _a0, _a1
+func (_m *Client) FinalizeBlockAsync(_a0 context.Context, _a1 types.RequestFinalizeBlock) (*abcicli.ReqRes, error) {
+	ret := _m.Called(_a0, _a1)
+
+	var r0 *abcicli.ReqRes
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestFinalizeBlock) *abcicli.ReqRes); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*abcicli.ReqRes)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, types.RequestFinalizeBlock) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// FinalizeBlockSync provides a mock function with given fields: _a0, _a1
+func (_m *Client) FinalizeBlockSync(_a0 context.Context, _a1 types.RequestFinalizeBlock) (*types.ResponseFinalizeBlock, error) {
+	ret := _m.Called(_a0, _a1)
+
+	var r0 *types.ResponseFinalizeBlock
+	if rf, ok := ret.Get(0).(func(context.Context, types.RequestFinalizeBlock) *types.ResponseFinalizeBlock); ok {
+		r0 = rf(_a0, _a1)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*types.ResponseFinalizeBlock)
+		}
+	}
+
+	var r1 error
+	if rf, ok := ret.Get(1).(func(context.Context, types.RequestFinalizeBlock) error); ok {
+		r1 = rf(_a0, _a1)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
 // FlushAsync provides a mock function with given fields: _a0
 func (_m *Client) FlushAsync(_a0 context.Context) (*abcicli.ReqRes, error) {
 	ret := _m.Called(_a0)
@@ -796,3 +704,8 @@ func (_m *Client) String() string {
 
 	return r0
 }
+
+// Wait provides a mock function with given fields:
+func (_m *Client) Wait() {
+	_m.Called()
+}

abci/client/socket_client.go

@@ -12,10 +12,10 @@ import (
 	"time"
 
 	"github.com/tendermint/tendermint/abci/types"
+	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
+	"github.com/tendermint/tendermint/internal/libs/timer"
 	tmnet "github.com/tendermint/tendermint/libs/net"
 	"github.com/tendermint/tendermint/libs/service"
-	tmsync "github.com/tendermint/tendermint/libs/sync"
-	"github.com/tendermint/tendermint/libs/timer"
 )
 
 const (
@@ -43,7 +43,7 @@ type socketClient struct {
 	reqQueue   chan *reqResWithContext
 	flushTimer *timer.ThrottleTimer
 
-	mtx     tmsync.Mutex
+	mtx     tmsync.RWMutex
 	err     error
 	reqSent *list.List                            // list of requests sent, waiting for response
 	resCb   func(*types.Request, *types.Response) // called on all requests, if set.
@@ -108,8 +108,8 @@ func (cli *socketClient) OnStop() {
 
 // Error returns an error if the client was stopped abruptly.
 func (cli *socketClient) Error() error {
-	cli.mtx.Lock()
-	defer cli.mtx.Unlock()
+	cli.mtx.RLock()
+	defer cli.mtx.RUnlock()
 	return cli.err
 }
 
@@ -119,8 +119,8 @@ func (cli *socketClient) Error() error {
 // NOTE: callback may get internally generated flush responses.
 func (cli *socketClient) SetResponseCallback(resCb Callback) {
 	cli.mtx.Lock()
+	defer cli.mtx.Unlock()
 	cli.resCb = resCb
-	cli.mtx.Unlock()
 }
 
 //----------------------------------------
@@ -245,10 +245,6 @@ func (cli *socketClient) InfoAsync(ctx context.Context, req types.RequestInfo) (
 	return cli.queueRequestAsync(ctx, types.ToRequestInfo(req))
 }
 
-func (cli *socketClient) DeliverTxAsync(ctx context.Context, req types.RequestDeliverTx) (*ReqRes, error) {
-	return cli.queueRequestAsync(ctx, types.ToRequestDeliverTx(req))
-}
-
 func (cli *socketClient) CheckTxAsync(ctx context.Context, req types.RequestCheckTx) (*ReqRes, error) {
 	return cli.queueRequestAsync(ctx, types.ToRequestCheckTx(req))
 }
@@ -265,14 +261,6 @@ func (cli *socketClient) InitChainAsync(ctx context.Context, req types.RequestIn
 	return cli.queueRequestAsync(ctx, types.ToRequestInitChain(req))
 }
 
-func (cli *socketClient) BeginBlockAsync(ctx context.Context, req types.RequestBeginBlock) (*ReqRes, error) {
-	return cli.queueRequestAsync(ctx, types.ToRequestBeginBlock(req))
-}
-
-func (cli *socketClient) EndBlockAsync(ctx context.Context, req types.RequestEndBlock) (*ReqRes, error) {
-	return cli.queueRequestAsync(ctx, types.ToRequestEndBlock(req))
-}
-
 func (cli *socketClient) ListSnapshotsAsync(ctx context.Context, req types.RequestListSnapshots) (*ReqRes, error) {
 	return cli.queueRequestAsync(ctx, types.ToRequestListSnapshots(req))
 }
@@ -295,6 +283,13 @@ func (cli *socketClient) ApplySnapshotChunkAsync(
 	return cli.queueRequestAsync(ctx, types.ToRequestApplySnapshotChunk(req))
 }
 
+func (cli *socketClient) FinalizeBlockAsync(
+	ctx context.Context,
+	req types.RequestFinalizeBlock,
+) (*ReqRes, error) {
+	return cli.queueRequestAsync(ctx, types.ToRequestFinalizeBlock(req))
+}
+
 //----------------------------------------
 
 func (cli *socketClient) FlushSync(ctx context.Context) error {
@@ -341,18 +336,6 @@ func (cli *socketClient) InfoSync(
 	return reqres.Response.GetInfo(), nil
 }
 
-func (cli *socketClient) DeliverTxSync(
-	ctx context.Context,
-	req types.RequestDeliverTx,
-) (*types.ResponseDeliverTx, error) {
-
-	reqres, err := cli.queueRequestAndFlushSync(ctx, types.ToRequestDeliverTx(req))
-	if err != nil {
-		return nil, err
-	}
-	return reqres.Response.GetDeliverTx(), nil
-}
-
 func (cli *socketClient) CheckTxSync(
 	ctx context.Context,
 	req types.RequestCheckTx,
@@ -395,30 +378,6 @@ func (cli *socketClient) InitChainSync(
 	return reqres.Response.GetInitChain(), nil
 }
 
-func (cli *socketClient) BeginBlockSync(
-	ctx context.Context,
-	req types.RequestBeginBlock,
-) (*types.ResponseBeginBlock, error) {
-
-	reqres, err := cli.queueRequestAndFlushSync(ctx, types.ToRequestBeginBlock(req))
-	if err != nil {
-		return nil, err
-	}
-	return reqres.Response.GetBeginBlock(), nil
-}
-
-func (cli *socketClient) EndBlockSync(
-	ctx context.Context,
-	req types.RequestEndBlock,
-) (*types.ResponseEndBlock, error) {
-
-	reqres, err := cli.queueRequestAndFlushSync(ctx, types.ToRequestEndBlock(req))
-	if err != nil {
-		return nil, err
-	}
-	return reqres.Response.GetEndBlock(), nil
-}
-
 func (cli *socketClient) ListSnapshotsSync(
 	ctx context.Context,
 	req types.RequestListSnapshots,
@@ -465,6 +424,17 @@ func (cli *socketClient) ApplySnapshotChunkSync(
 	return reqres.Response.GetApplySnapshotChunk(), nil
 }
 
+func (cli *socketClient) FinalizeBlockSync(
+	ctx context.Context,
+	req types.RequestFinalizeBlock) (*types.ResponseFinalizeBlock, error) {
+
+	reqres, err := cli.queueRequestAndFlushSync(ctx, types.ToRequestFinalizeBlock(req))
+	if err != nil {
+		return nil, err
+	}
+	return reqres.Response.GetFinalizeBlock(), nil
+}
+
 //----------------------------------------
 
 // queueRequest enqueues req onto the queue. If the queue is full, it ether
@@ -569,8 +539,6 @@ func resMatchesReq(req *types.Request, res *types.Response) (ok bool) {
 		_, ok = res.Value.(*types.Response_Flush)
 	case *types.Request_Info:
 		_, ok = res.Value.(*types.Response_Info)
-	case *types.Request_DeliverTx:
-		_, ok = res.Value.(*types.Response_DeliverTx)
 	case *types.Request_CheckTx:
 		_, ok = res.Value.(*types.Response_CheckTx)
 	case *types.Request_Commit:
@@ -579,10 +547,6 @@ func resMatchesReq(req *types.Request, res *types.Response) (ok bool) {
 		_, ok = res.Value.(*types.Response_Query)
 	case *types.Request_InitChain:
 		_, ok = res.Value.(*types.Response_InitChain)
-	case *types.Request_BeginBlock:
-		_, ok = res.Value.(*types.Response_BeginBlock)
-	case *types.Request_EndBlock:
-		_, ok = res.Value.(*types.Response_EndBlock)
 	case *types.Request_ApplySnapshotChunk:
 		_, ok = res.Value.(*types.Response_ApplySnapshotChunk)
 	case *types.Request_LoadSnapshotChunk:
@@ -591,6 +555,8 @@ func resMatchesReq(req *types.Request, res *types.Response) (ok bool) {
 		_, ok = res.Value.(*types.Response_ListSnapshots)
 	case *types.Request_OfferSnapshot:
 		_, ok = res.Value.(*types.Response_OfferSnapshot)
+	case *types.Request_FinalizeBlock:
+		_, ok = res.Value.(*types.Response_FinalizeBlock)
 	}
 	return ok
 }

abci/client/socket_client_test.go

@@ -6,13 +6,14 @@ import (
 	"testing"
 	"time"
 
+	"math/rand"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	abcicli "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/server"
 	"github.com/tendermint/tendermint/abci/types"
-	tmrand "github.com/tendermint/tendermint/libs/rand"
 	"github.com/tendermint/tendermint/libs/service"
 )
 
@@ -36,11 +37,11 @@ func TestProperSyncCalls(t *testing.T) {
 	resp := make(chan error, 1)
 	go func() {
 		// This is BeginBlockSync unrolled....
-		reqres, err := c.BeginBlockAsync(ctx, types.RequestBeginBlock{})
+		reqres, err := c.FinalizeBlockAsync(ctx, types.RequestFinalizeBlock{})
 		assert.NoError(t, err)
 		err = c.FlushSync(context.Background())
 		assert.NoError(t, err)
-		res := reqres.Response.GetBeginBlock()
+		res := reqres.Response.GetFinalizeBlock()
 		assert.NotNil(t, res)
 		resp <- c.Error()
 	}()
@@ -72,7 +73,7 @@ func TestHangingSyncCalls(t *testing.T) {
 	resp := make(chan error, 1)
 	go func() {
 		// Start BeginBlock and flush it
-		reqres, err := c.BeginBlockAsync(ctx, types.RequestBeginBlock{})
+		reqres, err := c.FinalizeBlockAsync(ctx, types.RequestFinalizeBlock{})
 		assert.NoError(t, err)
 		flush, err := c.FlushAsync(ctx)
 		assert.NoError(t, err)
@@ -83,7 +84,7 @@ func TestHangingSyncCalls(t *testing.T) {
 		err = s.Stop()
 		assert.NoError(t, err)
 
-		// wait for the response from BeginBlock
+		// wait for the response from FinalizeBlock
 		reqres.Wait()
 		flush.Wait()
 		resp <- c.Error()
@@ -101,7 +102,7 @@ func TestHangingSyncCalls(t *testing.T) {
 func setupClientServer(t *testing.T, app types.Application) (
 	service.Service, abcicli.Client) {
 	// some port between 20k and 30k
-	port := 20000 + tmrand.Int32()%10000
+	port := 20000 + rand.Int31()%10000
 	addr := fmt.Sprintf("localhost:%d", port)
 
 	s, err := server.NewServer(addr, "socket", app)
@@ -120,7 +121,7 @@ type slowApp struct {
 	types.BaseApplication
 }
 
-func (slowApp) BeginBlock(req types.RequestBeginBlock) types.ResponseBeginBlock {
+func (slowApp) FinalizeBlock(req types.RequestFinalizeBlock) types.ResponseFinalizeBlock {
 	time.Sleep(200 * time.Millisecond)
-	return types.ResponseBeginBlock{}
+	return types.ResponseFinalizeBlock{}
 }

abci/cmd/abci-cli/abci-cli.go

@@ -68,12 +68,9 @@ var RootCmd = &cobra.Command{
 		}
 
 		if logger == nil {
-			allowLevel, err := log.AllowLevel(flagLogLevel)
-			if err != nil {
-				return err
-			}
-			logger = log.NewFilter(log.NewTMLogger(log.NewSyncWriter(os.Stdout)), allowLevel)
+			logger = log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 		}
+
 		if client == nil {
 			var err error
 			client, err = abcicli.NewClient(flagAddress, flagAbci, false)
@@ -507,16 +504,18 @@ func cmdDeliverTx(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	res, err := client.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: txBytes})
+	res, err := client.FinalizeBlockSync(ctx, types.RequestFinalizeBlock{Txs: [][]byte{txBytes}})
 	if err != nil {
 		return err
 	}
-	printResponse(cmd, args, response{
-		Code: res.Code,
-		Data: res.Data,
-		Info: res.Info,
-		Log:  res.Log,
-	})
+	for _, tx := range res.Txs {
+		printResponse(cmd, args, response{
+			Code: tx.Code,
+			Data: tx.Data,
+			Info: tx.Info,
+			Log:  tx.Log,
+		})
+	}
 	return nil
 }
 
@@ -598,7 +597,7 @@ func cmdQuery(cmd *cobra.Command, args []string) error {
 
 func cmdCounter(cmd *cobra.Command, args []string) error {
 	app := counter.NewApplication(flagSerial)
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	logger := log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 
 	// Start the listener
 	srv, err := server.NewServer(flagAddress, flagAbci, app)
@@ -623,7 +622,7 @@ func cmdCounter(cmd *cobra.Command, args []string) error {
 }
 
 func cmdKVStore(cmd *cobra.Command, args []string) error {
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	logger := log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 
 	// Create the application - in memory or persisted to disk
 	var app types.Application

abci/example/counter/counter.go

@@ -24,24 +24,30 @@ func (app *Application) Info(req types.RequestInfo) types.ResponseInfo {
 	return types.ResponseInfo{Data: fmt.Sprintf("{\"hashes\":%v,\"txs\":%v}", app.hashCount, app.txCount)}
 }
 
-func (app *Application) DeliverTx(req types.RequestDeliverTx) types.ResponseDeliverTx {
+func (app *Application) FinalizeBlock(req types.RequestFinalizeBlock) types.ResponseFinalizeBlock {
+
 	if app.serial {
-		if len(req.Tx) > 8 {
-			return types.ResponseDeliverTx{
-				Code: code.CodeTypeEncodingError,
-				Log:  fmt.Sprintf("Max tx size is 8 bytes, got %d", len(req.Tx))}
-		}
-		tx8 := make([]byte, 8)
-		copy(tx8[len(tx8)-len(req.Tx):], req.Tx)
-		txValue := binary.BigEndian.Uint64(tx8)
-		if txValue != uint64(app.txCount) {
-			return types.ResponseDeliverTx{
-				Code: code.CodeTypeBadNonce,
-				Log:  fmt.Sprintf("Invalid nonce. Expected %v, got %v", app.txCount, txValue)}
+		for _, tx := range req.Txs {
+			if len(tx) > 8 {
+				return types.ResponseFinalizeBlock{Txs: []*types.ResponseDeliverTx{{
+					Code: code.CodeTypeEncodingError,
+					Log:  fmt.Sprintf("Max tx size is 8 bytes, got %d", len(tx))}},
+				}
+			}
+			tx8 := make([]byte, 8)
+			copy(tx8[len(tx8)-len(tx):], tx)
+			txValue := binary.BigEndian.Uint64(tx8)
+			if txValue != uint64(app.txCount) {
+				return types.ResponseFinalizeBlock{
+					Txs: []*types.ResponseDeliverTx{{
+						Code: code.CodeTypeBadNonce,
+						Log:  fmt.Sprintf("Invalid nonce. Expected %v, got %v", app.txCount, txValue)}},
+				}
+			}
 		}
 	}
 	app.txCount++
-	return types.ResponseDeliverTx{Code: code.CodeTypeOK}
+	return types.ResponseFinalizeBlock{Txs: []*types.ResponseDeliverTx{{Code: code.CodeTypeOK}}}
 }
 
 func (app *Application) CheckTx(req types.RequestCheckTx) types.ResponseCheckTx {

abci/example/example_test.go

@@ -76,20 +76,22 @@ func testStream(t *testing.T, app types.Application) {
 	client.SetResponseCallback(func(req *types.Request, res *types.Response) {
 		// Process response
 		switch r := res.Value.(type) {
-		case *types.Response_DeliverTx:
-			counter++
-			if r.DeliverTx.Code != code.CodeTypeOK {
-				t.Error("DeliverTx failed with ret_code", r.DeliverTx.Code)
-			}
-			if counter > numDeliverTxs {
-				t.Fatalf("Too many DeliverTx responses. Got %d, expected %d", counter, numDeliverTxs)
-			}
-			if counter == numDeliverTxs {
-				go func() {
-					time.Sleep(time.Second * 1) // Wait for a bit to allow counter overflow
-					close(done)
-				}()
-				return
+		case *types.Response_FinalizeBlock:
+			for _, tx := range r.FinalizeBlock.Txs {
+				counter++
+				if tx.Code != code.CodeTypeOK {
+					t.Error("DeliverTx failed with ret_code", tx.Code)
+				}
+				if counter > numDeliverTxs {
+					t.Fatalf("Too many DeliverTx responses. Got %d, expected %d", counter, numDeliverTxs)
+				}
+				if counter == numDeliverTxs {
+					go func() {
+						time.Sleep(time.Second * 1) // Wait for a bit to allow counter overflow
+						close(done)
+					}()
+					return
+				}
 			}
 		case *types.Response_Flush:
 			// ignore
@@ -103,7 +105,8 @@ func testStream(t *testing.T, app types.Application) {
 	// Write requests
 	for counter := 0; counter < numDeliverTxs; counter++ {
 		// Send request
-		_, err = client.DeliverTxAsync(ctx, types.RequestDeliverTx{Tx: []byte("test")})
+		tx := []byte("test")
+		_, err = client.FinalizeBlockAsync(ctx, types.RequestFinalizeBlock{Txs: [][]byte{tx}})
 		require.NoError(t, err)
 
 		// Sometimes send flush messages
@@ -163,22 +166,25 @@ func testGRPCSync(t *testing.T, app types.ABCIApplicationServer) {
 	// Write requests
 	for counter := 0; counter < numDeliverTxs; counter++ {
 		// Send request
-		response, err := client.DeliverTx(context.Background(), &types.RequestDeliverTx{Tx: []byte("test")})
+		txt := []byte("test")
+		response, err := client.FinalizeBlock(context.Background(), &types.RequestFinalizeBlock{Txs: [][]byte{txt}})
 		if err != nil {
 			t.Fatalf("Error in GRPC DeliverTx: %v", err.Error())
 		}
 		counter++
-		if response.Code != code.CodeTypeOK {
-			t.Error("DeliverTx failed with ret_code", response.Code)
-		}
-		if counter > numDeliverTxs {
-			t.Fatal("Too many DeliverTx responses")
-		}
-		t.Log("response", counter)
-		if counter == numDeliverTxs {
-			go func() {
-				time.Sleep(time.Second * 1) // Wait for a bit to allow counter overflow
-			}()
+		for _, tx := range response.Txs {
+			if tx.Code != code.CodeTypeOK {
+				t.Error("DeliverTx failed with ret_code", tx.Code)
+			}
+			if counter > numDeliverTxs {
+				t.Fatal("Too many DeliverTx responses")
+			}
+			t.Log("response", counter)
+			if counter == numDeliverTxs {
+				go func() {
+					time.Sleep(time.Second * 1) // Wait for a bit to allow counter overflow
+				}()
+			}
 		}
 
 	}

abci/example/kvstore/helpers.go

@@ -1,6 +1,8 @@
 package kvstore
 
 import (
+	mrand "math/rand"
+
 	"github.com/tendermint/tendermint/abci/types"
 	tmrand "github.com/tendermint/tendermint/libs/rand"
 )
@@ -9,7 +11,8 @@ import (
 // from the input value
 func RandVal(i int) types.ValidatorUpdate {
 	pubkey := tmrand.Bytes(32)
-	power := tmrand.Uint16() + 1
+	// Random value between [0, 2^16 - 1]
+	power := mrand.Uint32() & (1<<16 - 1) // nolint:gosec // G404: Use of weak random number generator
 	v := types.UpdateValidator(pubkey, int64(power), "")
 	return v
 }

abci/example/kvstore/kvstore.go

@@ -86,34 +86,40 @@ func (app *Application) Info(req types.RequestInfo) (resInfo types.ResponseInfo)
 }
 
 // tx is either "key=value" or just arbitrary bytes
-func (app *Application) DeliverTx(req types.RequestDeliverTx) types.ResponseDeliverTx {
-	var key, value []byte
-	parts := bytes.Split(req.Tx, []byte("="))
-	if len(parts) == 2 {
-		key, value = parts[0], parts[1]
-	} else {
-		key, value = req.Tx, req.Tx
-	}
+func (app *Application) FinalizeBlock(req types.RequestFinalizeBlock) types.ResponseFinalizeBlock {
+	var key, value string
+	var txs = make([]*types.ResponseDeliverTx, len(req.Txs))
 
-	err := app.state.db.Set(prefixKey(key), value)
-	if err != nil {
-		panic(err)
-	}
-	app.state.Size++
+	for i, tx := range req.Txs {
+		parts := bytes.Split(tx, []byte("="))
+		if len(parts) == 2 {
+			key, value = string(parts[0]), string(parts[1])
+		} else {
+			key, value = string(tx), string(tx)
+		}
 
-	events := []types.Event{
-		{
-			Type: "app",
-			Attributes: []types.EventAttribute{
-				{Key: []byte("creator"), Value: []byte("Cosmoshi Netowoko"), Index: true},
-				{Key: []byte("key"), Value: key, Index: true},
-				{Key: []byte("index_key"), Value: []byte("index is working"), Index: true},
-				{Key: []byte("noindex_key"), Value: []byte("index is working"), Index: false},
+		err := app.state.db.Set(prefixKey([]byte(key)), []byte(value))
+		if err != nil {
+			panic(err)
+		}
+		app.state.Size++
+
+		events := []types.Event{
+			{
+				Type: "app",
+				Attributes: []types.EventAttribute{
+					{Key: "creator", Value: "Cosmoshi Netowoko", Index: true},
+					{Key: "key", Value: key, Index: true},
+					{Key: "index_key", Value: "index is working", Index: true},
+					{Key: "noindex_key", Value: "index is working", Index: false},
+				},
 			},
-		},
+		}
+
+		txs[i] = &types.ResponseDeliverTx{Code: code.CodeTypeOK, Events: events}
 	}
 
-	return types.ResponseDeliverTx{Code: code.CodeTypeOK, Events: events}
+	return types.ResponseFinalizeBlock{Txs: txs}
 }
 
 func (app *Application) CheckTx(req types.RequestCheckTx) types.ResponseCheckTx {

abci/example/kvstore/kvstore_test.go

@@ -27,12 +27,16 @@ const (
 var ctx = context.Background()
 
 func testKVStore(t *testing.T, app types.Application, tx []byte, key, value string) {
-	req := types.RequestDeliverTx{Tx: tx}
-	ar := app.DeliverTx(req)
-	require.False(t, ar.IsErr(), ar)
+	req := types.RequestFinalizeBlock{Txs: [][]byte{tx}}
+	ar := app.FinalizeBlock(req)
+	for _, tx := range ar.Txs {
+		require.False(t, tx.IsErr(), ar)
+	}
 	// repeating tx doesn't raise error
-	ar = app.DeliverTx(req)
-	require.False(t, ar.IsErr(), ar)
+	ar = app.FinalizeBlock(req)
+	for _, tx := range ar.Txs {
+		require.False(t, tx.IsErr(), ar)
+	}
 	// commit
 	app.Commit()
 
@@ -109,8 +113,7 @@ func TestPersistentKVStoreInfo(t *testing.T) {
 	header := tmproto.Header{
 		Height: height,
 	}
-	kvstore.BeginBlock(types.RequestBeginBlock{Hash: hash, Header: header})
-	kvstore.EndBlock(types.RequestEndBlock{Height: header.Height})
+	kvstore.FinalizeBlock(types.RequestFinalizeBlock{Hash: hash, Header: header})
 	kvstore.Commit()
 
 	resInfo = kvstore.Info(types.RequestInfo{})
@@ -200,16 +203,15 @@ func makeApplyBlock(
 		Height: height,
 	}
 
-	kvstore.BeginBlock(types.RequestBeginBlock{Hash: hash, Header: header})
-	for _, tx := range txs {
-		if r := kvstore.DeliverTx(types.RequestDeliverTx{Tx: tx}); r.IsErr() {
-			t.Fatal(r)
-		}
-	}
-	resEndBlock := kvstore.EndBlock(types.RequestEndBlock{Height: header.Height})
+	resFinalizeBlock := kvstore.FinalizeBlock(types.RequestFinalizeBlock{
+		Hash:   hash,
+		Header: header,
+		Txs:    txs,
+	})
+
 	kvstore.Commit()
 
-	valsEqual(t, diff, resEndBlock.ValidatorUpdates)
+	valsEqual(t, diff, resFinalizeBlock.ValidatorUpdates)
 
 }
 
@@ -326,13 +328,16 @@ func runClientTests(t *testing.T, client abcicli.Client) {
 }
 
 func testClient(t *testing.T, app abcicli.Client, tx []byte, key, value string) {
-	ar, err := app.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: tx})
+	ar, err := app.FinalizeBlockSync(ctx, types.RequestFinalizeBlock{Txs: [][]byte{tx}})
+	for _, tx := range ar.Txs {
+		require.False(t, tx.IsErr(), ar)
+	}
+
+	ar, err = app.FinalizeBlockSync(ctx, types.RequestFinalizeBlock{Txs: [][]byte{tx}}) // repeating tx doesn't raise error
 	require.NoError(t, err)
-	require.False(t, ar.IsErr(), ar)
-	// repeating tx doesn't raise error
-	ar, err = app.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: tx})
-	require.NoError(t, err)
-	require.False(t, ar.IsErr(), ar)
+	for _, tx := range ar.Txs {
+		require.False(t, tx.IsErr(), ar)
+	}
 	// commit
 	_, err = app.CommitSync(ctx)
 	require.NoError(t, err)

abci/example/kvstore/persistent_kvstore.go

@@ -51,6 +51,10 @@ func NewPersistentKVStoreApplication(dbDir string) *PersistentKVStoreApplication
 	}
 }
 
+func (app *PersistentKVStoreApplication) Close() error {
+	return app.app.state.db.Close()
+}
+
 func (app *PersistentKVStoreApplication) SetLogger(l log.Logger) {
 	app.logger = l
 }
@@ -62,19 +66,19 @@ func (app *PersistentKVStoreApplication) Info(req types.RequestInfo) types.Respo
 	return res
 }
 
-// tx is either "val:pubkey!power" or "key=value" or just arbitrary bytes
-func (app *PersistentKVStoreApplication) DeliverTx(req types.RequestDeliverTx) types.ResponseDeliverTx {
-	// if it starts with "val:", update the validator set
-	// format is "val:pubkey!power"
-	if isValidatorTx(req.Tx) {
-		// update validators in the merkle tree
-		// and in app.ValUpdates
-		return app.execValidatorTx(req.Tx)
-	}
+// // tx is either "val:pubkey!power" or "key=value" or just arbitrary bytes
+// func (app *PersistentKVStoreApplication) DeliverTx(req types.RequestDeliverTx) types.ResponseDeliverTx {
+// 	// if it starts with "val:", update the validator set
+// 	// format is "val:pubkey!power"
+// 	if isValidatorTx(req.Tx) {
+// 		// update validators in the merkle tree
+// 		// and in app.ValUpdates
+// 		return app.execValidatorTx(req.Tx)
+// 	}
 
-	// otherwise, update the key-value store
-	return app.app.DeliverTx(req)
-}
+// 	// otherwise, update the key-value store
+// 	return app.app.DeliverTx(req)
+// }
 
 func (app *PersistentKVStoreApplication) CheckTx(req types.RequestCheckTx) types.ResponseCheckTx {
 	return app.app.CheckTx(req)
@@ -115,8 +119,40 @@ func (app *PersistentKVStoreApplication) InitChain(req types.RequestInitChain) t
 	return types.ResponseInitChain{}
 }
 
-// Track the block hash and header information
-func (app *PersistentKVStoreApplication) BeginBlock(req types.RequestBeginBlock) types.ResponseBeginBlock {
+func (app *PersistentKVStoreApplication) ListSnapshots(
+	req types.RequestListSnapshots) types.ResponseListSnapshots {
+	return types.ResponseListSnapshots{}
+}
+
+func (app *PersistentKVStoreApplication) LoadSnapshotChunk(
+	req types.RequestLoadSnapshotChunk) types.ResponseLoadSnapshotChunk {
+	return types.ResponseLoadSnapshotChunk{}
+}
+
+func (app *PersistentKVStoreApplication) OfferSnapshot(
+	req types.RequestOfferSnapshot) types.ResponseOfferSnapshot {
+	return types.ResponseOfferSnapshot{Result: types.ResponseOfferSnapshot_ABORT}
+}
+
+func (app *PersistentKVStoreApplication) ApplySnapshotChunk(
+	req types.RequestApplySnapshotChunk) types.ResponseApplySnapshotChunk {
+	return types.ResponseApplySnapshotChunk{Result: types.ResponseApplySnapshotChunk_ABORT}
+}
+
+func (app *PersistentKVStoreApplication) FinalizeBlock(
+	req types.RequestFinalizeBlock) types.ResponseFinalizeBlock {
+	// for i, tx := range req.Txs {
+	// 	// if it starts with "val:", update the validator set
+	// 	// format is "val:pubkey!power"
+	// 	if isValidatorTx(tx) {
+	// 		// update validators in the merkle tree
+	// 		// and in app.ValUpdates
+	// 		return app.execValidatorTx(req.Tx)
+	// 	}
+
+	// 	// otherwise, update the key-value store
+	// 	return app.app.DeliverTx(tx)
+	// }
 	// reset valset changes
 	app.ValUpdates = make([]types.ValidatorUpdate, 0)
 
@@ -138,32 +174,7 @@ func (app *PersistentKVStoreApplication) BeginBlock(req types.RequestBeginBlock)
 		}
 	}
 
-	return types.ResponseBeginBlock{}
-}
-
-// Update the validator set
-func (app *PersistentKVStoreApplication) EndBlock(req types.RequestEndBlock) types.ResponseEndBlock {
-	return types.ResponseEndBlock{ValidatorUpdates: app.ValUpdates}
-}
-
-func (app *PersistentKVStoreApplication) ListSnapshots(
-	req types.RequestListSnapshots) types.ResponseListSnapshots {
-	return types.ResponseListSnapshots{}
-}
-
-func (app *PersistentKVStoreApplication) LoadSnapshotChunk(
-	req types.RequestLoadSnapshotChunk) types.ResponseLoadSnapshotChunk {
-	return types.ResponseLoadSnapshotChunk{}
-}
-
-func (app *PersistentKVStoreApplication) OfferSnapshot(
-	req types.RequestOfferSnapshot) types.ResponseOfferSnapshot {
-	return types.ResponseOfferSnapshot{Result: types.ResponseOfferSnapshot_ABORT}
-}
-
-func (app *PersistentKVStoreApplication) ApplySnapshotChunk(
-	req types.RequestApplySnapshotChunk) types.ResponseApplySnapshotChunk {
-	return types.ResponseApplySnapshotChunk{Result: types.ResponseApplySnapshotChunk_ABORT}
+	return types.ResponseFinalizeBlock{ValidatorUpdates: app.ValUpdates}
 }
 
 //---------------------------------------------

abci/server/socket_server.go

@@ -9,10 +9,10 @@ import (
 	"runtime"
 
 	"github.com/tendermint/tendermint/abci/types"
+	tmsync "github.com/tendermint/tendermint/internal/libs/sync"
 	tmlog "github.com/tendermint/tendermint/libs/log"
 	tmnet "github.com/tendermint/tendermint/libs/net"
 	"github.com/tendermint/tendermint/libs/service"
-	tmsync "github.com/tendermint/tendermint/libs/sync"
 )
 
 // var maxNumberConnections = 2
@@ -200,9 +200,6 @@ func (s *SocketServer) handleRequest(req *types.Request, responses chan<- *types
 	case *types.Request_Info:
 		res := s.app.Info(*r.Info)
 		responses <- types.ToResponseInfo(res)
-	case *types.Request_DeliverTx:
-		res := s.app.DeliverTx(*r.DeliverTx)
-		responses <- types.ToResponseDeliverTx(res)
 	case *types.Request_CheckTx:
 		res := s.app.CheckTx(*r.CheckTx)
 		responses <- types.ToResponseCheckTx(res)
@@ -215,12 +212,6 @@ func (s *SocketServer) handleRequest(req *types.Request, responses chan<- *types
 	case *types.Request_InitChain:
 		res := s.app.InitChain(*r.InitChain)
 		responses <- types.ToResponseInitChain(res)
-	case *types.Request_BeginBlock:
-		res := s.app.BeginBlock(*r.BeginBlock)
-		responses <- types.ToResponseBeginBlock(res)
-	case *types.Request_EndBlock:
-		res := s.app.EndBlock(*r.EndBlock)
-		responses <- types.ToResponseEndBlock(res)
 	case *types.Request_ListSnapshots:
 		res := s.app.ListSnapshots(*r.ListSnapshots)
 		responses <- types.ToResponseListSnapshots(res)
@@ -233,6 +224,9 @@ func (s *SocketServer) handleRequest(req *types.Request, responses chan<- *types
 	case *types.Request_ApplySnapshotChunk:
 		res := s.app.ApplySnapshotChunk(*r.ApplySnapshotChunk)
 		responses <- types.ToResponseApplySnapshotChunk(res)
+	case *types.Request_FinalizeBlock:
+		res := s.app.FinalizeBlock(*r.FinalizeBlock)
+		responses <- types.ToResponseFinalizeBlock(res)
 	default:
 		responses <- types.ToResponseException("Unknown request")
 	}

abci/tests/server/client.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	mrand "math/rand"
 
 	abcicli "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/types"
@@ -18,7 +19,8 @@ func InitChain(client abcicli.Client) error {
 	vals := make([]types.ValidatorUpdate, total)
 	for i := 0; i < total; i++ {
 		pubkey := tmrand.Bytes(33)
-		power := tmrand.Int()
+		// nolint:gosec // G404: Use of weak random number generator
+		power := mrand.Int()
 		vals[i] = types.UpdateValidator(pubkey, int64(power), "")
 	}
 	_, err := client.InitChainSync(ctx, types.RequestInitChain{
@@ -49,20 +51,22 @@ func Commit(client abcicli.Client, hashExp []byte) error {
 	return nil
 }
 
-func DeliverTx(client abcicli.Client, txBytes []byte, codeExp uint32, dataExp []byte) error {
-	res, _ := client.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: txBytes})
-	code, data, log := res.Code, res.Data, res.Log
-	if code != codeExp {
-		fmt.Println("Failed test: DeliverTx")
-		fmt.Printf("DeliverTx response code was unexpected. Got %v expected %v. Log: %v\n",
-			code, codeExp, log)
-		return errors.New("deliverTx error")
-	}
-	if !bytes.Equal(data, dataExp) {
-		fmt.Println("Failed test: DeliverTx")
-		fmt.Printf("DeliverTx response data was unexpected. Got %X expected %X\n",
-			data, dataExp)
-		return errors.New("deliverTx error")
+func FinalizeBlock(client abcicli.Client, txBytes []byte, codeExp uint32, dataExp []byte) error {
+	res, _ := client.FinalizeBlockSync(ctx, types.RequestFinalizeBlock{Txs: [][]byte{txBytes}})
+	for _, tx := range res.Txs {
+		code, data, log := tx.Code, tx.Data, tx.Log
+		if code != codeExp {
+			fmt.Println("Failed test: DeliverTx")
+			fmt.Printf("DeliverTx response code was unexpected. Got %v expected %v. Log: %v\n",
+				code, codeExp, log)
+			return errors.New("deliverTx error")
+		}
+		if !bytes.Equal(data, dataExp) {
+			fmt.Println("Failed test: DeliverTx")
+			fmt.Printf("DeliverTx response data was unexpected. Got %X expected %X\n",
+				data, dataExp)
+			return errors.New("deliverTx error")
+		}
 	}
 	fmt.Println("Passed test: DeliverTx")
 	return nil

abci/tests/test_app/app.go

@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"os"
 
 	abcicli "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/types"
@@ -19,7 +18,7 @@ func startClient(abciType string) abcicli.Client {
 	if err != nil {
 		panic(err.Error())
 	}
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	logger := log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 	client.SetLogger(logger.With("module", "abcicli"))
 	if err := client.Start(); err != nil {
 		panicf("connecting to abci_app: %v", err.Error())
@@ -38,16 +37,29 @@ func commit(client abcicli.Client, hashExp []byte) {
 	}
 }
 
-func deliverTx(client abcicli.Client, txBytes []byte, codeExp uint32, dataExp []byte) {
-	res, err := client.DeliverTxSync(ctx, types.RequestDeliverTx{Tx: txBytes})
+type tx struct {
+	Data    []byte
+	CodeExp uint32
+	DataExp []byte
+}
+
+func finalizeBlock(client abcicli.Client, txs []tx) {
+	var txsData = make([][]byte, len(txs))
+	for i, tx := range txs {
+		txsData[i] = tx.Data
+	}
+
+	res, err := client.FinalizeBlockSync(ctx, types.RequestFinalizeBlock{Txs: txsData})
 	if err != nil {
 		panicf("client error: %v", err)
 	}
-	if res.Code != codeExp {
-		panicf("DeliverTx response code was unexpected. Got %v expected %v. Log: %v", res.Code, codeExp, res.Log)
-	}
-	if !bytes.Equal(res.Data, dataExp) {
-		panicf("DeliverTx response data was unexpected. Got %X expected %X", res.Data, dataExp)
+	for i, tx := range res.Txs {
+		if tx.Code != txs[i].CodeExp {
+			panicf("DeliverTx response code was unexpected. Got %v expected %v. Log: %v", tx.Code, txs[i].CodeExp, tx.Log)
+		}
+		if !bytes.Equal(tx.Data, txs[i].DataExp) {
+			panicf("DeliverTx response data was unexpected. Got %X expected %X", tx.Data, txs[i].DataExp)
+		}
 	}
 }
 

abci/tests/test_app/main.go

@@ -81,13 +81,15 @@ func testCounter() {
 	// commit(client, nil)
 	// deliverTx(client, []byte("abc"), code.CodeTypeBadNonce, nil)
 	commit(client, nil)
-	deliverTx(client, []byte{0x00}, types.CodeTypeOK, nil)
+	finalizeBlock(client, []tx{{Data: []byte{0x00}, CodeExp: types.CodeTypeOK, DataExp: nil}})
 	commit(client, []byte{0, 0, 0, 0, 0, 0, 0, 1})
 	// deliverTx(client, []byte{0x00}, code.CodeTypeBadNonce, nil)
-	deliverTx(client, []byte{0x01}, types.CodeTypeOK, nil)
-	deliverTx(client, []byte{0x00, 0x02}, types.CodeTypeOK, nil)
-	deliverTx(client, []byte{0x00, 0x03}, types.CodeTypeOK, nil)
-	deliverTx(client, []byte{0x00, 0x00, 0x04}, types.CodeTypeOK, nil)
+	txs := []tx{
+		{Data: []byte{0x01}, DataExp: nil, CodeExp: types.CodeTypeOK},
+		{Data: []byte{0x00, 0x02}, DataExp: nil, CodeExp: types.CodeTypeOK},
+		{Data: []byte{0x00, 0x03}, DataExp: nil, CodeExp: types.CodeTypeOK},
+		{Data: []byte{0x00, 0x00, 0x04}, DataExp: nil, CodeExp: types.CodeTypeOK}}
+	finalizeBlock(client, txs)
 	// deliverTx(client, []byte{0x00, 0x00, 0x06}, code.CodeTypeBadNonce, nil)
 	commit(client, []byte{0, 0, 0, 0, 0, 0, 0, 5})
 }

abci/types/application.go

@@ -17,11 +17,9 @@ type Application interface {
 	CheckTx(RequestCheckTx) ResponseCheckTx // Validate a tx for the mempool
 
 	// Consensus Connection
-	InitChain(RequestInitChain) ResponseInitChain    // Initialize blockchain w validators/other info from TendermintCore
-	BeginBlock(RequestBeginBlock) ResponseBeginBlock // Signals the beginning of a block
-	DeliverTx(RequestDeliverTx) ResponseDeliverTx    // Deliver a tx for full processing
-	EndBlock(RequestEndBlock) ResponseEndBlock       // Signals the end of a block, returns changes to the validator set
-	Commit() ResponseCommit                          // Commit the state and return the application Merkle root hash
+	InitChain(RequestInitChain) ResponseInitChain // Initialize blockchain w validators/other info from TendermintCore
+	FinalizeBlock(RequestFinalizeBlock) ResponseFinalizeBlock
+	Commit() ResponseCommit // Commit the state and return the application Merkle root hash
 
 	// State Sync Connection
 	ListSnapshots(RequestListSnapshots) ResponseListSnapshots                // List available snapshots
@@ -46,10 +44,6 @@ func (BaseApplication) Info(req RequestInfo) ResponseInfo {
 	return ResponseInfo{}
 }
 
-func (BaseApplication) DeliverTx(req RequestDeliverTx) ResponseDeliverTx {
-	return ResponseDeliverTx{Code: CodeTypeOK}
-}
-
 func (BaseApplication) CheckTx(req RequestCheckTx) ResponseCheckTx {
 	return ResponseCheckTx{Code: CodeTypeOK}
 }
@@ -66,14 +60,6 @@ func (BaseApplication) InitChain(req RequestInitChain) ResponseInitChain {
 	return ResponseInitChain{}
 }
 
-func (BaseApplication) BeginBlock(req RequestBeginBlock) ResponseBeginBlock {
-	return ResponseBeginBlock{}
-}
-
-func (BaseApplication) EndBlock(req RequestEndBlock) ResponseEndBlock {
-	return ResponseEndBlock{}
-}
-
 func (BaseApplication) ListSnapshots(req RequestListSnapshots) ResponseListSnapshots {
 	return ResponseListSnapshots{}
 }
@@ -90,6 +76,10 @@ func (BaseApplication) ApplySnapshotChunk(req RequestApplySnapshotChunk) Respons
 	return ResponseApplySnapshotChunk{}
 }
 
+func (BaseApplication) FinalizeBlock(req RequestFinalizeBlock) ResponseFinalizeBlock {
+	return ResponseFinalizeBlock{}
+}
+
 //-------------------------------------------------------
 
 // GRPCApplication is a GRPC wrapper for Application
@@ -114,11 +104,6 @@ func (app *GRPCApplication) Info(ctx context.Context, req *RequestInfo) (*Respon
 	return &res, nil
 }
 
-func (app *GRPCApplication) DeliverTx(ctx context.Context, req *RequestDeliverTx) (*ResponseDeliverTx, error) {
-	res := app.app.DeliverTx(*req)
-	return &res, nil
-}
-
 func (app *GRPCApplication) CheckTx(ctx context.Context, req *RequestCheckTx) (*ResponseCheckTx, error) {
 	res := app.app.CheckTx(*req)
 	return &res, nil
@@ -139,16 +124,6 @@ func (app *GRPCApplication) InitChain(ctx context.Context, req *RequestInitChain
 	return &res, nil
 }
 
-func (app *GRPCApplication) BeginBlock(ctx context.Context, req *RequestBeginBlock) (*ResponseBeginBlock, error) {
-	res := app.app.BeginBlock(*req)
-	return &res, nil
-}
-
-func (app *GRPCApplication) EndBlock(ctx context.Context, req *RequestEndBlock) (*ResponseEndBlock, error) {
-	res := app.app.EndBlock(*req)
-	return &res, nil
-}
-
 func (app *GRPCApplication) ListSnapshots(
 	ctx context.Context, req *RequestListSnapshots) (*ResponseListSnapshots, error) {
 	res := app.app.ListSnapshots(*req)
@@ -172,3 +147,9 @@ func (app *GRPCApplication) ApplySnapshotChunk(
 	res := app.app.ApplySnapshotChunk(*req)
 	return &res, nil
 }
+
+func (app *GRPCApplication) FinalizeBlock(
+	ctx context.Context, req *RequestFinalizeBlock) (*ResponseFinalizeBlock, error) {
+	res := app.app.FinalizeBlock(*req)
+	return &res, nil
+}

abci/types/messages.go

@@ -4,7 +4,7 @@ import (
 	"io"
 
 	"github.com/gogo/protobuf/proto"
-	"github.com/tendermint/tendermint/libs/protoio"
+	"github.com/tendermint/tendermint/internal/libs/protoio"
 )
 
 const (
@@ -48,12 +48,6 @@ func ToRequestInfo(req RequestInfo) *Request {
 	}
 }
 
-func ToRequestDeliverTx(req RequestDeliverTx) *Request {
-	return &Request{
-		Value: &Request_DeliverTx{&req},
-	}
-}
-
 func ToRequestCheckTx(req RequestCheckTx) *Request {
 	return &Request{
 		Value: &Request_CheckTx{&req},
@@ -78,18 +72,6 @@ func ToRequestInitChain(req RequestInitChain) *Request {
 	}
 }
 
-func ToRequestBeginBlock(req RequestBeginBlock) *Request {
-	return &Request{
-		Value: &Request_BeginBlock{&req},
-	}
-}
-
-func ToRequestEndBlock(req RequestEndBlock) *Request {
-	return &Request{
-		Value: &Request_EndBlock{&req},
-	}
-}
-
 func ToRequestListSnapshots(req RequestListSnapshots) *Request {
 	return &Request{
 		Value: &Request_ListSnapshots{&req},
@@ -114,6 +96,12 @@ func ToRequestApplySnapshotChunk(req RequestApplySnapshotChunk) *Request {
 	}
 }
 
+func ToRequestFinalizeBlock(req RequestFinalizeBlock) *Request {
+	return &Request{
+		Value: &Request_FinalizeBlock{&req},
+	}
+}
+
 //----------------------------------------
 
 func ToResponseException(errStr string) *Response {
@@ -139,11 +127,6 @@ func ToResponseInfo(res ResponseInfo) *Response {
 		Value: &Response_Info{&res},
 	}
 }
-func ToResponseDeliverTx(res ResponseDeliverTx) *Response {
-	return &Response{
-		Value: &Response_DeliverTx{&res},
-	}
-}
 
 func ToResponseCheckTx(res ResponseCheckTx) *Response {
 	return &Response{
@@ -169,18 +152,6 @@ func ToResponseInitChain(res ResponseInitChain) *Response {
 	}
 }
 
-func ToResponseBeginBlock(res ResponseBeginBlock) *Response {
-	return &Response{
-		Value: &Response_BeginBlock{&res},
-	}
-}
-
-func ToResponseEndBlock(res ResponseEndBlock) *Response {
-	return &Response{
-		Value: &Response_EndBlock{&res},
-	}
-}
-
 func ToResponseListSnapshots(res ResponseListSnapshots) *Response {
 	return &Response{
 		Value: &Response_ListSnapshots{&res},
@@ -204,3 +175,9 @@ func ToResponseApplySnapshotChunk(res ResponseApplySnapshotChunk) *Response {
 		Value: &Response_ApplySnapshotChunk{&res},
 	}
 }
+
+func ToResponseFinalizeBlock(res ResponseFinalizeBlock) *Response {
+	return &Response{
+		Value: &Response_FinalizeBlock{&res},
+	}
+}

abci/types/messages_test.go

@@ -25,7 +25,7 @@ func TestMarshalJSON(t *testing.T) {
 			{
 				Type: "testEvent",
 				Attributes: []EventAttribute{
-					{Key: []byte("pho"), Value: []byte("bo")},
+					{Key: "pho", Value: "bo"},
 				},
 			},
 		},
@@ -92,7 +92,7 @@ func TestWriteReadMessage2(t *testing.T) {
 				{
 					Type: "testEvent",
 					Attributes: []EventAttribute{
-						{Key: []byte("abc"), Value: []byte("def")},
+						{Key: "abc", Value: "def"},
 					},
 				},
 			},

abci/types/pubkey.go

@@ -6,6 +6,7 @@ import (
 	"github.com/tendermint/tendermint/crypto/ed25519"
 	cryptoenc "github.com/tendermint/tendermint/crypto/encoding"
 	"github.com/tendermint/tendermint/crypto/secp256k1"
+	"github.com/tendermint/tendermint/crypto/sr25519"
 )
 
 func Ed25519ValidatorUpdate(pk []byte, power int64) ValidatorUpdate {
@@ -17,7 +18,6 @@ func Ed25519ValidatorUpdate(pk []byte, power int64) ValidatorUpdate {
 	}
 
 	return ValidatorUpdate{
-		// Address:
 		PubKey: pkp,
 		Power:  power,
 	}
@@ -34,7 +34,16 @@ func UpdateValidator(pk []byte, power int64, keyType string) ValidatorUpdate {
 			panic(err)
 		}
 		return ValidatorUpdate{
-			// Address:
+			PubKey: pkp,
+			Power:  power,
+		}
+	case sr25519.KeyType:
+		pke := sr25519.PubKey(pk)
+		pkp, err := cryptoenc.PubKeyToProto(pke)
+		if err != nil {
+			panic(err)
+		}
+		return ValidatorUpdate{
 			PubKey: pkp,
 			Power:  power,
 		}

blockchain/v0/test_util.go

@@ -1,50 +0,0 @@
-package v0
-
-import (
-	"sort"
-
-	cfg "github.com/tendermint/tendermint/config"
-	sm "github.com/tendermint/tendermint/state"
-	"github.com/tendermint/tendermint/types"
-	tmtime "github.com/tendermint/tendermint/types/time"
-)
-
-func randGenesisDoc(
-	config *cfg.Config,
-	numValidators int,
-	randPower bool,
-	minPower int64,
-) (*types.GenesisDoc, []types.PrivValidator) {
-	validators := make([]types.GenesisValidator, numValidators)
-	privValidators := make([]types.PrivValidator, numValidators)
-
-	for i := 0; i < numValidators; i++ {
-		val, privVal := types.RandValidator(randPower, minPower)
-		validators[i] = types.GenesisValidator{
-			PubKey: val.PubKey,
-			Power:  val.VotingPower,
-		}
-
-		privValidators[i] = privVal
-	}
-
-	sort.Sort(types.PrivValidatorsByAddress(privValidators))
-
-	return &types.GenesisDoc{
-		GenesisTime: tmtime.Now(),
-		ChainID:     config.ChainID(),
-		Validators:  validators,
-	}, privValidators
-}
-
-func makeTxs(height int64) (txs []types.Tx) {
-	for i := 0; i < 10; i++ {
-		txs = append(txs, types.Tx([]byte{byte(height), byte(i)}))
-	}
-	return txs
-}
-
-func makeBlock(height int64, state sm.State, lastCommit *types.Commit) *types.Block {
-	block, _ := state.MakeBlock(height, makeTxs(height), lastCommit, nil, state.Validators.GetProposer().Address)
-	return block
-}

cmd/priv_val_server/main.go

@@ -46,9 +46,8 @@ func main() {
 		rootCA           = flag.String("rootcafile", "", "absolute path to root CA")
 		prometheusAddr   = flag.String("prometheus-addr", "", "address for prometheus endpoint (host:port)")
 
-		logger = log.NewTMLogger(
-			log.NewSyncWriter(os.Stdout),
-		).With("module", "priv_val")
+		logger = log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false).
+			With("module", "priv_val")
 	)
 	flag.Parse()
 

cmd/tendermint/commands/debug/debug.go

@@ -1,8 +1,6 @@
 package debug
 
 import (
-	"os"
-
 	"github.com/spf13/cobra"
 
 	"github.com/tendermint/tendermint/libs/log"
@@ -17,7 +15,7 @@ var (
 	flagProfAddr    = "pprof-laddr"
 	flagFrequency   = "frequency"
 
-	logger = log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	logger = log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 )
 
 // DebugCmd defines the root command containing subcommands that assist in

cmd/tendermint/commands/gen_node_key.go

@@ -6,7 +6,7 @@ import (
 	"github.com/spf13/cobra"
 
 	tmjson "github.com/tendermint/tendermint/libs/json"
-	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/types"
 )
 
 // GenNodeKeyCmd allows the generation of a node key. It prints JSON-encoded
@@ -20,7 +20,7 @@ var GenNodeKeyCmd = &cobra.Command{
 }
 
 func genNodeKey(cmd *cobra.Command, args []string) error {
-	nodeKey := p2p.GenNodeKey()
+	nodeKey := types.GenNodeKey()
 
 	bz, err := tmjson.Marshal(nodeKey)
 	if err != nil {

cmd/tendermint/commands/init.go

@@ -2,6 +2,7 @@ package commands
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"github.com/spf13/cobra"
@@ -9,17 +10,19 @@ import (
 	cfg "github.com/tendermint/tendermint/config"
 	tmos "github.com/tendermint/tendermint/libs/os"
 	tmrand "github.com/tendermint/tendermint/libs/rand"
-	"github.com/tendermint/tendermint/p2p"
+	tmtime "github.com/tendermint/tendermint/libs/time"
 	"github.com/tendermint/tendermint/privval"
 	"github.com/tendermint/tendermint/types"
-	tmtime "github.com/tendermint/tendermint/types/time"
 )
 
 // InitFilesCmd initializes a fresh Tendermint Core instance.
 var InitFilesCmd = &cobra.Command{
-	Use:   "init",
-	Short: "Initialize Tendermint",
-	RunE:  initFiles,
+	Use:       "init [full|validator|seed]",
+	Short:     "Initializes a Tendermint node",
+	ValidArgs: []string{"full", "validator", "seed"},
+	// We allow for zero args so we can throw a more informative error
+	Args: cobra.MaximumNArgs(1),
+	RunE: initFiles,
 }
 
 var (
@@ -32,40 +35,47 @@ func init() {
 }
 
 func initFiles(cmd *cobra.Command, args []string) error {
+	if len(args) == 0 {
+		return errors.New("must specify a node type: tendermint init [validator|full|seed]")
+	}
+	config.Mode = args[0]
 	return initFilesWithConfig(config)
 }
 
 func initFilesWithConfig(config *cfg.Config) error {
-	// private validator
-	privValKeyFile := config.PrivValidatorKeyFile()
-	privValStateFile := config.PrivValidatorStateFile()
 	var (
 		pv  *privval.FilePV
 		err error
 	)
-	if tmos.FileExists(privValKeyFile) {
-		pv, err = privval.LoadFilePV(privValKeyFile, privValStateFile)
-		if err != nil {
-			return err
-		}
 
-		logger.Info("Found private validator", "keyFile", privValKeyFile,
-			"stateFile", privValStateFile)
-	} else {
-		pv, err = privval.GenFilePV(privValKeyFile, privValStateFile, keyType)
-		if err != nil {
-			return err
+	if config.Mode == cfg.ModeValidator {
+		// private validator
+		privValKeyFile := config.PrivValidator.KeyFile()
+		privValStateFile := config.PrivValidator.StateFile()
+		if tmos.FileExists(privValKeyFile) {
+			pv, err = privval.LoadFilePV(privValKeyFile, privValStateFile)
+			if err != nil {
+				return err
+			}
+
+			logger.Info("Found private validator", "keyFile", privValKeyFile,
+				"stateFile", privValStateFile)
+		} else {
+			pv, err = privval.GenFilePV(privValKeyFile, privValStateFile, keyType)
+			if err != nil {
+				return err
+			}
+			pv.Save()
+			logger.Info("Generated private validator", "keyFile", privValKeyFile,
+				"stateFile", privValStateFile)
 		}
-		pv.Save()
-		logger.Info("Generated private validator", "keyFile", privValKeyFile,
-			"stateFile", privValStateFile)
 	}
 
 	nodeKeyFile := config.NodeKeyFile()
 	if tmos.FileExists(nodeKeyFile) {
 		logger.Info("Found node key", "path", nodeKeyFile)
 	} else {
-		if _, err := p2p.LoadOrGenNodeKey(nodeKeyFile); err != nil {
+		if _, err := types.LoadOrGenNodeKey(nodeKeyFile); err != nil {
 			return err
 		}
 		logger.Info("Generated node key", "path", nodeKeyFile)
@@ -91,15 +101,18 @@ func initFilesWithConfig(config *cfg.Config) error {
 		ctx, cancel := context.WithTimeout(context.TODO(), ctxTimeout)
 		defer cancel()
 
-		pubKey, err := pv.GetPubKey(ctx)
-		if err != nil {
-			return fmt.Errorf("can't get pubkey: %w", err)
+		// if this is a validator we add it to genesis
+		if pv != nil {
+			pubKey, err := pv.GetPubKey(ctx)
+			if err != nil {
+				return fmt.Errorf("can't get pubkey: %w", err)
+			}
+			genDoc.Validators = []types.GenesisValidator{{
+				Address: pubKey.Address(),
+				PubKey:  pubKey,
+				Power:   10,
+			}}
 		}
-		genDoc.Validators = []types.GenesisValidator{{
-			Address: pubKey.Address(),
-			PubKey:  pubKey,
-			Power:   10,
-		}}
 
 		if err := genDoc.SaveAs(genFile); err != nil {
 			return err
@@ -107,5 +120,9 @@ func initFilesWithConfig(config *cfg.Config) error {
 		logger.Info("Generated genesis file", "path", genFile)
 	}
 
+	// write config file
+	cfg.WriteConfigFile(config.RootDir, config)
+	logger.Info("Generated config", "mode", config.Mode)
+
 	return nil
 }

cmd/tendermint/commands/light.go

@@ -1,7 +1,6 @@
 package commands
 
 import (
-	"bufio"
 	"context"
 	"errors"
 	"fmt"
@@ -67,7 +66,8 @@ var (
 	trustedHash    []byte
 	trustLevelStr  string
 
-	verbose bool
+	logLevel  string
+	logFormat string
 
 	primaryKey   = []byte("primary")
 	witnessesKey = []byte("witnesses")
@@ -91,7 +91,8 @@ func init() {
 		"trusting period that headers can be verified within. Should be significantly less than the unbonding period")
 	LightCmd.Flags().Int64Var(&trustedHeight, "height", 1, "Trusted header's height")
 	LightCmd.Flags().BytesHexVar(&trustedHash, "hash", []byte{}, "Trusted header's hash")
-	LightCmd.Flags().BoolVar(&verbose, "verbose", false, "Verbose output")
+	LightCmd.Flags().StringVar(&logLevel, "log-level", log.LogLevelInfo, "The logging level (debug|info|warn|error|fatal)")
+	LightCmd.Flags().StringVar(&logFormat, "log-format", log.LogFormatPlain, "The logging format (text|json)")
 	LightCmd.Flags().StringVar(&trustLevelStr, "trust-level", "1/3",
 		"trust level. Must be between 1/3 and 3/3",
 	)
@@ -101,15 +102,10 @@ func init() {
 }
 
 func runProxy(cmd *cobra.Command, args []string) error {
-	// Initialize logger.
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
-	var option log.Option
-	if verbose {
-		option, _ = log.AllowLevel("debug")
-	} else {
-		option, _ = log.AllowLevel("info")
+	logger, err := log.NewDefaultLogger(logFormat, logLevel, false)
+	if err != nil {
+		return err
 	}
-	logger = log.NewFilter(logger, option)
 
 	chainID = args[0]
 	logger.Info("Creating client...", "chainID", chainID)
@@ -148,25 +144,7 @@ func runProxy(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("can't parse trust level: %w", err)
 	}
 
-	options := []light.Option{
-		light.Logger(logger),
-		light.ConfirmationFunction(func(action string) bool {
-			fmt.Println(action)
-			scanner := bufio.NewScanner(os.Stdin)
-			for {
-				scanner.Scan()
-				response := scanner.Text()
-				switch response {
-				case "y", "Y":
-					return true
-				case "n", "N":
-					return false
-				default:
-					fmt.Println("please input 'Y' or 'n' and press ENTER")
-				}
-			}
-		}),
-	}
+	options := []light.Option{light.Logger(logger)}
 
 	if sequential {
 		options = append(options, light.SequentialVerification())
@@ -174,31 +152,21 @@ func runProxy(cmd *cobra.Command, args []string) error {
 		options = append(options, light.SkippingVerification(trustLevel))
 	}
 
-	var c *light.Client
-	if trustedHeight > 0 && len(trustedHash) > 0 { // fresh installation
-		c, err = light.NewHTTPClient(
-			context.Background(),
-			chainID,
-			light.TrustOptions{
-				Period: trustingPeriod,
-				Height: trustedHeight,
-				Hash:   trustedHash,
-			},
-			primaryAddr,
-			witnessesAddrs,
-			dbs.New(db),
-			options...,
-		)
-	} else { // continue from latest state
-		c, err = light.NewHTTPClientFromTrustedStore(
-			chainID,
-			trustingPeriod,
-			primaryAddr,
-			witnessesAddrs,
-			dbs.New(db),
-			options...,
-		)
-	}
+	// Initiate the light client. If the trusted store already has blocks in it, this
+	// will be used else we use the trusted options.
+	c, err := light.NewHTTPClient(
+		context.Background(),
+		chainID,
+		light.TrustOptions{
+			Period: trustingPeriod,
+			Height: trustedHeight,
+			Hash:   trustedHash,
+		},
+		primaryAddr,
+		witnessesAddrs,
+		dbs.New(db),
+		options...,
+	)
 	if err != nil {
 		return err
 	}

cmd/tendermint/commands/probe_upnp.go

@@ -5,8 +5,8 @@ import (
 
 	"github.com/spf13/cobra"
 
+	"github.com/tendermint/tendermint/internal/p2p/upnp"
 	tmjson "github.com/tendermint/tendermint/libs/json"
-	"github.com/tendermint/tendermint/p2p/upnp"
 )
 
 // ProbeUpnpCmd adds capabilities to test the UPnP functionality.

cmd/tendermint/commands/replay.go

@@ -2,8 +2,7 @@ package commands
 
 import (
 	"github.com/spf13/cobra"
-
-	"github.com/tendermint/tendermint/consensus"
+	"github.com/tendermint/tendermint/internal/consensus"
 )
 
 // ReplayCmd allows replaying of messages from the WAL.

cmd/tendermint/commands/reset_priv_validator.go

@@ -41,14 +41,14 @@ var ResetPrivValidatorCmd = &cobra.Command{
 // XXX: this is totally unsafe.
 // it's only suitable for testnets.
 func resetAll(cmd *cobra.Command, args []string) error {
-	return ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidatorKeyFile(),
-		config.PrivValidatorStateFile(), logger)
+	return ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidator.KeyFile(),
+		config.PrivValidator.StateFile(), logger)
 }
 
 // XXX: this is totally unsafe.
 // it's only suitable for testnets.
 func resetPrivValidator(cmd *cobra.Command, args []string) error {
-	return resetFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile(), logger)
+	return resetFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile(), logger)
 }
 
 // ResetAll removes address book files plus all data, and resets the privValdiator data.

cmd/tendermint/commands/root.go

@@ -2,7 +2,6 @@ package commands
 
 import (
 	"fmt"
-	"os"
 	"strings"
 	"time"
 
@@ -10,14 +9,12 @@ import (
 	"github.com/spf13/viper"
 
 	cfg "github.com/tendermint/tendermint/config"
-	"github.com/tendermint/tendermint/libs/cli"
-	tmflags "github.com/tendermint/tendermint/libs/cli/flags"
 	"github.com/tendermint/tendermint/libs/log"
 )
 
 var (
 	config     = cfg.DefaultConfig()
-	logger     = log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	logger     = log.MustNewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo, false)
 	ctxTimeout = 4 * time.Second
 )
 
@@ -59,19 +56,11 @@ var RootCmd = &cobra.Command{
 			return err
 		}
 
-		if config.LogFormat == cfg.LogFormatJSON {
-			logger = log.NewTMJSONLogger(log.NewSyncWriter(os.Stdout))
-		}
-
-		logger, err = tmflags.ParseLogLevel(config.LogLevel, logger, cfg.DefaultLogLevel)
+		logger, err = log.NewDefaultLogger(config.LogFormat, config.LogLevel, false)
 		if err != nil {
 			return err
 		}
 
-		if viper.GetBool(cli.TraceFlag) {
-			logger = log.NewTracingLogger(logger)
-		}
-
 		logger = logger.With("module", "main")
 		return nil
 	},

cmd/tendermint/commands/root_test.go

@@ -18,10 +18,6 @@ import (
 	tmos "github.com/tendermint/tendermint/libs/os"
 )
 
-var (
-	defaultRoot = os.ExpandEnv("$HOME/.some/test/dir")
-)
-
 // clearConfig clears env vars, the given root dir, and resets viper.
 func clearConfig(dir string) {
 	if err := os.Unsetenv("TMHOME"); err != nil {
@@ -52,10 +48,10 @@ func testRootCmd() *cobra.Command {
 }
 
 func testSetup(rootDir string, args []string, env map[string]string) error {
-	clearConfig(defaultRoot)
+	clearConfig(rootDir)
 
 	rootCmd := testRootCmd()
-	cmd := cli.PrepareBaseCmd(rootCmd, "TM", defaultRoot)
+	cmd := cli.PrepareBaseCmd(rootCmd, "TM", rootDir)
 
 	// run with the args and env
 	args = append([]string{rootCmd.Use}, args...)
@@ -63,6 +59,7 @@ func testSetup(rootDir string, args []string, env map[string]string) error {
 }
 
 func TestRootHome(t *testing.T) {
+	defaultRoot := t.TempDir()
 	newRoot := filepath.Join(defaultRoot, "something-else")
 	cases := []struct {
 		args []string
@@ -105,6 +102,7 @@ func TestRootFlagsEnv(t *testing.T) {
 		{nil, map[string]string{"TM_LOG_LEVEL": "debug"}, "debug"},       // right env
 	}
 
+	defaultRoot := t.TempDir()
 	for i, tc := range cases {
 		idxString := strconv.Itoa(i)
 
@@ -118,7 +116,7 @@ func TestRootFlagsEnv(t *testing.T) {
 func TestRootConfig(t *testing.T) {
 
 	// write non-default config
-	nonDefaultLogLvl := "abc:debug"
+	nonDefaultLogLvl := "debug"
 	cvals := map[string]string{
 		"log-level": nonDefaultLogLvl,
 	}
@@ -129,12 +127,13 @@ func TestRootConfig(t *testing.T) {
 
 		logLvl string
 	}{
-		{nil, nil, nonDefaultLogLvl},                                     // should load config
-		{[]string{"--log-level=abc:info"}, nil, "abc:info"},              // flag over rides
-		{nil, map[string]string{"TM_LOG_LEVEL": "abc:info"}, "abc:info"}, // env over rides
+		{nil, nil, nonDefaultLogLvl},                             // should load config
+		{[]string{"--log-level=info"}, nil, "info"},              // flag over rides
+		{nil, map[string]string{"TM_LOG_LEVEL": "info"}, "info"}, // env over rides
 	}
 
 	for i, tc := range cases {
+		defaultRoot := t.TempDir()
 		idxString := strconv.Itoa(i)
 		clearConfig(defaultRoot)
 

cmd/tendermint/commands/run_node.go

@@ -11,7 +11,6 @@ import (
 
 	cfg "github.com/tendermint/tendermint/config"
 	tmos "github.com/tendermint/tendermint/libs/os"
-	nm "github.com/tendermint/tendermint/node"
 )
 
 var (
@@ -30,7 +29,7 @@ func AddNodeFlags(cmd *cobra.Command) {
 	// priv val flags
 	cmd.Flags().String(
 		"priv-validator-laddr",
-		config.PrivValidatorListenAddr,
+		config.PrivValidator.ListenAddr,
 		"socket address to listen on for connections from external priv-validator process")
 
 	// node flags
@@ -99,7 +98,7 @@ func AddNodeFlags(cmd *cobra.Command) {
 
 // NewRunNodeCmd returns the command that allows the CLI to start a node.
 // It can be used with a custom PrivValidator and in-process ABCI application.
-func NewRunNodeCmd(nodeProvider nm.Provider) *cobra.Command {
+func NewRunNodeCmd(nodeProvider cfg.ServiceProvider) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:     "start",
 		Aliases: []string{"node", "run"},
@@ -118,7 +117,7 @@ func NewRunNodeCmd(nodeProvider nm.Provider) *cobra.Command {
 				return fmt.Errorf("failed to start node: %w", err)
 			}
 
-			logger.Info("Started node", "nodeInfo", n.Switch().NodeInfo())
+			logger.Info("started node", "node", n.String())
 
 			// Stop upon receiving SIGTERM or CTRL-C.
 			tmos.TrapSignal(logger, func() {

cmd/tendermint/commands/show_node_id.go

@@ -4,8 +4,6 @@ import (
 	"fmt"
 
 	"github.com/spf13/cobra"
-
-	"github.com/tendermint/tendermint/p2p"
 )
 
 // ShowNodeIDCmd dumps node's ID to the standard output.
@@ -18,11 +16,11 @@ var ShowNodeIDCmd = &cobra.Command{
 }
 
 func showNodeID(cmd *cobra.Command, args []string) error {
-	nodeKey, err := p2p.LoadNodeKey(config.NodeKeyFile())
+	nodeKeyID, err := config.LoadNodeKeyID()
 	if err != nil {
 		return err
 	}
 
-	fmt.Println(nodeKey.ID)
+	fmt.Println(nodeKeyID)
 	return nil
 }

cmd/tendermint/commands/show_validator.go

@@ -30,10 +30,15 @@ func showValidator(cmd *cobra.Command, args []string) error {
 	)
 
 	//TODO: remove once gRPC is the only supported protocol
-	protocol, _ := tmnet.ProtocolAndAddress(config.PrivValidatorListenAddr)
+	protocol, _ := tmnet.ProtocolAndAddress(config.PrivValidator.ListenAddr)
 	switch protocol {
 	case "grpc":
-		pvsc, err := tmgrpc.DialRemoteSigner(config, config.ChainID(), logger)
+		pvsc, err := tmgrpc.DialRemoteSigner(
+			config.PrivValidator,
+			config.ChainID(),
+			logger,
+			config.Instrumentation.Prometheus,
+		)
 		if err != nil {
 			return fmt.Errorf("can't connect to remote validator %w", err)
 		}
@@ -47,12 +52,12 @@ func showValidator(cmd *cobra.Command, args []string) error {
 		}
 	default:
 
-		keyFilePath := config.PrivValidatorKeyFile()
+		keyFilePath := config.PrivValidator.KeyFile()
 		if !tmos.FileExists(keyFilePath) {
 			return fmt.Errorf("private validator file %s does not exist", keyFilePath)
 		}
 
-		pv, err := privval.LoadFilePV(keyFilePath, config.PrivValidatorStateFile())
+		pv, err := privval.LoadFilePV(keyFilePath, config.PrivValidator.StateFile())
 		if err != nil {
 			return err
 		}

cmd/tendermint/commands/testnet.go

@@ -14,10 +14,9 @@ import (
 	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/libs/bytes"
 	tmrand "github.com/tendermint/tendermint/libs/rand"
-	"github.com/tendermint/tendermint/p2p"
+	tmtime "github.com/tendermint/tendermint/libs/time"
 	"github.com/tendermint/tendermint/privval"
 	"github.com/tendermint/tendermint/types"
-	tmtime "github.com/tendermint/tendermint/types/time"
 )
 
 var (
@@ -106,8 +105,7 @@ func testnetFiles(cmd *cobra.Command, args []string) error {
 	}
 
 	// set mode to validator for testnet
-	config := cfg.DefaultConfig()
-	config.Mode = cfg.ModeValidator
+	config := cfg.DefaultValidatorConfig()
 
 	// overwrite default config if set and valid
 	if configFile != "" {
@@ -145,8 +143,8 @@ func testnetFiles(cmd *cobra.Command, args []string) error {
 			return err
 		}
 
-		pvKeyFile := filepath.Join(nodeDir, config.BaseConfig.PrivValidatorKey)
-		pvStateFile := filepath.Join(nodeDir, config.BaseConfig.PrivValidatorState)
+		pvKeyFile := filepath.Join(nodeDir, config.PrivValidator.Key)
+		pvStateFile := filepath.Join(nodeDir, config.PrivValidator.State)
 		pv, err := privval.LoadFilePV(pvKeyFile, pvStateFile)
 		if err != nil {
 			return err
@@ -242,7 +240,7 @@ func testnetFiles(cmd *cobra.Command, args []string) error {
 		}
 		config.Moniker = moniker(i)
 
-		cfg.WriteConfigFile(filepath.Join(nodeDir, "config", "config.toml"), config)
+		cfg.WriteConfigFile(nodeDir, config)
 	}
 
 	fmt.Printf("Successfully initialized %v node directories\n", nValidators+nNonValidators)
@@ -275,11 +273,11 @@ func persistentPeersArray(config *cfg.Config) ([]string, error) {
 	for i := 0; i < nValidators+nNonValidators; i++ {
 		nodeDir := filepath.Join(outputDir, fmt.Sprintf("%s%d", nodeDirPrefix, i))
 		config.SetRoot(nodeDir)
-		nodeKey, err := p2p.LoadNodeKey(config.NodeKeyFile())
+		nodeKey, err := config.LoadNodeKeyID()
 		if err != nil {
 			return []string{}, err
 		}
-		peers[i] = p2p.IDAddressString(nodeKey.ID, fmt.Sprintf("%s:%d", hostnameOrIP(i), p2pPort))
+		peers[i] = nodeKey.AddressString(fmt.Sprintf("%s:%d", hostnameOrIP(i), p2pPort))
 	}
 	return peers, nil
 }

cmd/tendermint/commands/version.go

@@ -13,6 +13,6 @@ var VersionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Show version info",
 	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println(version.TMCoreSemVer)
+		fmt.Println(version.TMVersion)
 	},
 }

cmd/tendermint/main.go

@@ -38,8 +38,8 @@ func main() {
 	//	* Supply a genesis doc file from another source
 	//	* Provide their own DB implementation
 	// can copy this file and use something other than the
-	// DefaultNewNode function
-	nodeFunc := nm.DefaultNewNode
+	// node.NewDefault function
+	nodeFunc := nm.NewDefault
 
 	// Create & start node
 	rootCmd.AddCommand(cmd.NewRunNodeCmd(nodeFunc))

config/config.go

@@ -4,10 +4,16 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
 	"time"
+
+	tmjson "github.com/tendermint/tendermint/libs/json"
+	"github.com/tendermint/tendermint/libs/log"
+	tmos "github.com/tendermint/tendermint/libs/os"
+	"github.com/tendermint/tendermint/types"
 )
 
 const (
@@ -16,11 +22,6 @@ const (
 	// FuzzModeDelay is a mode in which we randomly sleep
 	FuzzModeDelay
 
-	// LogFormatPlain is a format for colored text
-	LogFormatPlain = "plain"
-	// LogFormatJSON is a format for json output
-	LogFormatJSON = "json"
-
 	// DefaultLogLevel defines a default log level as INFO.
 	DefaultLogLevel = "info"
 
@@ -30,6 +31,9 @@ const (
 
 	BlockchainV0 = "v0"
 	BlockchainV2 = "v2"
+
+	MempoolV0 = "v0"
+	MempoolV1 = "v1"
 )
 
 // NOTE: Most of the structs & relevant comments + the
@@ -76,6 +80,7 @@ type Config struct {
 	Consensus       *ConsensusConfig       `mapstructure:"consensus"`
 	TxIndex         *TxIndexConfig         `mapstructure:"tx-index"`
 	Instrumentation *InstrumentationConfig `mapstructure:"instrumentation"`
+	PrivValidator   *PrivValidatorConfig   `mapstructure:"priv-validator"`
 }
 
 // DefaultConfig returns a default configuration for a Tendermint node
@@ -90,9 +95,17 @@ func DefaultConfig() *Config {
 		Consensus:       DefaultConsensusConfig(),
 		TxIndex:         DefaultTxIndexConfig(),
 		Instrumentation: DefaultInstrumentationConfig(),
+		PrivValidator:   DefaultPrivValidatorConfig(),
 	}
 }
 
+// DefaultValidatorConfig returns default config with mode as validator
+func DefaultValidatorConfig() *Config {
+	cfg := DefaultConfig()
+	cfg.Mode = ModeValidator
+	return cfg
+}
+
 // TestConfig returns a configuration that can be used for testing
 func TestConfig() *Config {
 	return &Config{
@@ -105,6 +118,7 @@ func TestConfig() *Config {
 		Consensus:       TestConsensusConfig(),
 		TxIndex:         TestTxIndexConfig(),
 		Instrumentation: TestInstrumentationConfig(),
+		PrivValidator:   DefaultPrivValidatorConfig(),
 	}
 }
 
@@ -115,6 +129,7 @@ func (cfg *Config) SetRoot(root string) *Config {
 	cfg.P2P.RootDir = root
 	cfg.Mempool.RootDir = root
 	cfg.Consensus.RootDir = root
+	cfg.PrivValidator.RootDir = root
 	return cfg
 }
 
@@ -167,13 +182,13 @@ type BaseConfig struct { //nolint: maligned
 	// A custom human readable name for this node
 	Moniker string `mapstructure:"moniker"`
 
-	// Mode of Node: full | validator | seed (default: "full")
-	// * full (default)
-	//   - all reactors
-	//   - No priv_validator_key.json, priv_validator_state.json
+	// Mode of Node: full | validator | seed
 	// * validator
 	//   - all reactors
 	//   - with priv_validator_key.json, priv_validator_state.json
+	// * full
+	//   - all reactors
+	//   - No priv_validator_key.json, priv_validator_state.json
 	// * seed
 	//   - only P2P, PEX Reactor
 	//   - No priv_validator_key.json, priv_validator_state.json
@@ -217,26 +232,6 @@ type BaseConfig struct { //nolint: maligned
 	// Path to the JSON file containing the initial validator set and other meta data
 	Genesis string `mapstructure:"genesis-file"`
 
-	// Path to the JSON file containing the private key to use as a validator in the consensus protocol
-	PrivValidatorKey string `mapstructure:"priv-validator-key-file"`
-
-	// Path to the JSON file containing the last sign state of a validator
-	PrivValidatorState string `mapstructure:"priv-validator-state-file"`
-
-	// TCP or UNIX socket address for Tendermint to listen on for
-	// connections from an external PrivValidator process
-	PrivValidatorListenAddr string `mapstructure:"priv-validator-laddr"`
-
-	// Client certificate generated while creating needed files for secure connection.
-	// If a remote validator address is provided but no certificate, the connection will be insecure
-	PrivValidatorClientCertificate string `mapstructure:"priv-validator-client-certificate-file"`
-
-	// Client key generated while creating certificates for secure connection
-	PrivValidatorClientKey string `mapstructure:"priv-validator-client-key-file"`
-
-	// Path Root Certificate Authority used to sign both client and server certificates
-	PrivValidatorRootCA string `mapstructure:"priv-validator-root-ca-file"`
-
 	// A JSON file containing the private key to use for p2p authenticated encryption
 	NodeKey string `mapstructure:"node-key-file"`
 
@@ -251,20 +246,18 @@ type BaseConfig struct { //nolint: maligned
 // DefaultBaseConfig returns a default base configuration for a Tendermint node
 func DefaultBaseConfig() BaseConfig {
 	return BaseConfig{
-		Genesis:            defaultGenesisJSONPath,
-		PrivValidatorKey:   defaultPrivValKeyPath,
-		PrivValidatorState: defaultPrivValStatePath,
-		NodeKey:            defaultNodeKeyPath,
-		Mode:               defaultMode,
-		Moniker:            defaultMoniker,
-		ProxyApp:           "tcp://127.0.0.1:26658",
-		ABCI:               "socket",
-		LogLevel:           DefaultLogLevel,
-		LogFormat:          LogFormatPlain,
-		FastSyncMode:       true,
-		FilterPeers:        false,
-		DBBackend:          "goleveldb",
-		DBPath:             "data",
+		Genesis:      defaultGenesisJSONPath,
+		NodeKey:      defaultNodeKeyPath,
+		Mode:         defaultMode,
+		Moniker:      defaultMoniker,
+		ProxyApp:     "tcp://127.0.0.1:26658",
+		ABCI:         "socket",
+		LogLevel:     DefaultLogLevel,
+		LogFormat:    log.LogFormatPlain,
+		FastSyncMode: true,
+		FilterPeers:  false,
+		DBBackend:    "goleveldb",
+		DBPath:       "data",
 	}
 }
 
@@ -288,70 +281,147 @@ func (cfg BaseConfig) GenesisFile() string {
 	return rootify(cfg.Genesis, cfg.RootDir)
 }
 
-// PrivValidatorClientKeyFile returns the full path to the priv_validator_key.json file
-func (cfg BaseConfig) PrivValidatorClientKeyFile() string {
-	return rootify(cfg.PrivValidatorClientKey, cfg.RootDir)
-}
-
-// PrivValidatorClientCertificateFile returns the full path to the priv_validator_key.json file
-func (cfg BaseConfig) PrivValidatorClientCertificateFile() string {
-	return rootify(cfg.PrivValidatorClientCertificate, cfg.RootDir)
-}
-
-// PrivValidatorCertificateAuthorityFile returns the full path to the priv_validator_key.json file
-func (cfg BaseConfig) PrivValidatorRootCAFile() string {
-	return rootify(cfg.PrivValidatorRootCA, cfg.RootDir)
-}
-
-// PrivValidatorKeyFile returns the full path to the priv_validator_key.json file
-func (cfg BaseConfig) PrivValidatorKeyFile() string {
-	return rootify(cfg.PrivValidatorKey, cfg.RootDir)
-}
-
-// PrivValidatorFile returns the full path to the priv_validator_state.json file
-func (cfg BaseConfig) PrivValidatorStateFile() string {
-	return rootify(cfg.PrivValidatorState, cfg.RootDir)
-}
-
 // NodeKeyFile returns the full path to the node_key.json file
 func (cfg BaseConfig) NodeKeyFile() string {
 	return rootify(cfg.NodeKey, cfg.RootDir)
 }
 
+// LoadNodeKey loads NodeKey located in filePath.
+func (cfg BaseConfig) LoadNodeKeyID() (types.NodeID, error) {
+	jsonBytes, err := ioutil.ReadFile(cfg.NodeKeyFile())
+	if err != nil {
+		return "", err
+	}
+	nodeKey := types.NodeKey{}
+	err = tmjson.Unmarshal(jsonBytes, &nodeKey)
+	if err != nil {
+		return "", err
+	}
+	nodeKey.ID = types.NodeIDFromPubKey(nodeKey.PubKey())
+	return nodeKey.ID, nil
+}
+
+// LoadOrGenNodeKey attempts to load the NodeKey from the given filePath. If
+// the file does not exist, it generates and saves a new NodeKey.
+func (cfg BaseConfig) LoadOrGenNodeKeyID() (types.NodeID, error) {
+	if tmos.FileExists(cfg.NodeKeyFile()) {
+		nodeKey, err := cfg.LoadNodeKeyID()
+		if err != nil {
+			return "", err
+		}
+		return nodeKey, nil
+	}
+
+	nodeKey := types.GenNodeKey()
+
+	if err := nodeKey.SaveAs(cfg.NodeKeyFile()); err != nil {
+		return "", err
+	}
+
+	return nodeKey.ID, nil
+}
+
 // DBDir returns the full path to the database directory
 func (cfg BaseConfig) DBDir() string {
 	return rootify(cfg.DBPath, cfg.RootDir)
 }
 
-func (cfg *BaseConfig) ArePrivValidatorClientSecurityOptionsPresent() bool {
-	switch {
-	case cfg.PrivValidatorRootCA == "":
-		return false
-	case cfg.PrivValidatorClientKey == "":
-		return false
-	case cfg.PrivValidatorClientCertificate == "":
-		return false
-	default:
-		return true
-	}
-}
-
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg BaseConfig) ValidateBasic() error {
 	switch cfg.LogFormat {
-	case LogFormatPlain, LogFormatJSON:
+	case log.LogFormatJSON, log.LogFormatText, log.LogFormatPlain:
 	default:
-		return errors.New("unknown log format (must be 'plain' or 'json')")
+		return errors.New("unknown log format (must be 'plain', 'text' or 'json')")
 	}
+
 	switch cfg.Mode {
 	case ModeFull, ModeValidator, ModeSeed:
+	case "":
+		return errors.New("no mode has been set")
+
 	default:
 		return fmt.Errorf("unknown mode: %v", cfg.Mode)
 	}
+
 	return nil
 }
 
+//-----------------------------------------------------------------------------
+// PrivValidatorConfig
+
+// PrivValidatorConfig defines the configuration parameters for running a validator
+type PrivValidatorConfig struct {
+	RootDir string `mapstructure:"home"`
+
+	// Path to the JSON file containing the private key to use as a validator in the consensus protocol
+	Key string `mapstructure:"key-file"`
+
+	// Path to the JSON file containing the last sign state of a validator
+	State string `mapstructure:"state-file"`
+
+	// TCP or UNIX socket address for Tendermint to listen on for
+	// connections from an external PrivValidator process
+	ListenAddr string `mapstructure:"laddr"`
+
+	// Client certificate generated while creating needed files for secure connection.
+	// If a remote validator address is provided but no certificate, the connection will be insecure
+	ClientCertificate string `mapstructure:"client-certificate-file"`
+
+	// Client key generated while creating certificates for secure connection
+	ClientKey string `mapstructure:"client-key-file"`
+
+	// Path Root Certificate Authority used to sign both client and server certificates
+	RootCA string `mapstructure:"root-ca-file"`
+}
+
+// DefaultBaseConfig returns a default private validator configuration
+// for a Tendermint node.
+func DefaultPrivValidatorConfig() *PrivValidatorConfig {
+	return &PrivValidatorConfig{
+		Key:   defaultPrivValKeyPath,
+		State: defaultPrivValStatePath,
+	}
+}
+
+// ClientKeyFile returns the full path to the priv_validator_key.json file
+func (cfg *PrivValidatorConfig) ClientKeyFile() string {
+	return rootify(cfg.ClientKey, cfg.RootDir)
+}
+
+// ClientCertificateFile returns the full path to the priv_validator_key.json file
+func (cfg *PrivValidatorConfig) ClientCertificateFile() string {
+	return rootify(cfg.ClientCertificate, cfg.RootDir)
+}
+
+// CertificateAuthorityFile returns the full path to the priv_validator_key.json file
+func (cfg *PrivValidatorConfig) RootCAFile() string {
+	return rootify(cfg.RootCA, cfg.RootDir)
+}
+
+// KeyFile returns the full path to the priv_validator_key.json file
+func (cfg *PrivValidatorConfig) KeyFile() string {
+	return rootify(cfg.Key, cfg.RootDir)
+}
+
+// StateFile returns the full path to the priv_validator_state.json file
+func (cfg *PrivValidatorConfig) StateFile() string {
+	return rootify(cfg.State, cfg.RootDir)
+}
+
+func (cfg *PrivValidatorConfig) AreSecurityOptionsPresent() bool {
+	switch {
+	case cfg.RootCA == "":
+		return false
+	case cfg.ClientKey == "":
+		return false
+	case cfg.ClientCertificate == "":
+		return false
+	default:
+		return true
+	}
+}
+
 //-----------------------------------------------------------------------------
 // RPCConfig
 
@@ -542,8 +612,16 @@ type P2PConfig struct { //nolint: maligned
 
 	// Comma separated list of seed nodes to connect to
 	// We only use these if we can’t connect to peers in the addrbook
+	// NOTE: not used by the new PEX reactor. Please use BootstrapPeers instead.
+	// TODO: Remove once p2p refactor is complete
+	// ref: https://github.com/tendermint/tendermint/issues/5670
 	Seeds string `mapstructure:"seeds"`
 
+	// Comma separated list of peers to be added to the peer store
+	// on startup. Either BootstrapPeers or PersistentPeers are
+	// needed for peer discovery
+	BootstrapPeers string `mapstructure:"bootstrap-peers"`
+
 	// Comma separated list of nodes to keep persistent connections to
 	PersistentPeers string `mapstructure:"persistent-peers"`
 
@@ -558,11 +636,25 @@ type P2PConfig struct { //nolint: maligned
 	AddrBookStrict bool `mapstructure:"addr-book-strict"`
 
 	// Maximum number of inbound peers
+	//
+	// TODO: Remove once p2p refactor is complete in favor of MaxConnections.
+	// ref: https://github.com/tendermint/tendermint/issues/5670
 	MaxNumInboundPeers int `mapstructure:"max-num-inbound-peers"`
 
-	// Maximum number of outbound peers to connect to, excluding persistent peers
+	// Maximum number of outbound peers to connect to, excluding persistent peers.
+	//
+	// TODO: Remove once p2p refactor is complete in favor of MaxConnections.
+	// ref: https://github.com/tendermint/tendermint/issues/5670
 	MaxNumOutboundPeers int `mapstructure:"max-num-outbound-peers"`
 
+	// MaxConnections defines the maximum number of connected peers (inbound and
+	// outbound).
+	MaxConnections uint16 `mapstructure:"max-connections"`
+
+	// MaxIncomingConnectionAttempts rate limits the number of incoming connection
+	// attempts per IP address.
+	MaxIncomingConnectionAttempts uint `mapstructure:"max-incoming-connection-attempts"`
+
 	// List of node IDs, to which a connection will be (re)established ignoring any existing limits
 	UnconditionalPeerIDs string `mapstructure:"unconditional-peer-ids"`
 
@@ -598,20 +690,31 @@ type P2PConfig struct { //nolint: maligned
 	// Testing params.
 	// Force dial to fail
 	TestDialFail bool `mapstructure:"test-dial-fail"`
+
+	// DisableLegacy is used mostly for testing to enable or disable the legacy
+	// P2P stack.
+	DisableLegacy bool `mapstructure:"disable-legacy"`
+
+	// Makes it possible to configure which queue backend the p2p
+	// layer uses. Options are: "fifo", "priority" and "wdrr",
+	// with the default being "fifo".
+	QueueType string `mapstructure:"queue-type"`
 }
 
 // DefaultP2PConfig returns a default configuration for the peer-to-peer layer
 func DefaultP2PConfig() *P2PConfig {
 	return &P2PConfig{
-		ListenAddress:                "tcp://0.0.0.0:26656",
-		ExternalAddress:              "",
-		UPNP:                         false,
-		AddrBook:                     defaultAddrBookPath,
-		AddrBookStrict:               true,
-		MaxNumInboundPeers:           40,
-		MaxNumOutboundPeers:          10,
-		PersistentPeersMaxDialPeriod: 0 * time.Second,
-		FlushThrottleTimeout:         100 * time.Millisecond,
+		ListenAddress:                 "tcp://0.0.0.0:26656",
+		ExternalAddress:               "",
+		UPNP:                          false,
+		AddrBook:                      defaultAddrBookPath,
+		AddrBookStrict:                true,
+		MaxNumInboundPeers:            40,
+		MaxNumOutboundPeers:           10,
+		MaxConnections:                64,
+		MaxIncomingConnectionAttempts: 100,
+		PersistentPeersMaxDialPeriod:  0 * time.Second,
+		FlushThrottleTimeout:          100 * time.Millisecond,
 		// The MTU (Maximum Transmission Unit) for Ethernet is 1500 bytes.
 		// The IP header and the TCP header take up 20 bytes each at least (unless
 		// optional header fields are used) and thus the max for (non-Jumbo frame)
@@ -625,6 +728,7 @@ func DefaultP2PConfig() *P2PConfig {
 		HandshakeTimeout:        20 * time.Second,
 		DialTimeout:             3 * time.Second,
 		TestDialFail:            false,
+		QueueType:               "priority",
 	}
 }
 
@@ -672,12 +776,12 @@ func (cfg *P2PConfig) ValidateBasic() error {
 //-----------------------------------------------------------------------------
 // MempoolConfig
 
-// MempoolConfig defines the configuration options for the Tendermint mempool
+// MempoolConfig defines the configuration options for the Tendermint mempool.
 type MempoolConfig struct {
+	Version   string `mapstructure:"version"`
 	RootDir   string `mapstructure:"home"`
 	Recheck   bool   `mapstructure:"recheck"`
 	Broadcast bool   `mapstructure:"broadcast"`
-	WalPath   string `mapstructure:"wal-dir"`
 	// Maximum number of transactions in the mempool
 	Size int `mapstructure:"size"`
 	// Limit the total size of all txs in the mempool.
@@ -699,12 +803,12 @@ type MempoolConfig struct {
 	MaxBatchBytes int `mapstructure:"max-batch-bytes"`
 }
 
-// DefaultMempoolConfig returns a default configuration for the Tendermint mempool
+// DefaultMempoolConfig returns a default configuration for the Tendermint mempool.
 func DefaultMempoolConfig() *MempoolConfig {
 	return &MempoolConfig{
+		Version:   MempoolV1,
 		Recheck:   true,
 		Broadcast: true,
-		WalPath:   "",
 		// Each signature verification takes .5ms, Size reduced until we implement
 		// ABCI Recheck
 		Size:        5000,
@@ -721,16 +825,6 @@ func TestMempoolConfig() *MempoolConfig {
 	return cfg
 }
 
-// WalDir returns the full path to the mempool's write-ahead log
-func (cfg *MempoolConfig) WalDir() string {
-	return rootify(cfg.WalPath, cfg.RootDir)
-}
-
-// WalEnabled returns true if the WAL is enabled.
-func (cfg *MempoolConfig) WalEnabled() bool {
-	return cfg.WalPath != ""
-}
-
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg *MempoolConfig) ValidateBasic() error {
@@ -754,13 +848,15 @@ func (cfg *MempoolConfig) ValidateBasic() error {
 
 // StateSyncConfig defines the configuration for the Tendermint state sync service
 type StateSyncConfig struct {
-	Enable        bool          `mapstructure:"enable"`
-	TempDir       string        `mapstructure:"temp-dir"`
-	RPCServers    []string      `mapstructure:"rpc-servers"`
-	TrustPeriod   time.Duration `mapstructure:"trust-period"`
-	TrustHeight   int64         `mapstructure:"trust-height"`
-	TrustHash     string        `mapstructure:"trust-hash"`
-	DiscoveryTime time.Duration `mapstructure:"discovery-time"`
+	Enable              bool          `mapstructure:"enable"`
+	TempDir             string        `mapstructure:"temp-dir"`
+	RPCServers          []string      `mapstructure:"rpc-servers"`
+	TrustPeriod         time.Duration `mapstructure:"trust-period"`
+	TrustHeight         int64         `mapstructure:"trust-height"`
+	TrustHash           string        `mapstructure:"trust-hash"`
+	DiscoveryTime       time.Duration `mapstructure:"discovery-time"`
+	ChunkRequestTimeout time.Duration `mapstructure:"chunk-request-timeout"`
+	Fetchers            int32         `mapstructure:"fetchers"`
 }
 
 func (cfg *StateSyncConfig) TrustHashBytes() []byte {
@@ -775,8 +871,10 @@ func (cfg *StateSyncConfig) TrustHashBytes() []byte {
 // DefaultStateSyncConfig returns a default configuration for the state sync service
 func DefaultStateSyncConfig() *StateSyncConfig {
 	return &StateSyncConfig{
-		TrustPeriod:   168 * time.Hour,
-		DiscoveryTime: 15 * time.Second,
+		TrustPeriod:         168 * time.Hour,
+		DiscoveryTime:       15 * time.Second,
+		ChunkRequestTimeout: 15 * time.Second,
+		Fetchers:            4,
 	}
 }
 
@@ -791,28 +889,47 @@ func (cfg *StateSyncConfig) ValidateBasic() error {
 		if len(cfg.RPCServers) == 0 {
 			return errors.New("rpc-servers is required")
 		}
+
 		if len(cfg.RPCServers) < 2 {
 			return errors.New("at least two rpc-servers entries is required")
 		}
+
 		for _, server := range cfg.RPCServers {
 			if len(server) == 0 {
 				return errors.New("found empty rpc-servers entry")
 			}
 		}
+
+		if cfg.DiscoveryTime != 0 && cfg.DiscoveryTime < 5*time.Second {
+			return errors.New("discovery time must be 0s or greater than five seconds")
+		}
+
 		if cfg.TrustPeriod <= 0 {
 			return errors.New("trusted-period is required")
 		}
+
 		if cfg.TrustHeight <= 0 {
 			return errors.New("trusted-height is required")
 		}
+
 		if len(cfg.TrustHash) == 0 {
 			return errors.New("trusted-hash is required")
 		}
+
 		_, err := hex.DecodeString(cfg.TrustHash)
 		if err != nil {
 			return fmt.Errorf("invalid trusted-hash: %w", err)
 		}
+
+		if cfg.ChunkRequestTimeout < 5*time.Second {
+			return errors.New("chunk-request-timeout must be at least 5 seconds")
+		}
+
+		if cfg.Fetchers <= 0 {
+			return errors.New("fetchers is required")
+		}
 	}
+
 	return nil
 }
 
@@ -1023,19 +1140,25 @@ func (cfg *ConsensusConfig) ValidateBasic() error {
 // TxIndexConfig defines the configuration for the transaction indexer,
 // including composite keys to index.
 type TxIndexConfig struct {
-	// What indexer to use for transactions
+	// The backend database list to back the indexer.
+	// If list contains `null`, meaning no indexer service will be used.
 	//
 	// Options:
-	//   1) "null"
+	//   1) "null" - no indexer services.
 	//   2) "kv" (default) - the simplest possible indexer,
 	//      backed by key-value storage (defaults to levelDB; see DBBackend).
-	Indexer string `mapstructure:"indexer"`
+	//   3) "psql" - the indexer services backed by PostgreSQL.
+	Indexer []string `mapstructure:"indexer"`
+
+	// The PostgreSQL connection configuration, the connection format:
+	// postgresql://<user>:<password>@<host>:<port>/<db>?<opts>
+	PsqlConn string `mapstructure:"psql-conn"`
 }
 
 // DefaultTxIndexConfig returns a default configuration for the transaction indexer.
 func DefaultTxIndexConfig() *TxIndexConfig {
 	return &TxIndexConfig{
-		Indexer: "kv",
+		Indexer: []string{"kv"},
 	}
 }
 

config/config_test.go

@@ -22,12 +22,9 @@ func TestDefaultConfig(t *testing.T) {
 	cfg.SetRoot("/foo")
 	cfg.Genesis = "bar"
 	cfg.DBPath = "/opt/data"
-	cfg.Mempool.WalPath = "wal/mem/"
 
 	assert.Equal("/foo/bar", cfg.GenesisFile())
 	assert.Equal("/opt/data", cfg.DBDir())
-	assert.Equal("/foo/wal/mem", cfg.Mempool.WalDir())
-
 }
 
 func TestConfigValidateBasic(t *testing.T) {

config/db.go

@@ -0,0 +1,26 @@
+package config
+
+import (
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/libs/service"
+	db "github.com/tendermint/tm-db"
+)
+
+// ServiceProvider takes a config and a logger and returns a ready to go Node.
+type ServiceProvider func(*Config, log.Logger) (service.Service, error)
+
+// DBContext specifies config information for loading a new DB.
+type DBContext struct {
+	ID     string
+	Config *Config
+}
+
+// DBProvider takes a DBContext and returns an instantiated DB.
+type DBProvider func(*DBContext) (db.DB, error)
+
+// DefaultDBProvider returns a database using the DBBackend and DBDir
+// specified in the Config.
+func DefaultDBProvider(ctx *DBContext) (db.DB, error) {
+	dbType := db.BackendType(ctx.Config.DBBackend)
+	return db.NewDB(ctx.ID, dbType, ctx.Config.DBDir())
+}

config/toml.go

@@ -41,32 +41,29 @@ func EnsureRoot(rootDir string) {
 	if err := tmos.EnsureDir(filepath.Join(rootDir, defaultDataDir), DefaultDirPerm); err != nil {
 		panic(err.Error())
 	}
-
-	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
-
-	// Write default config file if missing.
-	if !tmos.FileExists(configFilePath) {
-		writeDefaultConfigFile(configFilePath)
-	}
-}
-
-// XXX: this func should probably be called by cmd/tendermint/commands/init.go
-// alongside the writing of the genesis.json and priv_validator.json
-func writeDefaultConfigFile(configFilePath string) {
-	WriteConfigFile(configFilePath, DefaultConfig())
 }
 
 // WriteConfigFile renders config using the template and writes it to configFilePath.
-func WriteConfigFile(configFilePath string, config *Config) {
+// This function is called by cmd/tendermint/commands/init.go
+func WriteConfigFile(rootDir string, config *Config) {
 	var buffer bytes.Buffer
 
 	if err := configTemplate.Execute(&buffer, config); err != nil {
 		panic(err)
 	}
 
+	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
+
 	mustWriteFile(configFilePath, buffer.Bytes(), 0644)
 }
 
+func writeDefaultConfigFileIfNone(rootDir string) {
+	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
+	if !tmos.FileExists(configFilePath) {
+		WriteConfigFile(rootDir, DefaultConfig())
+	}
+}
+
 // Note: any changes to the comments/variables/mapstructure
 // must be reflected in the appropriate struct in config/config.go
 const defaultConfigTemplate = `# This is a TOML config file.
@@ -88,14 +85,13 @@ proxy-app = "{{ .BaseConfig.ProxyApp }}"
 # A custom human readable name for this node
 moniker = "{{ .BaseConfig.Moniker }}"
 
-# Mode of Node: full | validator | seed (default: "full")
-# You will need to set it to "validator" if you want to run the node as a validator
-# * full node (default)
-#   - all reactors
-#   - No priv_validator_key.json, priv_validator_state.json
+# Mode of Node: full | validator | seed
 # * validator node
 #   - all reactors
 #   - with priv_validator_key.json, priv_validator_state.json
+# * full node
+#   - all reactors
+#   - No priv_validator_key.json, priv_validator_state.json
 # * seed node
 #   - only P2P, PEX Reactor
 #   - No priv_validator_key.json, priv_validator_state.json
@@ -141,27 +137,6 @@ log-format = "{{ .BaseConfig.LogFormat }}"
 # Path to the JSON file containing the initial validator set and other meta data
 genesis-file = "{{ js .BaseConfig.Genesis }}"
 
-# Path to the JSON file containing the private key to use as a validator in the consensus protocol
-priv-validator-key-file = "{{ js .BaseConfig.PrivValidatorKey }}"
-
-# Path to the JSON file containing the last sign state of a validator
-priv-validator-state-file = "{{ js .BaseConfig.PrivValidatorState }}"
-
-# TCP or UNIX socket address for Tendermint to listen on for
-# connections from an external PrivValidator process
-# when the listenAddr is prefixed with grpc instead of tcp it will use the gRPC Client
-priv-validator-laddr = "{{ .BaseConfig.PrivValidatorListenAddr }}"
-
-# Client certificate generated while creating needed files for secure connection.
-# If a remote validator address is provided but no certificate, the connection will be insecure
-priv-validator-client-certificate-file = "{{ js .BaseConfig.PrivValidatorClientCertificate }}"
-
-# Client key generated while creating certificates for secure connection
-priv-validator-client-key-file = "{{ js .BaseConfig.PrivValidatorClientKey }}"
-
-# Path Root Certificate Authority used to sign both client and server certificates
-priv-validator-certificate-authority = "{{ js .BaseConfig.PrivValidatorRootCA }}"
-
 # Path to the JSON file containing the private key to use for node authentication in the p2p protocol
 node-key-file = "{{ js .BaseConfig.NodeKey }}"
 
@@ -173,6 +148,33 @@ abci = "{{ .BaseConfig.ABCI }}"
 filter-peers = {{ .BaseConfig.FilterPeers }}
 
 
+#######################################################
+###       Priv Validator Configuration              ###
+#######################################################
+[priv-validator]
+
+# Path to the JSON file containing the private key to use as a validator in the consensus protocol
+key-file = "{{ js .PrivValidator.Key }}"
+
+# Path to the JSON file containing the last sign state of a validator
+state-file = "{{ js .PrivValidator.State }}"
+
+# TCP or UNIX socket address for Tendermint to listen on for
+# connections from an external PrivValidator process
+# when the listenAddr is prefixed with grpc instead of tcp it will use the gRPC Client
+laddr = "{{ .PrivValidator.ListenAddr }}"
+
+# Client certificate generated while creating needed files for secure connection.
+# If a remote validator address is provided but no certificate, the connection will be insecure
+client-certificate-file = "{{ js .PrivValidator.ClientCertificate }}"
+
+# Client key generated while creating certificates for secure connection
+validator-client-key-file = "{{ js .PrivValidator.ClientKey }}"
+
+# Path Root Certificate Authority used to sign both client and server certificates
+certificate-authority = "{{ js .PrivValidator.RootCA }}"
+
+
 #######################################################################
 ###                 Advanced Configuration Options                  ###
 #######################################################################
@@ -266,18 +268,34 @@ pprof-laddr = "{{ .RPC.PprofListenAddress }}"
 #######################################################
 [p2p]
 
+# Enable the new p2p layer.
+disable-legacy = {{ .P2P.DisableLegacy }}
+
+# Select the p2p internal queue
+queue-type = "{{ .P2P.QueueType }}"
+
 # Address to listen for incoming connections
 laddr = "{{ .P2P.ListenAddress }}"
 
 # Address to advertise to peers for them to dial
 # If empty, will use the same port as the laddr,
 # and will introspect on the listener or use UPnP
-# to figure out the address.
+# to figure out the address. ip and port are required
+# example: 159.89.10.97:26656
 external-address = "{{ .P2P.ExternalAddress }}"
 
 # Comma separated list of seed nodes to connect to
+# We only use these if we can’t connect to peers in the addrbook
+# NOTE: not used by the new PEX reactor. Please use BootstrapPeers instead.
+# TODO: Remove once p2p refactor is complete
+# ref: https:#github.com/tendermint/tendermint/issues/5670
 seeds = "{{ .P2P.Seeds }}"
 
+# Comma separated list of peers to be added to the peer store
+# on startup. Either BootstrapPeers or PersistentPeers are
+# needed for peer discovery
+bootstrap-peers = "{{ .P2P.BootstrapPeers }}"
+
 # Comma separated list of nodes to keep persistent connections to
 persistent-peers = "{{ .P2P.PersistentPeers }}"
 
@@ -292,11 +310,23 @@ addr-book-file = "{{ js .P2P.AddrBook }}"
 addr-book-strict = {{ .P2P.AddrBookStrict }}
 
 # Maximum number of inbound peers
+#
+# TODO: Remove once p2p refactor is complete in favor of MaxConnections.
+# ref: https://github.com/tendermint/tendermint/issues/5670
 max-num-inbound-peers = {{ .P2P.MaxNumInboundPeers }}
 
 # Maximum number of outbound peers to connect to, excluding persistent peers
+#
+# TODO: Remove once p2p refactor is complete in favor of MaxConnections.
+# ref: https://github.com/tendermint/tendermint/issues/5670
 max-num-outbound-peers = {{ .P2P.MaxNumOutboundPeers }}
 
+# Maximum number of connections (inbound and outbound).
+max-connections = {{ .P2P.MaxConnections }}
+
+# Rate limits the number of incoming connection attempts per IP address.
+max-incoming-connection-attempts = {{ .P2P.MaxIncomingConnectionAttempts }}
+
 # List of node IDs, to which a connection will be (re)established ignoring any existing limits
 unconditional-peer-ids = "{{ .P2P.UnconditionalPeerIDs }}"
 
@@ -319,6 +349,7 @@ recv-rate = {{ .P2P.RecvRate }}
 pex = {{ .P2P.PexReactor }}
 
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
+# Warning: IPs will be exposed at /net_info, for more information https://github.com/tendermint/tendermint/issues/3055
 private-peer-ids = "{{ .P2P.PrivatePeerIDs }}"
 
 # Toggle to disable guard against peers connecting from the same ip.
@@ -333,9 +364,13 @@ dial-timeout = "{{ .P2P.DialTimeout }}"
 #######################################################
 [mempool]
 
+# Mempool version to use:
+#   1) "v0" - The legacy non-prioritized mempool reactor.
+#   2) "v1" (default) - The prioritized mempool reactor.
+version = "{{ .Mempool.Version }}"
+
 recheck = {{ .Mempool.Recheck }}
 broadcast = {{ .Mempool.Broadcast }}
-wal-dir = "{{ js .Mempool.WalPath }}"
 
 # Maximum number of transactions in the mempool
 size = {{ .Mempool.Size }}
@@ -391,6 +426,13 @@ discovery-time = "{{ .StateSync.DiscoveryTime }}"
 # Will create a new, randomly named directory within, and remove it when done.
 temp-dir = "{{ .StateSync.TempDir }}"
 
+# The timeout duration before re-requesting a chunk, possibly from a different
+# peer (default: 15 seconds).
+chunk-request-timeout = "{{ .StateSync.ChunkRequestTimeout }}"
+
+# The number of concurrent chunk and block fetchers to run (default: 4).
+fetchers = "{{ .StateSync.Fetchers }}"
+
 #######################################################
 ###       Fast Sync Configuration Connections       ###
 #######################################################
@@ -447,7 +489,8 @@ peer-query-maj23-sleep-duration = "{{ .Consensus.PeerQueryMaj23SleepDuration }}"
 #######################################################
 [tx-index]
 
-# What indexer to use for transactions
+# The backend database list to back the indexer.
+# If list contains null, meaning no indexer service will be used.
 #
 # The application will set which txs to index. In some cases a node operator will be able
 # to decide which txs to index based on configuration set in the application.
@@ -456,7 +499,12 @@ peer-query-maj23-sleep-duration = "{{ .Consensus.PeerQueryMaj23SleepDuration }}"
 #   1) "null"
 #   2) "kv" (default) - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend).
 # 		- When "kv" is chosen "tx.height" and "tx.hash" will always be indexed.
-indexer = "{{ .TxIndex.Indexer }}"
+#   3) "psql" - the indexer services backed by PostgreSQL.
+indexer = [{{ range $i, $e := .TxIndex.Indexer }}{{if $i}}, {{end}}{{ printf "%q" $e}}{{end}}]
+
+# The PostgreSQL connection configuration, the connection format:
+#   postgresql://<user>:<password>@<host>:<port>/<db>?<opts>
+psql-conn = "{{ .TxIndex.PsqlConn }}"
 
 #######################################################
 ###       Instrumentation Configuration Options     ###
@@ -501,16 +549,13 @@ func ResetTestRootWithChainID(testName string, chainID string) *Config {
 		panic(err)
 	}
 
-	baseConfig := DefaultBaseConfig()
-	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
-	genesisFilePath := filepath.Join(rootDir, baseConfig.Genesis)
-	privKeyFilePath := filepath.Join(rootDir, baseConfig.PrivValidatorKey)
-	privStateFilePath := filepath.Join(rootDir, baseConfig.PrivValidatorState)
+	conf := DefaultConfig()
+	genesisFilePath := filepath.Join(rootDir, conf.Genesis)
+	privKeyFilePath := filepath.Join(rootDir, conf.PrivValidator.Key)
+	privStateFilePath := filepath.Join(rootDir, conf.PrivValidator.State)
 
 	// Write default config file if missing.
-	if !tmos.FileExists(configFilePath) {
-		writeDefaultConfigFile(configFilePath)
-	}
+	writeDefaultConfigFileIfNone(rootDir)
 	if !tmos.FileExists(genesisFilePath) {
 		if chainID == "" {
 			chainID = "tendermint_test"

config/toml_test.go

@@ -30,6 +30,8 @@ func TestEnsureRoot(t *testing.T) {
 	// create root dir
 	EnsureRoot(tmpDir)
 
+	WriteConfigFile(tmpDir, DefaultConfig())
+
 	// make sure config is set properly
 	data, err := ioutil.ReadFile(filepath.Join(tmpDir, defaultConfigFilePath))
 	require.Nil(err)
@@ -61,7 +63,8 @@ func TestEnsureTestRoot(t *testing.T) {
 
 	// TODO: make sure the cfg returned and testconfig are the same!
 	baseConfig := DefaultBaseConfig()
-	ensureFiles(t, rootDir, defaultDataDir, baseConfig.Genesis, baseConfig.PrivValidatorKey, baseConfig.PrivValidatorState)
+	pvConfig := DefaultPrivValidatorConfig()
+	ensureFiles(t, rootDir, defaultDataDir, baseConfig.Genesis, pvConfig.Key, pvConfig.State)
 }
 
 func checkConfig(configFile string) bool {

crypto/batch/batch.go

@@ -20,3 +20,14 @@ func CreateBatchVerifier(pk crypto.PubKey) (crypto.BatchVerifier, bool) {
 	// case where the key does not support batch verification
 	return nil, false
 }
+
+// SupportsBatchVerifier checks if a key type implements the batch verifier
+// interface.
+func SupportsBatchVerifier(pk crypto.PubKey) bool {
+	switch pk.Type() {
+	case ed25519.KeyType, sr25519.KeyType:
+		return true
+	}
+
+	return false
+}

crypto/crypto.go

@@ -46,7 +46,9 @@ type Symmetric interface {
 type BatchVerifier interface {
 	// Add appends an entry into the BatchVerifier.
 	Add(key PubKey, message, signature []byte) error
-	// Verify verifies all the entries in the BatchVerifier.
-	// If the verification fails it is unknown which entry failed and each entry will need to be verified individually.
-	Verify() bool
+	// Verify verifies all the entries in the BatchVerifier, and returns
+	// if every signature in the batch is valid, and a vector of bools
+	// indicating the verification status of each signature (in the order
+	// that signatures were added to the batch).
+	Verify() (bool, []bool)
 }

crypto/ed25519/bench_test.go

@@ -28,22 +28,37 @@ func BenchmarkVerification(b *testing.B) {
 }
 
 func BenchmarkVerifyBatch(b *testing.B) {
+	msg := []byte("BatchVerifyTest")
+
 	for _, sigsCount := range []int{1, 8, 64, 1024} {
 		sigsCount := sigsCount
 		b.Run(fmt.Sprintf("sig-count-%d", sigsCount), func(b *testing.B) {
-			b.ReportAllocs()
-			v := NewBatchVerifier()
+			// Pre-generate all of the keys, and signatures, but do not
+			// benchmark key-generation and signing.
+			pubs := make([]crypto.PubKey, 0, sigsCount)
+			sigs := make([][]byte, 0, sigsCount)
 			for i := 0; i < sigsCount; i++ {
 				priv := GenPrivKey()
-				pub := priv.PubKey()
-				msg := []byte("BatchVerifyTest")
 				sig, _ := priv.Sign(msg)
-				err := v.Add(pub, msg, sig)
-				require.NoError(b, err)
+				pubs = append(pubs, priv.PubKey().(PubKey))
+				sigs = append(sigs, sig)
 			}
+			b.ResetTimer()
+
+			b.ReportAllocs()
 			// NOTE: dividing by n so that metrics are per-signature
 			for i := 0; i < b.N/sigsCount; i++ {
-				if !v.Verify() {
+				// The benchmark could just benchmark the Verify()
+				// routine, but there is non-trivial overhead associated
+				// with BatchVerifier.Add(), which should be included
+				// in the benchmark.
+				v := NewBatchVerifier()
+				for i := 0; i < sigsCount; i++ {
+					err := v.Add(pubs[i], msg, sigs[i])
+					require.NoError(b, err)
+				}
+
+				if ok, _ := v.Verify(); !ok {
 					b.Fatal("signature set failed batch verification")
 				}
 			}

crypto/ed25519/ed25519.go

@@ -2,13 +2,13 @@ package ed25519
 
 import (
 	"bytes"
-	"crypto/ed25519"
 	"crypto/subtle"
 	"errors"
 	"fmt"
 	"io"
 
-	"github.com/hdevalence/ed25519consensus"
+	"github.com/oasisprotocol/curve25519-voi/primitives/ed25519"
+	"github.com/oasisprotocol/curve25519-voi/primitives/ed25519/extra/cache"
 
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/tmhash"
@@ -17,7 +17,18 @@ import (
 
 //-------------------------------------
 
-var _ crypto.PrivKey = PrivKey{}
+var (
+	_ crypto.PrivKey = PrivKey{}
+
+	// curve25519-voi's Ed25519 implementation supports configurable
+	// verification behavior, and tendermint uses the ZIP-215 verification
+	// semantics.
+	verifyOptions = &ed25519.Options{
+		Verify: ed25519.VerifyOptionsZIP_215,
+	}
+
+	cachingVerifier = cache.NewVerifier(cache.NewLRUCache(cacheSize))
+)
 
 const (
 	PrivKeyName = "tendermint/PrivKeyEd25519"
@@ -34,6 +45,14 @@ const (
 	SeedSize = 32
 
 	KeyType = "ed25519"
+
+	// cacheSize is the number of public keys that will be cached in
+	// an expanded format for repeated signature verification.
+	//
+	// TODO/perf: Either this should exclude single verification, or be
+	// tuned to `> validatorSize + maxTxnsPerBlock` to avoid cache
+	// thrashing.
+	cacheSize = 4096
 )
 
 func init() {
@@ -107,14 +126,12 @@ func GenPrivKey() PrivKey {
 
 // genPrivKey generates a new ed25519 private key using the provided reader.
 func genPrivKey(rand io.Reader) PrivKey {
-	seed := make([]byte, SeedSize)
-
-	_, err := io.ReadFull(rand, seed)
+	_, priv, err := ed25519.GenerateKey(rand)
 	if err != nil {
 		panic(err)
 	}
 
-	return PrivKey(ed25519.NewKeyFromSeed(seed))
+	return PrivKey(priv)
 }
 
 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
@@ -153,7 +170,7 @@ func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool {
 		return false
 	}
 
-	return ed25519consensus.Verify(ed25519.PublicKey(pubKey), msg, sig)
+	return cachingVerifier.VerifyWithOptions(ed25519.PublicKey(pubKey), msg, sig, verifyOptions)
 }
 
 func (pubKey PubKey) String() string {
@@ -175,30 +192,36 @@ func (pubKey PubKey) Equals(other crypto.PubKey) bool {
 var _ crypto.BatchVerifier = &BatchVerifier{}
 
 // BatchVerifier implements batch verification for ed25519.
-// https://github.com/hdevalence/ed25519consensus is used for batch verification
 type BatchVerifier struct {
-	ed25519consensus.BatchVerifier
+	*ed25519.BatchVerifier
 }
 
 func NewBatchVerifier() crypto.BatchVerifier {
-	return &BatchVerifier{ed25519consensus.NewBatchVerifier()}
+	return &BatchVerifier{ed25519.NewBatchVerifier()}
 }
 
 func (b *BatchVerifier) Add(key crypto.PubKey, msg, signature []byte) error {
-	if l := len(key.Bytes()); l != PubKeySize {
+	pkEd, ok := key.(PubKey)
+	if !ok {
+		return fmt.Errorf("pubkey is not Ed25519")
+	}
+
+	pkBytes := pkEd.Bytes()
+
+	if l := len(pkBytes); l != PubKeySize {
 		return fmt.Errorf("pubkey size is incorrect; expected: %d, got %d", PubKeySize, l)
 	}
 
-	// check that the signature is the correct length & the last byte is set correctly
-	if len(signature) != SignatureSize || signature[63]&224 != 0 {
+	// check that the signature is the correct length
+	if len(signature) != SignatureSize {
 		return errors.New("invalid signature")
 	}
 
-	b.BatchVerifier.Add(ed25519.PublicKey(key.Bytes()), msg, signature)
+	cachingVerifier.AddWithOptions(b.BatchVerifier, ed25519.PublicKey(pkBytes), msg, signature, verifyOptions)
 
 	return nil
 }
 
-func (b *BatchVerifier) Verify() bool {
-	return b.BatchVerifier.Verify()
+func (b *BatchVerifier) Verify() (bool, []bool) {
+	return b.BatchVerifier.Verify(crypto.CReader())
 }

crypto/ed25519/ed25519_test.go

@@ -50,5 +50,6 @@ func TestBatchSafe(t *testing.T) {
 		require.NoError(t, err)
 	}
 
-	require.True(t, v.Verify())
+	ok, _ := v.Verify()
+	require.True(t, ok)
 }

crypto/encoding/codec.go

@@ -6,6 +6,7 @@ import (
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/ed25519"
 	"github.com/tendermint/tendermint/crypto/secp256k1"
+	"github.com/tendermint/tendermint/crypto/sr25519"
 	"github.com/tendermint/tendermint/libs/json"
 	pc "github.com/tendermint/tendermint/proto/tendermint/crypto"
 )
@@ -32,6 +33,12 @@ func PubKeyToProto(k crypto.PubKey) (pc.PublicKey, error) {
 				Secp256K1: k,
 			},
 		}
+	case sr25519.PubKey:
+		kp = pc.PublicKey{
+			Sum: &pc.PublicKey_Sr25519{
+				Sr25519: k,
+			},
+		}
 	default:
 		return kp, fmt.Errorf("toproto: key type %v is not supported", k)
 	}
@@ -57,6 +64,14 @@ func PubKeyFromProto(k pc.PublicKey) (crypto.PubKey, error) {
 		pk := make(secp256k1.PubKey, secp256k1.PubKeySize)
 		copy(pk, k.Secp256K1)
 		return pk, nil
+	case *pc.PublicKey_Sr25519:
+		if len(k.Sr25519) != sr25519.PubKeySize {
+			return nil, fmt.Errorf("invalid size for PubKeySr25519. Got %d, expected %d",
+				len(k.Sr25519), sr25519.PubKeySize)
+		}
+		pk := make(sr25519.PubKey, sr25519.PubKeySize)
+		copy(pk, k.Sr25519)
+		return pk, nil
 	default:
 		return nil, fmt.Errorf("fromproto: key type %v is not supported", k)
 	}

crypto/merkle/hash.go

@@ -1,6 +1,8 @@
 package merkle
 
 import (
+	"hash"
+
 	"github.com/tendermint/tendermint/crypto/tmhash"
 )
 
@@ -20,7 +22,27 @@ func leafHash(leaf []byte) []byte {
 	return tmhash.Sum(append(leafPrefix, leaf...))
 }
 
+// returns tmhash(0x00 || leaf)
+func leafHashOpt(s hash.Hash, leaf []byte) []byte {
+	s.Reset()
+	s.Write(leafPrefix)
+	s.Write(leaf)
+	return s.Sum(nil)
+}
+
 // returns tmhash(0x01 || left || right)
 func innerHash(left []byte, right []byte) []byte {
-	return tmhash.Sum(append(innerPrefix, append(left, right...)...))
+	data := make([]byte, len(innerPrefix)+len(left)+len(right))
+	n := copy(data, innerPrefix)
+	n += copy(data[n:], left)
+	copy(data[n:], right)
+	return tmhash.Sum(data)
+}
+
+func innerHashOpt(s hash.Hash, left []byte, right []byte) []byte {
+	s.Reset()
+	s.Write(innerPrefix)
+	s.Write(left)
+	s.Write(right)
+	return s.Sum(nil)
 }

crypto/merkle/proof.go

@@ -50,13 +50,13 @@ func ProofsFromByteSlices(items [][]byte) (rootHash []byte, proofs []*Proof) {
 // Verify that the Proof proves the root hash.
 // Check sp.Index/sp.Total manually if needed
 func (sp *Proof) Verify(rootHash []byte, leaf []byte) error {
-	leafHash := leafHash(leaf)
 	if sp.Total < 0 {
 		return errors.New("proof total must be positive")
 	}
 	if sp.Index < 0 {
 		return errors.New("proof index cannot be negative")
 	}
+	leafHash := leafHash(leaf)
 	if !bytes.Equal(sp.LeafHash, leafHash) {
 		return fmt.Errorf("invalid leaf hash: wanted %X got %X", leafHash, sp.LeafHash)
 	}

crypto/merkle/proof_key_path_test.go

@@ -35,6 +35,7 @@ func TestKeyPath(t *testing.T) {
 
 		res, err := KeyPathToKeys(path.String())
 		require.Nil(t, err)
+		require.Equal(t, len(keys), len(res))
 
 		for i, key := range keys {
 			require.Equal(t, key, res[i])

crypto/merkle/proof_test.go

@@ -171,12 +171,12 @@ func TestProofValidateBasic(t *testing.T) {
 	}
 }
 func TestVoteProtobuf(t *testing.T) {
-
 	_, proofs := ProofsFromByteSlices([][]byte{
 		[]byte("apple"),
 		[]byte("watermelon"),
 		[]byte("kiwi"),
 	})
+
 	testCases := []struct {
 		testName string
 		v1       *Proof

crypto/merkle/tree.go

@@ -1,22 +1,28 @@
 package merkle
 
 import (
+	"crypto/sha256"
+	"hash"
 	"math/bits"
 )
 
 // HashFromByteSlices computes a Merkle tree where the leaves are the byte slice,
 // in the provided order. It follows RFC-6962.
 func HashFromByteSlices(items [][]byte) []byte {
+	return hashFromByteSlices(sha256.New(), items)
+}
+
+func hashFromByteSlices(sha hash.Hash, items [][]byte) []byte {
 	switch len(items) {
 	case 0:
 		return emptyHash()
 	case 1:
-		return leafHash(items[0])
+		return leafHashOpt(sha, items[0])
 	default:
 		k := getSplitPoint(int64(len(items)))
-		left := HashFromByteSlices(items[:k])
-		right := HashFromByteSlices(items[k:])
-		return innerHash(left, right)
+		left := hashFromByteSlices(sha, items[:k])
+		right := hashFromByteSlices(sha, items[k:])
+		return innerHashOpt(sha, left, right)
 	}
 }
 
@@ -61,7 +67,7 @@ func HashFromByteSlices(items [][]byte) []byte {
 // implementation for so little benefit.
 func HashFromByteSlicesIterative(input [][]byte) []byte {
 	items := make([][]byte, len(input))
-
+	sha := sha256.New()
 	for i, leaf := range input {
 		items[i] = leafHash(leaf)
 	}
@@ -78,7 +84,7 @@ func HashFromByteSlicesIterative(input [][]byte) []byte {
 			wp := 0 // write position
 			for rp < size {
 				if rp+1 < size {
-					items[wp] = innerHash(items[rp], items[rp+1])
+					items[wp] = innerHashOpt(sha, items[rp], items[rp+1])
 					rp += 2
 				} else {
 					items[wp] = items[rp]

crypto/merkle/tree_test.go

@@ -7,10 +7,9 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	tmrand "github.com/tendermint/tendermint/libs/rand"
-	. "github.com/tendermint/tendermint/libs/test"
-
 	"github.com/tendermint/tendermint/crypto/tmhash"
+	ctest "github.com/tendermint/tendermint/internal/libs/test"
+	tmrand "github.com/tendermint/tendermint/libs/rand"
 )
 
 type testItem []byte
@@ -92,11 +91,11 @@ func TestProof(t *testing.T) {
 		proof.Aunts = origAunts
 
 		// Mutating the itemHash should make it fail.
-		err = proof.Verify(rootHash, MutateByteSlice(item))
+		err = proof.Verify(rootHash, ctest.MutateByteSlice(item))
 		require.Error(t, err, "Expected verification to fail for mutated leaf hash")
 
 		// Mutating the rootHash should make it fail.
-		err = proof.Verify(MutateByteSlice(rootHash), item)
+		err = proof.Verify(ctest.MutateByteSlice(rootHash), item)
 		require.Error(t, err, "Expected verification to fail for mutated root hash")
 	}
 }

crypto/secp256k1/secp256k1.go

@@ -9,10 +9,11 @@ import (
 	"math/big"
 
 	secp256k1 "github.com/btcsuite/btcd/btcec"
-	"golang.org/x/crypto/ripemd160" // nolint: staticcheck // necessary for Bitcoin address format
-
 	"github.com/tendermint/tendermint/crypto"
 	tmjson "github.com/tendermint/tendermint/libs/json"
+
+	// necessary for Bitcoin address format
+	"golang.org/x/crypto/ripemd160" // nolint: staticcheck
 )
 
 //-------------------------------------

crypto/sr25519/batch.go

@@ -3,40 +3,44 @@ package sr25519
 import (
 	"fmt"
 
-	schnorrkel "github.com/ChainSafe/go-schnorrkel"
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
 
 	"github.com/tendermint/tendermint/crypto"
 )
 
-var _ crypto.BatchVerifier = BatchVerifier{}
+var _ crypto.BatchVerifier = &BatchVerifier{}
 
 // BatchVerifier implements batch verification for sr25519.
-// https://github.com/ChainSafe/go-schnorrkel is used for batch verification
 type BatchVerifier struct {
-	*schnorrkel.BatchVerifier
+	*sr25519.BatchVerifier
 }
 
 func NewBatchVerifier() crypto.BatchVerifier {
-	return BatchVerifier{schnorrkel.NewBatchVerifier()}
+	return &BatchVerifier{sr25519.NewBatchVerifier()}
 }
 
-func (b BatchVerifier) Add(key crypto.PubKey, msg, sig []byte) error {
-	var sig64 [SignatureSize]byte
-	copy(sig64[:], sig)
-	signature := new(schnorrkel.Signature)
-	err := signature.Decode(sig64)
-	if err != nil {
-		return fmt.Errorf("unable to decode signature: %w", err)
+func (b *BatchVerifier) Add(key crypto.PubKey, msg, signature []byte) error {
+	pk, ok := key.(PubKey)
+	if !ok {
+		return fmt.Errorf("sr25519: pubkey is not sr25519")
 	}
 
-	signingContext := schnorrkel.NewSigningContext([]byte{}, msg)
+	var srpk sr25519.PublicKey
+	if err := srpk.UnmarshalBinary(pk); err != nil {
+		return fmt.Errorf("sr25519: invalid public key: %w", err)
+	}
 
-	var pk [PubKeySize]byte
-	copy(pk[:], key.Bytes())
+	var sig sr25519.Signature
+	if err := sig.UnmarshalBinary(signature); err != nil {
+		return fmt.Errorf("sr25519: unable to decode signature: %w", err)
+	}
 
-	return b.BatchVerifier.Add(signingContext, signature, schnorrkel.NewPublicKey(pk))
+	st := signingCtx.NewTranscriptBytes(msg)
+	b.BatchVerifier.Add(&srpk, st, &sig)
+
+	return nil
 }
 
-func (b BatchVerifier) Verify() bool {
-	return b.BatchVerifier.Verify()
+func (b *BatchVerifier) Verify() (bool, []bool) {
+	return b.BatchVerifier.Verify(crypto.CReader())
 }

crypto/sr25519/bench_test.go

@@ -28,22 +28,37 @@ func BenchmarkVerification(b *testing.B) {
 }
 
 func BenchmarkVerifyBatch(b *testing.B) {
-	for _, n := range []int{1, 8, 64, 1024} {
-		n := n
-		b.Run(fmt.Sprintf("sig-count-%d", n), func(b *testing.B) {
-			b.ReportAllocs()
-			v := NewBatchVerifier()
-			for i := 0; i < n; i++ {
+	msg := []byte("BatchVerifyTest")
+
+	for _, sigsCount := range []int{1, 8, 64, 1024} {
+		sigsCount := sigsCount
+		b.Run(fmt.Sprintf("sig-count-%d", sigsCount), func(b *testing.B) {
+			// Pre-generate all of the keys, and signatures, but do not
+			// benchmark key-generation and signing.
+			pubs := make([]crypto.PubKey, 0, sigsCount)
+			sigs := make([][]byte, 0, sigsCount)
+			for i := 0; i < sigsCount; i++ {
 				priv := GenPrivKey()
-				pub := priv.PubKey()
-				msg := []byte("BatchVerifyTest")
 				sig, _ := priv.Sign(msg)
-				err := v.Add(pub, msg, sig)
-				require.NoError(b, err)
+				pubs = append(pubs, priv.PubKey().(PubKey))
+				sigs = append(sigs, sig)
 			}
+			b.ResetTimer()
+
+			b.ReportAllocs()
 			// NOTE: dividing by n so that metrics are per-signature
-			for i := 0; i < b.N/n; i++ {
-				if !v.Verify() {
+			for i := 0; i < b.N/sigsCount; i++ {
+				// The benchmark could just benchmark the Verify()
+				// routine, but there is non-trivial overhead associated
+				// with BatchVerifier.Add(), which should be included
+				// in the benchmark.
+				v := NewBatchVerifier()
+				for i := 0; i < sigsCount; i++ {
+					err := v.Add(pubs[i], msg, sigs[i])
+					require.NoError(b, err)
+				}
+
+				if ok, _ := v.Verify(); !ok {
 					b.Fatal("signature set failed batch verification")
 				}
 			}

crypto/sr25519/encoding.go

@@ -1,23 +1,13 @@
 package sr25519
 
-import (
-	"github.com/tendermint/tendermint/crypto"
-	tmjson "github.com/tendermint/tendermint/libs/json"
-)
-
-var _ crypto.PrivKey = PrivKey{}
+import tmjson "github.com/tendermint/tendermint/libs/json"
 
 const (
 	PrivKeyName = "tendermint/PrivKeySr25519"
 	PubKeyName  = "tendermint/PubKeySr25519"
-
-	// SignatureSize is the size of an Edwards25519 signature. Namely the size of a compressed
-	// Sr25519 point, and a field element. Both of which are 32 bytes.
-	SignatureSize = 64
 )
 
 func init() {
-
 	tmjson.RegisterType(PubKey{}, PubKeyName)
 	tmjson.RegisterType(PrivKey{}, PrivKeyName)
 }

crypto/sr25519/privkey.go

@@ -1,70 +1,84 @@
 package sr25519
 
 import (
-	"crypto/subtle"
+	"encoding/json"
 	"fmt"
 	"io"
 
-	"github.com/tendermint/tendermint/crypto"
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
 
-	schnorrkel "github.com/ChainSafe/go-schnorrkel"
+	"github.com/tendermint/tendermint/crypto"
 )
 
-// PrivKeySize is the number of bytes in an Sr25519 private key.
-const PrivKeySize = 32
+var (
+	_ crypto.PrivKey = PrivKey{}
 
-// PrivKeySr25519 implements crypto.PrivKey.
-type PrivKey []byte
+	signingCtx = sr25519.NewSigningContext([]byte{})
+)
 
-// Bytes returns the byte representation of the PrivKey.
+const (
+	// PrivKeySize is the size of a sr25519 signature in bytes.
+	PrivKeySize = sr25519.MiniSecretKeySize
+
+	KeyType = "sr25519"
+)
+
+// PrivKey implements crypto.PrivKey.
+type PrivKey struct {
+	msk sr25519.MiniSecretKey
+	kp  *sr25519.KeyPair
+}
+
+// Bytes returns the byte-encoded PrivKey.
 func (privKey PrivKey) Bytes() []byte {
-	return []byte(privKey)
+	if privKey.kp == nil {
+		return nil
+	}
+	return privKey.msk[:]
 }
 
 // Sign produces a signature on the provided message.
 func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
-	var p [PrivKeySize]byte
-	copy(p[:], privKey)
-	miniSecretKey, err := schnorrkel.NewMiniSecretKeyFromRaw(p)
-	if err != nil {
-		return []byte{}, err
-	}
-	secretKey := miniSecretKey.ExpandEd25519()
-
-	signingContext := schnorrkel.NewSigningContext([]byte{}, msg)
-
-	sig, err := secretKey.Sign(signingContext)
-	if err != nil {
-		return []byte{}, err
+	if privKey.kp == nil {
+		return nil, fmt.Errorf("sr25519: uninitialized private key")
 	}
 
-	sigBytes := sig.Encode()
-	return sigBytes[:], nil
+	st := signingCtx.NewTranscriptBytes(msg)
+
+	sig, err := privKey.kp.Sign(crypto.CReader(), st)
+	if err != nil {
+		return nil, fmt.Errorf("sr25519: failed to sign message: %w", err)
+	}
+
+	sigBytes, err := sig.MarshalBinary()
+	if err != nil {
+		return nil, fmt.Errorf("sr25519: failed to serialize signature: %w", err)
+	}
+
+	return sigBytes, nil
 }
 
 // PubKey gets the corresponding public key from the private key.
+//
+// Panics if the private key is not initialized.
 func (privKey PrivKey) PubKey() crypto.PubKey {
-	var p [PrivKeySize]byte
-	copy(p[:], privKey)
-	miniSecretKey, err := schnorrkel.NewMiniSecretKeyFromRaw(p)
-	if err != nil {
-		panic(fmt.Sprintf("Invalid private key: %v", err))
+	if privKey.kp == nil {
+		panic("sr25519: uninitialized private key")
 	}
-	secretKey := miniSecretKey.ExpandEd25519()
 
-	pubkey, err := secretKey.Public()
+	b, err := privKey.kp.PublicKey().MarshalBinary()
 	if err != nil {
-		panic(fmt.Sprintf("Could not generate public key: %v", err))
+		panic("sr25519: failed to serialize public key: " + err.Error())
 	}
-	key := pubkey.Encode()
-	return PubKey(key[:])
+
+	return PubKey(b)
 }
 
 // Equals - you probably don't need to use this.
 // Runs in constant time based on length of the keys.
 func (privKey PrivKey) Equals(other crypto.PrivKey) bool {
-	if otherEd, ok := other.(PrivKey); ok {
-		return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1
+	if otherSr, ok := other.(PrivKey); ok {
+		return privKey.msk.Equal(&otherSr.msk)
 	}
 	return false
 }
@@ -73,6 +87,44 @@ func (privKey PrivKey) Type() string {
 	return KeyType
 }
 
+func (privKey PrivKey) MarshalJSON() ([]byte, error) {
+	var b []byte
+
+	// Handle uninitialized private keys gracefully.
+	if privKey.kp != nil {
+		b = privKey.Bytes()
+	}
+
+	return json.Marshal(b)
+}
+
+func (privKey *PrivKey) UnmarshalJSON(data []byte) error {
+	for i := range privKey.msk {
+		privKey.msk[i] = 0
+	}
+	privKey.kp = nil
+
+	var b []byte
+	if err := json.Unmarshal(data, &b); err != nil {
+		return fmt.Errorf("sr25519: failed to deserialize JSON: %w", err)
+	}
+	if len(b) == 0 {
+		return nil
+	}
+
+	msk, err := sr25519.NewMiniSecretKeyFromBytes(b)
+	if err != nil {
+		return err
+	}
+
+	sk := msk.ExpandEd25519()
+
+	privKey.msk = *msk
+	privKey.kp = sk.KeyPair()
+
+	return nil
+}
+
 // GenPrivKey generates a new sr25519 private key.
 // It uses OS randomness in conjunction with the current global random seed
 // in tendermint/libs/common to generate the private key.
@@ -80,20 +132,18 @@ func GenPrivKey() PrivKey {
 	return genPrivKey(crypto.CReader())
 }
 
-// genPrivKey generates a new sr25519 private key using the provided reader.
-func genPrivKey(rand io.Reader) PrivKey {
-	var seed [64]byte
-
-	out := make([]byte, 64)
-	_, err := io.ReadFull(rand, out)
+func genPrivKey(rng io.Reader) PrivKey {
+	msk, err := sr25519.GenerateMiniSecretKey(rng)
 	if err != nil {
-		panic(err)
+		panic("sr25519: failed to generate MiniSecretKey: " + err.Error())
 	}
 
-	copy(seed[:], out)
+	sk := msk.ExpandEd25519()
 
-	key := schnorrkel.NewMiniSecretKey(seed).ExpandEd25519().Encode()
-	return key[:]
+	return PrivKey{
+		msk: *msk,
+		kp:  sk.KeyPair(),
+	}
 }
 
 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
@@ -102,9 +152,14 @@ func genPrivKey(rand io.Reader) PrivKey {
 // if it's derived from user input.
 func GenPrivKeyFromSecret(secret []byte) PrivKey {
 	seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
-	var bz [PrivKeySize]byte
-	copy(bz[:], seed)
-	privKey, _ := schnorrkel.NewMiniSecretKeyFromRaw(bz)
-	key := privKey.ExpandEd25519().Encode()
-	return key[:]
+
+	var privKey PrivKey
+	if err := privKey.msk.UnmarshalBinary(seed); err != nil {
+		panic("sr25519: failed to deserialize MiniSecretKey: " + err.Error())
+	}
+
+	sk := privKey.msk.ExpandEd25519()
+	privKey.kp = sk.KeyPair()
+
+	return privKey
 }

crypto/sr25519/pubkey.go

@@ -4,74 +4,65 @@ import (
 	"bytes"
 	"fmt"
 
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
+
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/tmhash"
-
-	schnorrkel "github.com/ChainSafe/go-schnorrkel"
 )
 
 var _ crypto.PubKey = PubKey{}
 
-// PubKeySize is the number of bytes in an Sr25519 public key.
 const (
-	PubKeySize = 32
-	KeyType    = "sr25519"
+	// PubKeySize is the size of a sr25519 public key in bytes.
+	PubKeySize = sr25519.PublicKeySize
+
+	// SignatureSize is the size of a sr25519 signature in bytes.
+	SignatureSize = sr25519.SignatureSize
 )
 
-// PubKeySr25519 implements crypto.PubKey for the Sr25519 signature scheme.
+// PubKey implements crypto.PubKey.
 type PubKey []byte
 
 // Address is the SHA256-20 of the raw pubkey bytes.
 func (pubKey PubKey) Address() crypto.Address {
-	return crypto.Address(tmhash.SumTruncated(pubKey[:]))
+	if len(pubKey) != PubKeySize {
+		panic("pubkey is incorrect size")
+	}
+	return crypto.Address(tmhash.SumTruncated(pubKey))
 }
 
-// Bytes returns the byte representation of the PubKey.
+// Bytes returns the PubKey byte format.
 func (pubKey PubKey) Bytes() []byte {
 	return []byte(pubKey)
 }
 
-func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool {
-	// make sure we use the same algorithm to sign
-	if len(sig) != SignatureSize {
-		return false
+func (pubKey PubKey) Equals(other crypto.PubKey) bool {
+	if otherSr, ok := other.(PubKey); ok {
+		return bytes.Equal(pubKey[:], otherSr[:])
 	}
-	var sig64 [SignatureSize]byte
-	copy(sig64[:], sig)
 
-	publicKey := &(schnorrkel.PublicKey{})
-	var p [PubKeySize]byte
-	copy(p[:], pubKey)
-	err := publicKey.Decode(p)
-	if err != nil {
+	return false
+}
+
+func (pubKey PubKey) VerifySignature(msg []byte, sigBytes []byte) bool {
+	var srpk sr25519.PublicKey
+	if err := srpk.UnmarshalBinary(pubKey); err != nil {
 		return false
 	}
 
-	signingContext := schnorrkel.NewSigningContext([]byte{}, msg)
-
-	signature := &(schnorrkel.Signature{})
-	err = signature.Decode(sig64)
-	if err != nil {
+	var sig sr25519.Signature
+	if err := sig.UnmarshalBinary(sigBytes); err != nil {
 		return false
 	}
 
-	return publicKey.Verify(signature, signingContext)
+	st := signingCtx.NewTranscriptBytes(msg)
+	return srpk.Verify(st, &sig)
+}
+
+func (pubKey PubKey) Type() string {
+	return KeyType
 }
 
 func (pubKey PubKey) String() string {
 	return fmt.Sprintf("PubKeySr25519{%X}", []byte(pubKey))
 }
-
-// Equals - checks that two public keys are the same time
-// Runs in constant time based on length of the keys.
-func (pubKey PubKey) Equals(other crypto.PubKey) bool {
-	if otherEd, ok := other.(PubKey); ok {
-		return bytes.Equal(pubKey[:], otherEd[:])
-	}
-	return false
-}
-
-func (pubKey PubKey) Type() string {
-	return KeyType
-
-}

crypto/sr25519/sr25519_test.go

@@ -1,6 +1,8 @@
 package sr25519_test
 
 import (
+	"encoding/base64"
+	"encoding/json"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -11,7 +13,6 @@ import (
 )
 
 func TestSignAndValidateSr25519(t *testing.T) {
-
 	privKey := sr25519.GenPrivKey()
 	pubKey := privKey.PubKey()
 
@@ -32,6 +33,7 @@ func TestSignAndValidateSr25519(t *testing.T) {
 
 func TestBatchSafe(t *testing.T) {
 	v := sr25519.NewBatchVerifier()
+	vFail := sr25519.NewBatchVerifier()
 	for i := 0; i <= 38; i++ {
 		priv := sr25519.GenPrivKey()
 		pub := priv.PubKey()
@@ -48,9 +50,49 @@ func TestBatchSafe(t *testing.T) {
 
 		err = v.Add(pub, msg, sig)
 		require.NoError(t, err)
+
+		switch i % 2 {
+		case 0:
+			err = vFail.Add(pub, msg, sig)
+		case 1:
+			msg[2] ^= byte(0x01)
+			err = vFail.Add(pub, msg, sig)
+		}
+		require.NoError(t, err)
 	}
 
-	if !v.Verify() {
-		t.Error("failed batch verification")
+	ok, valid := v.Verify()
+	require.True(t, ok, "failed batch verification")
+	for i, ok := range valid {
+		require.Truef(t, ok, "sig[%d] should be marked valid", i)
+	}
+
+	ok, valid = vFail.Verify()
+	require.False(t, ok, "succeeded batch verification (invalid batch)")
+	for i, ok := range valid {
+		expected := (i % 2) == 0
+		require.Equalf(t, expected, ok, "sig[%d] should be %v", i, expected)
 	}
 }
+
+func TestJSON(t *testing.T) {
+	privKey := sr25519.GenPrivKey()
+
+	t.Run("PrivKey", func(t *testing.T) {
+		b, err := json.Marshal(privKey)
+		require.NoError(t, err)
+
+		// b should be the base64 encoded MiniSecretKey, enclosed by doublequotes.
+		b64 := base64.StdEncoding.EncodeToString(privKey.Bytes())
+		b64 = "\"" + b64 + "\""
+		require.Equal(t, []byte(b64), b)
+
+		var privKey2 sr25519.PrivKey
+		err = json.Unmarshal(b, &privKey2)
+		require.NoError(t, err)
+		require.Len(t, privKey2.Bytes(), sr25519.PrivKeySize)
+		require.EqualValues(t, privKey.Bytes(), privKey2.Bytes())
+	})
+
+	// PubKeys are just []byte, so there is no special handling.
+}

docs/app-dev/getting-started.md

@@ -63,13 +63,13 @@ Tendermint binary installed. If not, follow the steps from
 before, use:
 
 ```sh
-tendermint init
-tendermint node
+tendermint init validator
+tendermint start
 ```
 
 If you have used Tendermint, you may want to reset the data for a new
 blockchain by running `tendermint unsafe_reset_all`. Then you can run
-`tendermint node` to start Tendermint, and connect to the app. For more
+`tendermint start` to start Tendermint, and connect to the app. For more
 details, see [the guide on using Tendermint](../tendermint-core/using-tendermint.md).
 
 You should see Tendermint making blocks! We can get the status of our
@@ -202,7 +202,7 @@ In another window, reset then start Tendermint:
 
 ```sh
 tendermint unsafe_reset_all
-tendermint node
+tendermint start
 ```
 
 Once again, you can see the blocks streaming by. Let's send some
@@ -277,7 +277,7 @@ In another window, reset and start `tendermint`:
 
 ```sh
 tendermint unsafe_reset_all
-tendermint node
+tendermint start
 ```
 
 Once again, you should see blocks streaming by - but now, our

docs/app-dev/indexing-transactions.md

@@ -4,12 +4,13 @@ order: 6
 
 # Indexing Transactions
 
-Tendermint allows you to index transactions and later query or subscribe to their results.
-
-Events can be used to index transactions and blocks according to what happened
-during their execution. Note that the set of events returned for a block from
-`BeginBlock` and `EndBlock` are merged. In case both methods return the same
-type, only the key-value pairs defined in `EndBlock` are used.
+Tendermint allows you to index transactions and blocks and later query or
+subscribe to their results. Transactions are indexed by `TxResult.Events` and
+blocks are indexed by `Response(Begin|End)Block.Events`. However, transactions
+are also indexed by a primary key which includes the transaction hash and maps
+to and stores the corresponding `TxResult`. Blocks are indexed by a primary key
+which includes the block height and maps to and stores the block height, i.e.
+the block itself is never stored.
 
 Each event contains a type and a list of attributes, which are key-value pairs
 denoting something about what happened during the method's execution. For more
@@ -17,7 +18,7 @@ details on `Events`, see the
 [ABCI](https://github.com/tendermint/spec/blob/master/spec/abci/abci.md#events)
 documentation.
 
-An Event has a composite key associated with it. A `compositeKey` is
+An `Event` has a composite key associated with it. A `compositeKey` is
 constructed by its type and key separated by a dot.
 
 For example:
@@ -44,11 +45,29 @@ Let's take a look at the `[tx_index]` config section:
 indexer = "kv"
 ```
 
-By default, Tendermint will index all transactions by their respective
-hashes and height using an embedded simple indexer.
+By default, Tendermint will index all transactions by their respective hashes
+and height and blocks by their height.
 
 You can turn off indexing completely by setting `tx_index` to `null`.
 
+## Default Indexes
+
+The Tendermint tx and block event indexer indexes a few select reserved events
+by default.
+
+### Transactions
+
+The following indexes are indexed by default:
+
+- `tx.height`
+- `tx.hash`
+
+### Blocks
+
+The following indexes are indexed by default:
+
+- `block.height`
+
 ## Adding Events
 
 Applications are free to define which events to index. Tendermint does not
@@ -77,19 +96,21 @@ func (app *KVStoreApplication) DeliverTx(req types.RequestDeliverTx) types.Resul
 }
 ```
 
-The transaction will be indexed (if the indexer is not `null`) with a certain attribute if the attribute's `Index` field is set to `true`. 
-In the above example, all attributes will be indexed.
+If the indexer is not `null`, the transaction will be indexed. Each event is
+indexed using a composite key in the form of `{eventType}.{eventAttribute}={eventValue}`,
+e.g. `transfer.sender=bob`.
 
-## Querying Transactions
+## Querying Transactions Events
 
-You can query the transaction results by calling `/tx_search` RPC endpoint:
+You can query for a paginated set of transaction by their events by calling the
+`/tx_search` RPC endpoint:
 
 ```bash
-curl "localhost:26657/tx_search?query=\"account.name='igor'\"&prove=true"
+curl "localhost:26657/tx_search?query=\"message.sender='cosmos1...'\"&prove=true"
 ```
 
-Check out [API docs](https://docs.tendermint.com/master/rpc/#/Info/tx_search) for more information
-on query syntax and other options.
+Check out [API docs](https://docs.tendermint.com/master/rpc/#/Info/tx_search)
+for more information on query syntax and other options.
 
 ## Subscribing to Transactions
 
@@ -102,10 +123,22 @@ a query to `/subscribe` RPC endpoint.
   "method": "subscribe",
   "id": "0",
   "params": {
-    "query": "account.name='igor'"
+    "query": "message.sender='cosmos1...'"
   }
 }
 ```
 
 Check out [API docs](https://docs.tendermint.com/master/rpc/#subscribe) for more information
 on query syntax and other options.
+
+## Querying Blocks Events
+
+You can query for a paginated set of blocks by their events by calling the
+`/block_search` RPC endpoint:
+
+```bash
+curl "localhost:26657/block_search?query=\"block.height > 10 AND val_set.num_changed > 0\""
+```
+
+Check out [API docs](https://docs.tendermint.com/master/rpc/#/Info/block_search)
+for more information on query syntax and other options.

docs/architecture/README.md

@@ -27,60 +27,73 @@ If recorded decisions turned out to be lacking, convene a discussion, record the
 
 Note the context/background should be written in the present tense.
 
-### Table of Contents:
+## Table of Contents
 
-- [ADR-001-Logging](./adr-001-logging.md)
-- [ADR-002-Event-Subscription](./adr-002-event-subscription.md)
-- [ADR-003-ABCI-APP-RPC](./adr-003-abci-app-rpc.md)
-- [ADR-004-Historical-Validators](./adr-004-historical-validators.md)
-- [ADR-005-Consensus-Params](./adr-005-consensus-params.md)
-- [ADR-006-Trust-Metric](./adr-006-trust-metric.md)
-- [ADR-007-Trust-Metric-Usage](./adr-007-trust-metric-usage.md)
-- [ADR-008-Priv-Validator](./adr-008-priv-validator.md)
-- [ADR-009-ABCI-Design](./adr-009-ABCI-design.md)
-- [ADR-010-Crypto-Changes](./adr-010-crypto-changes.md)
-- [ADR-011-Monitoring](./adr-011-monitoring.md)
-- [ADR-012-Peer-Transport](./adr-012-peer-transport.md)
-- [ADR-013-Symmetric-Crypto](./adr-013-symmetric-crypto.md)
-- [ADR-014-Secp-Malleability](./adr-014-secp-malleability.md)
-- [ADR-015-Crypto-Encoding](./adr-015-crypto-encoding.md)
-- [ADR-016-Protocol-Versions](./adr-016-protocol-versions.md)
-- [ADR-017-Chain-Versions](./adr-017-chain-versions.md)
-- [ADR-018-ABCI-Validators](./adr-018-ABCI-Validators.md)
-- [ADR-019-Multisigs](./adr-019-multisigs.md)
-- [ADR-020-Block-Size](./adr-020-block-size.md)
-- [ADR-021-ABCI-Events](./adr-021-abci-events.md)
-- [ADR-022-ABCI-Errors](./adr-022-abci-errors.md)
-- [ADR-023-ABCI-Propose-tx](./adr-023-ABCI-propose-tx.md)
-- [ADR-024-Sign-Bytes](./adr-024-sign-bytes.md)
-- [ADR-025-Commit](./adr-025-commit.md)
-- [ADR-026-General-Merkle-Proof](./adr-026-general-merkle-proof.md)
-- [ADR-028-libp2p](./adr-028-libp2p.md)
-- [ADR-029-Check-Tx-Consensus](./adr-029-check-tx-consensus.md)
-- [ADR-030-Consensus-Refactor](./adr-030-consensus-refactor.md)
-- [ADR-030-Changelog-structure](./adr-031-changelog.md)
-- [ADR-033-Pubsub](./adr-033-pubsub.md)
-- [ADR-034-Priv-Validator-File-Structure](./adr-034-priv-validator-file-structure.md)
-- [ADR-035-Documentation](./adr-035-documentation.md)
-- [ADR-037-Deliver-Block](./adr-037-deliver-block.md)
-- [ADR-038-Non-Zero-Start-Height](./adr-038-non-zero-start-height.md)
-- [ADR-039-Peer-Behaviour](./adr-039-peer-behaviour.md)
-- [ADR-041-Proposer-Selection-via-ABCI](./adr-041-proposer-selection-via-abci.md)
-- [ADR-043-Blockchain-RiRi-Org](./adr-043-blockchain-riri-org.md)
-- [ADR-044-Lite-Client-With-Weak-Subjectivity](./adr-044-lite-client-with-weak-subjectivity.md)
-- [ADR-045-ABCI-Evidence](./adr-045-abci-evidence.md)
-- [ADR-046-Light-Client-Implementation](./adr-046-light-client-implementation.md)
-- [ADR-047-Handling-Evidence-From-Light-Client](./adr-047-handling-evidence-from-light-client.md)
-- [ADR-051-Double-Signing-Risk-Reduction](./adr-051-double-signing-risk-reduction.md)
-- [ADR-052-Tendermint-Mode](./adr-052-tendermint-mode.md)
-- [ADR-053-State-Sync-Prototype](./adr-053-state-sync-prototype.md)
-- [ADR-054-Crypto-Encoding-2](./adr-054-crypto-encoding-2.md)
-- [ADR-055-Protobuf-Design](./adr-055-protobuf-design.md)
-- [ADR-056-Light-Client-Amnesia-Attacks](./adr-056-light-client-amnesia-attacks)
-- [ADR-057-RPC](./adr-057-RPC.md)
-- [ADR-058-Event-Hashing](./adr-058-event-hashing.md)
-- [ADR-059-Evidence-Composition-and-Lifecycle](./adr-059-evidence-composition-and-lifecycle.md)
-- [ADR-060-Go-API-Stability](./adr-060-go-api-stability.md)
-- [ADR-061-P2P-Refactor-Scope](./adr-061-p2p-refactor-scope.md)
-- [ADR-062-P2P-Architecture](./adr-062-p2p-architecture.md)
-- [ADR-063-Privval-gRPC](./adr-063-privval-grpc.md)
+### Implemented
+
+- [ADR-001: Logging](./adr-001-logging.md)
+- [ADR-002: Event-Subscription](./adr-002-event-subscription.md)
+- [ADR-003: ABCI-APP-RPC](./adr-003-abci-app-rpc.md)
+- [ADR-004: Historical-Validators](./adr-004-historical-validators.md)
+- [ADR-005: Consensus-Params](./adr-005-consensus-params.md)
+- [ADR-008: Priv-Validator](./adr-008-priv-validator.md)
+- [ADR-009: ABCI-Design](./adr-009-ABCI-design.md)
+- [ADR-010: Crypto-Changes](./adr-010-crypto-changes.md)
+- [ADR-011: Monitoring](./adr-011-monitoring.md)
+- [ADR-014: Secp-Malleability](./adr-014-secp-malleability.md)
+- [ADR-015: Crypto-Encoding](./adr-015-crypto-encoding.md)
+- [ADR-016: Protocol-Versions](./adr-016-protocol-versions.md)
+- [ADR-017: Chain-Versions](./adr-017-chain-versions.md)
+- [ADR-018: ABCI-Validators](./adr-018-ABCI-Validators.md)
+- [ADR-019: Multisigs](./adr-019-multisigs.md)
+- [ADR-020: Block-Size](./adr-020-block-size.md)
+- [ADR-021: ABCI-Events](./adr-021-abci-events.md)
+- [ADR-025: Commit](./adr-025-commit.md)
+- [ADR-026: General-Merkle-Proof](./adr-026-general-merkle-proof.md)
+- [ADR-033: Pubsub](./adr-033-pubsub.md)
+- [ADR-034: Priv-Validator-File-Structure](./adr-034-priv-validator-file-structure.md)
+- [ADR-043: Blockchain-RiRi-Org](./adr-043-blockchain-riri-org.md)
+- [ADR-044: Lite-Client-With-Weak-Subjectivity](./adr-044-lite-client-with-weak-subjectivity.md)
+- [ADR-046: Light-Client-Implementation](./adr-046-light-client-implementation.md)
+- [ADR-047: Handling-Evidence-From-Light-Client](./adr-047-handling-evidence-from-light-client.md)
+- [ADR-051: Double-Signing-Risk-Reduction](./adr-051-double-signing-risk-reduction.md)
+- [ADR-052: Tendermint-Mode](./adr-052-tendermint-mode.md)
+- [ADR-053: State-Sync-Prototype](./adr-053-state-sync-prototype.md)
+- [ADR-054: Crypto-Encoding-2](./adr-054-crypto-encoding-2.md)
+- [ADR-055: Protobuf-Design](./adr-055-protobuf-design.md)
+- [ADR-056: Light-Client-Amnesia-Attacks](./adr-056-light-client-amnesia-attacks)
+- [ADR-059: Evidence-Composition-and-Lifecycle](./adr-059-evidence-composition-and-lifecycle.md)
+- [ADR-062: P2P-Architecture](./adr-062-p2p-architecture.md)
+- [ADR-063: Privval-gRPC](./adr-063-privval-grpc.md)
+- [ADR-066-E2E-Testing](./adr-066-e2e-testing.md)
+### Accepted
+
+- [ADR-006: Trust-Metric](./adr-006-trust-metric.md)
+- [ADR-024: Sign-Bytes](./adr-024-sign-bytes.md)
+- [ADR-035: Documentation](./adr-035-documentation.md)
+- [ADR-039: Peer-Behaviour](./adr-039-peer-behaviour.md)
+- [ADR-060: Go-API-Stability](./adr-060-go-api-stability.md)
+- [ADR-061: P2P-Refactor-Scope](./adr-061-p2p-refactor-scope.md)
+- [ADR-065: Custom Event Indexing](./adr-065-custom-event-indexing.md)
+- [ADR-068: Reverse-Sync](./adr-068-reverse-sync.md)
+- [ADR-067: Mempool Refactor](./adr-067-mempool-refactor.md)
+
+### Rejected
+
+- [ADR-023: ABCI-Propose-tx](./adr-023-ABCI-propose-tx.md)
+- [ADR-029: Check-Tx-Consensus](./adr-029-check-tx-consensus.md)
+- [ADR-058: Event-Hashing](./adr-058-event-hashing.md)
+
+
+### Proposed
+
+- [ADR-007: Trust-Metric-Usage](./adr-007-trust-metric-usage.md)
+- [ADR-012: Peer-Transport](./adr-012-peer-transport.md)
+- [ADR-013: Symmetric-Crypto](./adr-013-symmetric-crypto.md)
+- [ADR-022: ABCI-Errors](./adr-022-abci-errors.md)
+- [ADR-030: Consensus-Refactor](./adr-030-consensus-refactor.md)
+- [ADR-037: Deliver-Block](./adr-037-deliver-block.md)
+- [ADR-038: Non-Zero-Start-Height](./adr-038-non-zero-start-height.md)
+- [ADR-041: Proposer-Selection-via-ABCI](./adr-041-proposer-selection-via-abci.md)
+- [ADR-045: ABCI-Evidence](./adr-045-abci-evidence.md)
+- [ADR-057: RPC](./adr-057-RPC.md)

docs/architecture/adr-001-logging.md

@@ -189,7 +189,7 @@ c2.SetLogger(log.With(logger, "instance", 2))
 
 ## Status
 
-proposed
+Implemented
 
 ## Consequences
 

docs/architecture/adr-002-event-subscription.md

@@ -71,7 +71,7 @@ For historic queries we will need a indexing storage (Postgres, SQLite, ...).
 
 ## Status
 
-proposed
+Implemented
 
 ## Consequences
 

docs/architecture/adr-003-abci-app-rpc.md

@@ -19,7 +19,7 @@ We dont expose an RPC server on any of our ABCI-apps.
 
 ## Status
 
-accepted
+Implemented
 
 ## Consequences