wip

Co-authored-by: samricotta <samricotta@users.noreply.github.com>

.github/CODEOWNERS

@@ -7,6 +7,6 @@
 # global owners are only requested if there isn't a more specific
 # codeowner specified below. For this reason, the global codeowners
 # are often repeated in package-level definitions.
-*     @ebuchman @tendermint/tendermint-engineering @adizere @lasarojc
+*     @ebuchman @tendermint/tendermint-engineering
 
-/spec @ebuchman @tendermint/tendermint-research @tendermint/tendermint-engineering @adizere @lasarojc
+/spec @ebuchman @tendermint/tendermint-research @tendermint/tendermint-engineering

.github/dependabot.yml

@@ -10,6 +10,16 @@ updates:
       - T:dependencies
       - S:automerge
 
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+    target-branch: "v0.37.x"
+    open-pull-requests-limit: 10
+    labels:
+      - T:dependencies
+      - S:automerge
+
   - package-ecosystem: github-actions
     directory: "/"
     schedule:
@@ -40,6 +50,18 @@ updates:
       - T:dependencies
       - S:automerge
 
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: weekly
+    target-branch: "v0.37.x"
+    # Only allow automated security-related dependency updates until we cut the
+    # final v0.37.0 release.
+    open-pull-requests-limit: 0
+    labels:
+      - T:dependencies
+      - S:automerge
+
   - package-ecosystem: gomod
     directory: "/"
     schedule:

.github/mergify.yml

@@ -17,6 +17,14 @@ pull_request_rules:
           {{ title }} (#{{ number }})
 
           {{ body }}
+  - name: backport patches to v0.37.x branch
+    conditions:
+      - base=main
+      - label=S:backport-to-v0.37.x
+    actions:
+      backport:
+        branches:
+          - v0.37.x
   - name: backport patches to v0.34.x branch
     conditions:
       - base=main

.github/workflows/docker.yml

@@ -41,17 +41,17 @@ jobs:
           platforms: all
 
       - name: Set up Docker Build
-        uses: docker/setup-buildx-action@v2.2.1
+        uses: docker/setup-buildx-action@v2.0.0
 
       - name: Login to DockerHub
         if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v2.1.0
+        uses: docker/login-action@v2.0.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Publish to Docker Hub
-        uses: docker/build-push-action@v3.2.0
+        uses: docker/build-push-action@v3.1.1
         with:
           context: .
           file: ./DOCKER/Dockerfile

.github/workflows/docs-deployment.yml

@@ -35,8 +35,6 @@ jobs:
           # versions will be available for the build.
           fetch-depth: 0
       - name: Build documentation
-        env:
-          NODE_OPTIONS: "--openssl-legacy-provider"
         run: |
           git config --global --add safe.directory "$PWD"
           make build-docs

.github/workflows/e2e-nightly-34x.yml

@@ -57,7 +57,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.22.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
@@ -77,28 +77,3 @@ jobs:
                 }
               ]
             }
-
-  e2e-nightly-success:  # may turn this off once they seem to pass consistently
-    needs: e2e-nightly-test
-    if: ${{ success() }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notify Slack on success
-        uses: slackapi/slack-github-action@v1.23.0
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
-          BRANCH: ${{ needs.e2e-nightly-test.outputs.git-branch }}
-        with:
-          payload: |
-            {
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": ":white_check_mark: Nightly E2E tests for `${{ env.BRANCH }}` passed."
-                  }
-                }
-              ]
-            }

.github/workflows/e2e-nightly-37x.yml

@@ -0,0 +1,79 @@
+# Runs randomly generated E2E testnets nightly on the v0.37.x branch.
+
+# !! This file should be kept in sync with the e2e-nightly-main.yml file,
+# modulo changes to the version labels.
+
+name: e2e-nightly-37x
+on:
+  schedule:
+    - cron: '0 2 * * *'
+
+jobs:
+  e2e-nightly-test:
+    # Run parallel jobs for the listed testnet groups (must match the
+    # ./build/generator -g flag)
+    strategy:
+      fail-fast: false
+      matrix:
+        group: ['00', '01', '02', '03', "04"]
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '1.18'
+
+      - uses: actions/checkout@v3
+        with:
+          ref: 'v0.37.x'
+
+      - name: Capture git repo info
+        id: git-info
+        run: |
+          echo "::set-output name=branch::`git branch --show-current`"
+          echo "::set-output name=commit::`git rev-parse HEAD`"
+
+      - name: Build
+        working-directory: test/e2e
+        # Run make jobs in parallel, since we can't run steps in parallel.
+        run: make -j2 docker generator runner tests
+
+      - name: Generate testnets
+        working-directory: test/e2e
+        # When changing -g, also change the matrix groups above
+        run: ./build/generator -g 5 -d networks/nightly/
+
+      - name: Run ${{ matrix.p2p }} p2p testnets
+        working-directory: test/e2e
+        run: ./run-multiple.sh networks/nightly/*-group${{ matrix.group }}-*.toml
+
+    outputs:
+      git-branch: ${{ steps.git-info.outputs.branch }}
+      git-commit: ${{ steps.git-info.outputs.commit }}
+
+  e2e-nightly-fail:
+    needs: e2e-nightly-test
+    if: ${{ failure() }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify Slack on failure
+        uses: slackapi/slack-github-action@v1.22.0
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
+          BRANCH: ${{ needs.e2e-nightly-test.outputs.git-branch }}
+          RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          COMMIT_URL: "${{ github.server_url }}/${{ github.repository }}/commit/${{ needs.e2e-nightly-test.outputs.git-commit }}"
+        with:
+          payload: |
+            {
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": ":skull: Nightly E2E tests for `${{ env.BRANCH }}` failed. See the <${{ env.RUN_URL }}|run details> and the <${{ env.COMMIT_URL }}|commit> that caused the failure."
+                  }
+                }
+              ]
+            }

.github/workflows/e2e-nightly-main.yml

@@ -46,7 +46,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.22.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
@@ -66,28 +66,3 @@ jobs:
                 }
               ]
             }
-
-  e2e-nightly-success:  # may turn this off once they seem to pass consistently
-    needs: e2e-nightly-test
-    if: ${{ success() }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notify Slack on success
-        uses: slackapi/slack-github-action@v1.23.0
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
-          BRANCH: ${{ github.ref_name }}
-        with:
-          payload: |
-            {
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": ":white_check_mark: Nightly E2E tests for `${{ env.BRANCH }}` passed."
-                  }
-                }
-              ]
-            }

.github/workflows/fuzz-nightly.yml

@@ -76,7 +76,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify Slack on failure
-        uses: slackapi/slack-github-action@v1.23.0
+        uses: slackapi/slack-github-action@v1.22.0
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

.github/workflows/gosec.yml

@@ -0,0 +1,41 @@
+name: Run Gosec
+on:
+  pull_request:
+    paths:
+      - '**/*.go'
+      - 'go.mod'
+      - 'go.sum'
+  push:
+    branches:
+      - main
+      - 'feature/*'
+      - 'v0.37.x'
+      - 'v0.34.x'
+    paths:
+      - '**/*.go'
+      - 'go.mod'
+      - 'go.sum'
+
+jobs:
+  Gosec:
+    permissions:
+      security-events: write
+
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+
+      - name: Run Gosec Security Scanner
+        uses: cosmos/gosec@master
+        with:
+          # Let the report trigger a failure with the Github Security scanner features.
+          args: "-no-fail -fmt sarif -out results.sarif ./..."
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif

.github/workflows/govulncheck.yml

@@ -1,31 +0,0 @@
-name: Check for Go vulnerabilities
-# Runs https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck to proactively
-# check for vulnerabilities in code packages if there were any changes made to
-# any Go code or dependencies.
-#
-# Run `make vulncheck` from the root of the repo to run this workflow locally.
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-      - release/**
-
-jobs:
-  govulncheck:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/setup-go@v3
-        with:
-          go-version: "1.18"
-      - uses: actions/checkout@v3
-      - uses: technote-space/get-diff-action@v6
-        with:
-          PATTERNS: |
-            **/*.go
-            go.mod
-            go.sum
-            Makefile
-      - name: govulncheck
-        run: make vulncheck
-        if: "env.GIT_DIFF != ''"

.github/workflows/janitor.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
-      - uses: styfle/cancel-workflow-action@0.11.0
+      - uses: styfle/cancel-workflow-action@0.10.1
         with:
           workflow_id: 1041851,1401230,2837803
           access_token: ${{ github.token }}

.github/workflows/lint.yml

@@ -31,7 +31,10 @@ jobs:
             go.sum
       - uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.50.1
+          # Required: the version of golangci-lint is required and
+          # must be specified without patch version: we always use the
+          # latest patch version.
+          version: v1.47.3
           args: --timeout 10m
           github-token: ${{ secrets.github_token }}
         if: env.GIT_DIFF

.github/workflows/markdown-links.yml

@@ -0,0 +1,23 @@
+name: Check Markdown links
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches: [main]
+
+jobs:
+  markdown-link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: technote-space/get-diff-action@v6
+        with:
+          PATTERNS: |
+            **/**.md
+      - uses: creachadair/github-action-markdown-link-check@master
+        with:
+          check-modified-files-only: 'yes'
+          config-file: '.md-link-check.json'
+        if: env.GIT_DIFF

.github/workflows/pre-release.yml

@@ -8,7 +8,7 @@ on:
       - "v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+"      # e.g. v0.37.0-rc1, v0.38.0-rc10
 
 jobs:
-  prerelease:
+  goreleaser:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -21,7 +21,7 @@ jobs:
           go-version: '1.18'
 
       - name: Build
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v3
         if: ${{ github.event_name == 'pull_request' }}
         with:
           version: latest
@@ -31,35 +31,10 @@ jobs:
       - run: echo https://github.com/tendermint/tendermint/blob/${GITHUB_REF#refs/tags/}/CHANGELOG_PENDING.md > ../release_notes.md
 
       - name: Release
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v3
         if: startsWith(github.ref, 'refs/tags/')
         with:
           version: latest
           args: release --rm-dist --release-notes=../release_notes.md
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  prerelease-success:
-    needs: prerelease
-    if: ${{ success() }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notify Slack upon pre-release
-        uses: slackapi/slack-github-action@v1.23.0
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
-          RELEASE_URL: "${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}"
-        with:
-          payload: |
-            {
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": ":sparkles: New Tendermint pre-release: <${{ env.RELEASE_URL }}|${{ github.ref_name }}>"
-                  }
-                }
-              ]
-            }

.github/workflows/proto-lint.yml

@@ -15,7 +15,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v3
-      - uses: bufbuild/buf-setup-action@v1.10.0
+      - uses: bufbuild/buf-setup-action@v1.8.0
       - uses: bufbuild/buf-lint-action@v1
         with:
           input: 'proto'

.github/workflows/release.yml

@@ -6,7 +6,7 @@ on:
       - "v[0-9]+.[0-9]+.[0-9]+"  # Push events to matching v*, i.e. v1.0, v20.15.10
 
 jobs:
-  release:
+  goreleaser:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -19,7 +19,7 @@ jobs:
           go-version: '1.18'
 
       - name: Build
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v3
         if: ${{ github.event_name == 'pull_request' }}
         with:
           version: latest
@@ -28,35 +28,10 @@ jobs:
       - run: echo https://github.com/tendermint/tendermint/blob/${GITHUB_REF#refs/tags/}/CHANGELOG.md#${GITHUB_REF#refs/tags/} > ../release_notes.md
 
       - name: Release
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v3
         if: startsWith(github.ref, 'refs/tags/')
         with:
           version: latest
           args: release --rm-dist --release-notes=../release_notes.md
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  release-success:
-    needs: release
-    if: ${{ success() }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notify Slack upon release
-        uses: slackapi/slack-github-action@v1.23.0
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
-          RELEASE_URL: "${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}"
-        with:
-          payload: |
-            {
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": ":rocket: New Tendermint release: <${{ env.RELEASE_URL }}|${{ github.ref_name }}>"
-                  }
-                }
-              ]
-            }

.github/workflows/testapp-docker.yml

@@ -1,60 +0,0 @@
-name: Docker E2E Node
-# Build & Push rebuilds the e2e Testapp docker image on every push to main and creation of tags
-# and pushes the image to https://hub.docker.com/r/tendermint/e2e-node
-on:
-  push:
-    branches:
-      - main
-    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"               # Push events to matching v*, i.e. v1.0, v20.15.10
-      - "v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+"  # e.g. v0.37.0-alpha.1, v0.38.0-alpha.10
-      - "v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+"   # e.g. v0.37.0-beta.1, v0.38.0-beta.10
-      - "v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+"      # e.g. v0.37.0-rc1, v0.38.0-rc10
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=tendermint/e2e-node
-          VERSION=noop
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          elif [[ $GITHUB_REF == refs/heads/* ]]; then
-            VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
-            if [ "${{ github.event.repository.default_branch }}" = "$VERSION" ]; then
-              VERSION=latest
-            fi
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          if [[ $VERSION =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:${VERSION}"
-          fi
-          echo "tags=${TAGS}" >> $GITHUB_OUTPUT
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@master
-        with:
-          platforms: all
-
-      - name: Set up Docker Build
-        uses: docker/setup-buildx-action@v2.2.1
-
-      - name: Login to DockerHub
-        if: ${{ github.event_name != 'pull_request' }}
-        uses: docker/login-action@v2.1.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Publish to Docker Hub
-        uses: docker/build-push-action@v3.2.0
-        with:
-          context: .
-          file: ./test/e2e/docker/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'beep_boop' }}
-          tags: ${{ steps.prep.outputs.tags }}

.gitignore

@@ -55,5 +55,3 @@ proto/spec/**/*.pb.go
 *.pdf
 *.gz
 *.dvi
-# Python virtual environments
-.venv

.golangci.yml

@@ -2,6 +2,7 @@ linters:
   enable:
     - asciicheck
     - bodyclose
+    - deadcode
     - depguard
     - dogsled
     - dupl
@@ -25,6 +26,7 @@ linters:
     - typecheck
     - unconvert
     - unused
+    - varcheck
 
 issues:
   exclude-rules:

CHANGELOG.md

@@ -863,7 +863,7 @@ and a validator address plus a timestamp. Note we may remove the validator
 address & timestamp fields in the future (see ADR-25).
 
 `lite2` package has been added to solve `lite` issues and introduce weak
-subjectivity interface. Refer to the [spec](https://github.com/tendermint/tendermint/blob/main/spec/consensus/light-client.md) for complete details.
+subjectivity interface. Refer to the [spec](https://github.com/tendermint/tendermint/tree/main/spec/consensus/light-client) for complete details.
 `lite` package is now deprecated and will be removed in v0.34 release.
 
 ### BREAKING CHANGES:
@@ -1223,8 +1223,8 @@ Special thanks to external contributors on this release: @jon-certik, @gracenoah
 
 *August 28, 2019*
 
-@climber73 wrote the [Writing a Tendermint Core application in Java
-(gRPC)](https://github.com/tendermint/tendermint/blob/main/docs/guides/java.md)
+@climber73 wrote the [Writing a Tendermint Core application in Java 
+(gRPC)](https://docs.tendermint.com/v0.34/tutorials/java.html)
 guide.
 
 Special thanks to external contributors on this release:
@@ -2614,7 +2614,7 @@ are affected by a change.
 
 A few more breaking changes are in the works - each will come with a clear
 Architecture Decision Record (ADR) explaining the change. You can review ADRs
-[here](https://github.com/tendermint/tendermint/tree/develop/docs/architecture)
+[here](https://github.com/tendermint/tendermint/tree/main/docs/architecture)
 or in the [open Pull Requests](https://github.com/tendermint/tendermint/pulls).
 You can also check in on the [issues marked as
 breaking](https://github.com/tendermint/tendermint/issues?q=is%3Aopen+is%3Aissue+label%3Abreaking).
@@ -2893,7 +2893,7 @@ BREAKING CHANGES:
 FEATURES
 - [cmd] Added metrics (served under `/metrics` using a Prometheus client;
   disabled by default). See the new `instrumentation` section in the config and
-  [metrics](https://tendermint.readthedocs.io/projects/tools/en/develop/metrics.html)
+  [metrics](https://github.com/tendermint/tendermint/blob/main/docs/tendermint-core/metrics.md)
   guide.
 - [p2p] Add IPv6 support to peering.
 - [p2p] Add `external_address` to config to allow specifying the address for
@@ -3007,7 +3007,7 @@ BREAKING:
 
 FEATURES
 
-- [rpc] the RPC documentation is now published to https://tendermint.github.io/slate
+- [rpc] the RPC documentation is now published to https://github.com/tendermint/tendermint/tree/main/spec/rpc
 - [p2p] AllowDuplicateIP config option to refuse connections from same IP.
     - true by default for now, false by default in next breaking release
 - [docs] Add docs for query, tx indexing, events, pubsub
@@ -3486,7 +3486,7 @@ containing substructs: `BaseConfig`, `P2PConfig`, `MempoolConfig`, `ConsensusCon
 
 - Logger
   - Replace static `log15` logger with a simple interface, and provide a new implementation using `go-kit`.
-See our new [logging library](https://github.com/tendermint/tmlibs/log) and [blog post](https://tendermint.com/blog/abstracting-the-logger-interface-in-go) for more details
+See our new [logging library](https://github.com/tendermint/tendermint/blob/main/libs/log/logger.go) and [blog post](https://blog.cosmos.network/abstracting-the-logger-interface-in-go-4cf96bf90bb7) for more details
   - Levels `warn` and `notice` are removed (you may need to change them in your `config.toml`!)
   - Change some [function and method signatures](https://gist.github.com/ebuchman/640d5fc6c2605f73497992fe107ebe0b) to accept a logger
 

CHANGELOG_PENDING.md

@@ -1,5 +1,37 @@
 # Unreleased Changes
 
+## v0.38.0
+
+### BREAKING CHANGES
+
+- CLI/RPC/Config
+
+- Apps
+
+- P2P Protocol
+
+- Go API
+
+- Blockchain Protocol
+
+- Data Storage
+  - [state] \#6541 Move pruneBlocks from consensus/state to state/execution. (@JayT106)
+  
+- Tooling
+  - [tools/tm-signer-harness] \#6498 Set OS home dir to instead of the hardcoded PATH. (@JayT106)
+
+### FEATURES
+
+### IMPROVEMENTS
+
+- [pubsub] \#7319 Performance improvements for the event query API (@creachadair)
+- [p2p/pex] \#6509 Improve addrBook.hash performance (@cuonglm)
+- [crypto/merkle] \#6443 & \#6513 Improve HashAlternatives performance (@cuonglm, @marbar3778)
+
+### BUG FIXES
+
+- [docker] \#9462 ensure Docker image uses consistent version of Go
+
 ## v0.37.0
 
 Special thanks to external contributors on this release:
@@ -33,6 +65,7 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 - Go API
     - [all] \#9144 Change spelling from British English to American (@cmwaters)
         - Rename "Subscription.Cancelled()" to "Subscription.Canceled()" in libs/pubsub
+    - [crypto/sr25519] \#6526 Do not re-execute the Ed25519-style key derivation step when doing signing and verification.  The derivation is now done once and only once.  This breaks `sr25519.GenPrivKeyFromSecret` output compatibility. (@Yawning)
 
 - Blockchain Protocol
 
@@ -41,15 +74,25 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 - [abci] \#9301 New ABCI methods `PrepareProposal` and `ProcessProposal` which give the app control over transactions proposed and allows for verification of proposed blocks.
 
 ### IMPROVEMENTS
-
 - [crypto] \#9250 Update to use btcec v2 and the latest btcutil. (@wcsiu)
+
+- [cli] \#9171 add `--hard` flag to rollback command (and a boolean to the `RollbackState` method). This will rollback
+  state and remove the last block. This command can be triggered multiple times. The application must also rollback
+  state to the same height. (@tsutsu, @cmwaters)
 - [proto] \#9356 Migrate from `gogo/protobuf` to `cosmos/gogoproto` (@julienrbrt)
 - [rpc] \#9276 Added `header` and `header_by_hash` queries to the RPC client (@samricotta)
 - [abci] \#5706 Added `AbciVersion` to `RequestInfo` allowing applications to check ABCI version when connecting to Tendermint. (@marbar3778)
+- [node] \#6059 Validate and complete genesis doc before saving to state store (@silasdavis)
+
+- [crypto/ed25519] \#5632 Adopt zip215 `ed25519` verification. (@marbar3778)
+- [crypto/ed25519] \#6526 Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `ed25519` signing and verification. (@Yawning)
+- [crypto/sr25519] \#6526 Use [curve25519-voi](https://github.com/oasisprotocol/curve25519-voi) for `sr25519` signing and verification. (@Yawning)
+- [crypto] \#6120 Implement batch verification interface for ed25519 and sr25519. (@marbar3778 & @Yawning)
+- [types] \#6120 use batch verification for verifying commits signatures. (@marbar3778 & @cmwaters & @Yawning)
+    - If the key type supports the batch verification API it will try to batch verify. If the verification fails we will single verify each signature.
+- [state] \#9505 Added logic so when pruning, the evidence period is taken into consideration and only deletes unecessary data (@samricotta)
 
 ### BUG FIXES
 
 - [consensus] \#9229 fix round number of `enterPropose` when handling `RoundStepNewRound` timeout. (@fatcat22)
 - [docker] \#9073 enable cross platform build using docker buildx
-- [docker] \#9462 ensure Docker image uses consistent version of Go
-- [blocksync] \#9518 handle the case when the sending queue is full: retry block request after a timeout

DOCKER/README.md

@@ -8,7 +8,7 @@ Official releases can be found [here](https://github.com/tendermint/tendermint/r
 
 The Dockerfile for Tendermint is not expected to change in the near future. The main file used for all builds can be found [here](https://raw.githubusercontent.com/tendermint/tendermint/main/DOCKER/Dockerfile).
 
-Respective versioned files can be found <https://raw.githubusercontent.com/tendermint/tendermint/vX.XX.XX/DOCKER/Dockerfile> (replace the Xs with the version number).
+Respective versioned files can be found at `https://raw.githubusercontent.com/tendermint/tendermint/vX.XX.XX/DOCKER/Dockerfile` (replace the Xs with the version number).
 
 ## Quick reference
 
@@ -20,9 +20,9 @@ Respective versioned files can be found <https://raw.githubusercontent.com/tende
 
 Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine, written in any programming language, and securely replicates it on many machines.
 
-For more background, see the [the docs](https://docs.tendermint.com/v0.37/introduction/#quick-start).
+For more background, see the [the docs](https://docs.tendermint.com/main/introduction/#quick-start).
 
-To get started developing applications, see the [application developers guide](https://docs.tendermint.com/v0.37/introduction/quick-start.html).
+To get started developing applications, see the [application developers guide](https://docs.tendermint.com/main/introduction/quick-start.html).
 
 ## How to use this image
 
@@ -37,7 +37,7 @@ docker run -it --rm -v "/tmp:/tendermint" tendermint/tendermint node --proxy_app
 
 ## Local cluster
 
-To run a 4-node network, see the `Makefile` in the root of [the repo](https://github.com/tendermint/tendermint/blob/v0.37.x/Makefile) and run:
+To run a 4-node network, see the `Makefile` in the root of [the repo](https://github.com/tendermint/tendermint/blob/main/Makefile) and run:
 
 ```sh
 make build-linux
@@ -53,4 +53,4 @@ Note that this will build and use a different image than the ones provided here.
 
 ## Contributing
 
-Contributions are most welcome! See the [contributing file](https://github.com/tendermint/tendermint/blob/v0.37.x/CONTRIBUTING.md) for more information.
+Contributions are most welcome! See the [contributing file](https://github.com/tendermint/tendermint/blob/main/CONTRIBUTING.md) for more information.

Makefile

@@ -4,14 +4,8 @@ OUTPUT?=$(BUILDDIR)/tendermint
 
 BUILD_TAGS?=tendermint
 
-# If building a release, please checkout the version tag to get the correct version setting
-ifneq ($(shell git symbolic-ref -q --short HEAD),)
-VERSION := unreleased-$(shell git symbolic-ref -q --short HEAD)-$(shell git rev-parse HEAD)
-else
-VERSION := $(shell git describe)
-endif
-
-LD_FLAGS = -X github.com/tendermint/tendermint/version.TMCoreSemVer=$(VERSION)
+COMMIT_HASH := $(shell git rev-parse --short HEAD)
+LD_FLAGS = -X github.com/tendermint/tendermint/version.TMGitCommitHash=$(COMMIT_HASH)
 BUILD_FLAGS = -mod=readonly -ldflags "$(LD_FLAGS)"
 HTTPS_GIT := https://github.com/tendermint/tendermint.git
 CGO_ENABLED ?= 0
@@ -277,13 +271,9 @@ format:
 
 lint:
 	@echo "--> Running linter"
-	@go run github.com/golangci/golangci-lint/cmd/golangci-lint run
+	@golangci-lint run
 .PHONY: lint
 
-vulncheck:
-	@go run golang.org/x/vuln/cmd/govulncheck@latest ./...
-.PHONY: vulncheck
-
 DESTINATION = ./index.html.md
 
 ###############################################################################
@@ -410,4 +400,4 @@ $(BUILDDIR)/packages.txt:$(GO_TEST_FILES) $(BUILDDIR)
 split-test-packages:$(BUILDDIR)/packages.txt
 	split -d -n l/$(NUM_SPLIT) $< $<.
 test-group-%:split-test-packages
-	cat $(BUILDDIR)/packages.txt.$* | xargs go test -mod=readonly -timeout=5m -race -coverprofile=$(BUILDDIR)/$*.profile.out
+	cat $(BUILDDIR)/packages.txt.$* | xargs go test -mod=readonly -timeout=15m -race -coverprofile=$(BUILDDIR)/$*.profile.out

README.md

@@ -70,8 +70,8 @@ See the [install instructions](./docs/introduction/install.md).
 ### Quick Start
 
 - [Single node](./docs/introduction/quick-start.md)
-- [Local cluster using docker-compose](./docs/tools/docker-compose.md)
-- [Remote cluster using Terraform and Ansible](./docs/tools/terraform-and-ansible.md)
+- [Local cluster using docker-compose](./docs/networks/docker-compose.md)
+- [Remote cluster using Terraform and Ansible](./docs/networks/terraform-and-ansible.md)
 
 ## Contributing
 
@@ -145,7 +145,7 @@ Upgrading instructions can be found in [UPGRADING.md](./UPGRADING.md).
 
 ## Join us!
 
-Tendermint Core is maintained by [Interchain GmbH](https://interchain.berlin).
+Tendermint Core is maintained by [Interchain GmbH](https://interchain.io).
 If you'd like to work full-time on Tendermint Core,
 [we're hiring](https://interchain-gmbh.breezy.hr/)!
 
@@ -157,7 +157,7 @@ for-profit entity that also maintains [tendermint.com](https://tendermint.com).
 [bft]: https://en.wikipedia.org/wiki/Byzantine_fault_tolerance
 [smr]: https://en.wikipedia.org/wiki/State_machine_replication
 [Blockchain]: https://en.wikipedia.org/wiki/Blockchain
-[version-badge]: https://img.shields.io/github/tag/tendermint/tendermint.svg
+[version-badge]: https://img.shields.io/github/v/release/tendermint/tendermint.svg
 [version-url]: https://github.com/tendermint/tendermint/releases/latest
 [api-badge]: https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667
 [api-url]: https://pkg.go.dev/github.com/tendermint/tendermint

RELEASES.md

@@ -45,7 +45,7 @@ the 0.38.x line.
 1. Start on `main`
 
 2. Ensure that there is a [branch protection
-   rule](https://github.com/tendermint/tendermint/settings/branches) for the
+   rule](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule) for the
    branch you are about to create (you will need admin access to the repository
    in order to do this).
 
@@ -93,22 +93,14 @@ the 0.38.x line.
 
 After doing these steps, go back to `main` and do the following:
 
-1. Tag `main` as the dev branch for the _next_ minor version release and push
-   it up to GitHub.
-   For example:
-   ```sh
-   git tag -a v0.39.0-dev -m "Development base for Tendermint v0.39."
-   git push origin v0.39.0-dev
-   ```
-
-2. Create a new workflow to run e2e nightlies for the new backport branch. (See
+1. Create a new workflow to run e2e nightlies for the new backport branch. (See
    [e2e-nightly-main.yml][e2e] for an example.)
 
-3. Add a new section to the Mergify config (`.github/mergify.yml`) to enable the
+2. Add a new section to the Mergify config (`.github/mergify.yml`) to enable the
    backport bot to work on this branch, and add a corresponding `S:backport-to-v0.38.x`
    [label](https://github.com/tendermint/tendermint/labels) so the bot can be triggered.
 
-4. Add a new section to the Dependabot config (`.github/dependabot.yml`) to
+3. Add a new section to the Dependabot config (`.github/dependabot.yml`) to
    enable automatic update of Go dependencies on this branch. Copy and edit one
    of the existing branch configurations to set the correct `target-branch`.
 

STYLE_GUIDE.md

@@ -98,7 +98,7 @@ Sometimes it's necessary to rename libraries to avoid naming collisions or ambig
     * Make use of table driven testing where possible and not-cumbersome
         * [Inspiration](https://dave.cheney.net/2013/06/09/writing-table-driven-tests-in-go)
     * Make use of [assert](https://godoc.org/github.com/stretchr/testify/assert) and [require](https://godoc.org/github.com/stretchr/testify/require)
-* When using mocks, it is recommended to use Testify [mock](<https://pkg.go.dev/github.com/stretchr/testify/mock>
+* When using mocks, it is recommended to use Testify [mock] (<https://pkg.go.dev/github.com/stretchr/testify/mock>
  ) along with [Mockery](https://github.com/vektra/mockery) for autogeneration
 
 ## Errors

UPGRADING.md

@@ -3,7 +3,7 @@
 This guide provides instructions for upgrading to specific versions of
 Tendermint Core.
 
-## v0.37.0
+## Unreleased
 
 ### ABCI Changes
 
@@ -12,7 +12,7 @@ Tendermint Core.
 * Added new ABCI methods `PrepareProposal` and `ProcessProposal`. For details,
   please see the [spec](spec/abci/README.md). Applications upgrading to
   v0.37.0 must implement these methods, at the very minimum, as described
-  [here](/spec/abci/abci%2B%2B_tmint_expected_behavior.md#adapting-existing-applications-that-use-abci)
+  [here](./spec/abci/abci++_app_requirements.md)
 * Deduplicated `ConsensusParams` and `BlockParams`.
   In the v0.34 branch they are defined both in `abci/types.proto` and `types/params.proto`.
   The definitions in `abci/types.proto` have been removed.

abci/README.md

@@ -19,8 +19,8 @@ To get up and running quickly, see the [getting started guide](../docs/app-dev/g
 
 A detailed description of the ABCI methods and message types is contained in:
 
-- [The main spec](https://github.com/tendermint/tendermint/blob/v0.37.x/spec/abci/abci.md)
-- [A protobuf file](./types/types.proto)
+- [The main spec](https://github.com/tendermint/tendermint/blob/main/spec/abci/README.md)
+- [A protobuf file](../proto/tendermint/types/types.proto)
 - [A Go interface](./types/application.go)
 
 ## Protocol Buffers

abci/cmd/abci-cli/abci-cli.go

@@ -460,14 +460,11 @@ func cmdUnimplemented(cmd *cobra.Command, args []string) error {
 
 	fmt.Println("Available commands:")
 	fmt.Printf("%s: %s\n", echoCmd.Use, echoCmd.Short)
-	fmt.Printf("%s: %s\n", checkTxCmd.Use, checkTxCmd.Short)
-	fmt.Printf("%s: %s\n", commitCmd.Use, commitCmd.Short)
-	fmt.Printf("%s: %s\n", deliverTxCmd.Use, deliverTxCmd.Short)
 	fmt.Printf("%s: %s\n", infoCmd.Use, infoCmd.Short)
+	fmt.Printf("%s: %s\n", checkTxCmd.Use, checkTxCmd.Short)
+	fmt.Printf("%s: %s\n", deliverTxCmd.Use, deliverTxCmd.Short)
 	fmt.Printf("%s: %s\n", queryCmd.Use, queryCmd.Short)
-	fmt.Printf("%s: %s\n", prepareProposalCmd.Use, prepareProposalCmd.Short)
-	fmt.Printf("%s: %s\n", processProposalCmd.Use, processProposalCmd.Short)
-
+	fmt.Printf("%s: %s\n", commitCmd.Use, commitCmd.Short)
 	fmt.Println("Use \"[command] --help\" for more information about a command.")
 
 	return nil

abci/example/code/code.go

@@ -8,5 +8,4 @@ const (
 	CodeTypeUnauthorized  uint32 = 3
 	CodeTypeUnknownError  uint32 = 4
 	CodeTypeExecuted      uint32 = 5
-	CodeTypeRejected      uint32 = 6
 )

abci/example/kvstore/kvstore.go

@@ -79,7 +79,7 @@ func NewApplication() *Application {
 func (app *Application) Info(req types.RequestInfo) (resInfo types.ResponseInfo) {
 	return types.ResponseInfo{
 		Data:             fmt.Sprintf("{\"size\":%v}", app.state.Size),
-		Version:          version.ABCIVersion,
+		Version:          version.ABCISemVer,
 		AppVersion:       ProtocolVersion,
 		LastBlockHeight:  app.state.Height,
 		LastBlockAppHash: app.state.AppHash,
@@ -122,10 +122,6 @@ func (app *Application) DeliverTx(req types.RequestDeliverTx) types.ResponseDeli
 }
 
 func (app *Application) CheckTx(req types.RequestCheckTx) types.ResponseCheckTx {
-	if len(req.Tx) == 0 {
-		return types.ResponseCheckTx{Code: code.CodeTypeRejected}
-	}
-
 	if req.Type == types.CheckTxType_Recheck {
 		if _, ok := app.txToRemove[string(req.Tx)]; ok {
 			return types.ResponseCheckTx{Code: code.CodeTypeExecuted, GasWanted: 1}

abci/example/kvstore/kvstore_test.go

@@ -70,24 +70,6 @@ func TestKVStoreKV(t *testing.T) {
 	testKVStore(t, kvstore, tx, key, value)
 }
 
-func TestPersistentKVStoreEmptyTX(t *testing.T) {
-	dir, err := os.MkdirTemp("/tmp", "abci-kvstore-test") // TODO
-	if err != nil {
-		t.Fatal(err)
-	}
-	kvstore := NewPersistentKVStoreApplication(dir)
-	tx := []byte("")
-	reqCheck := types.RequestCheckTx{Tx: tx}
-	resCheck := kvstore.CheckTx(reqCheck)
-	require.Equal(t, resCheck.Code, code.CodeTypeRejected)
-
-	txs := make([][]byte, 0, 4)
-	txs = append(txs, []byte("key=value"), []byte("key"), []byte(""), []byte("kee=value"))
-	reqPrepare := types.RequestPrepareProposal{Txs: txs, MaxTxBytes: 10 * 1024}
-	resPrepare := kvstore.PrepareProposal(reqPrepare)
-	require.Equal(t, len(reqPrepare.Txs), len(resPrepare.Txs)+1, "Empty transaction not properly removed")
-}
-
 func TestPersistentKVStoreKV(t *testing.T) {
 	dir, err := os.MkdirTemp("/tmp", "abci-kvstore-test") // TODO
 	if err != nil {

abci/example/kvstore/persistent_kvstore.go

@@ -324,15 +324,11 @@ func (app *PersistentKVStoreApplication) execPrepareTx(tx []byte) types.Response
 }
 
 // substPrepareTx substitutes all the transactions prefixed with 'prepare' in the
-// proposal for transactions with the prefix stripped, while discarding invalid empty transactions.
+// proposal for transactions with the prefix stripped.
 func (app *PersistentKVStoreApplication) substPrepareTx(blockData [][]byte, maxTxBytes int64) [][]byte {
 	txs := make([][]byte, 0, len(blockData))
 	var totalBytes int64
 	for _, tx := range blockData {
-		if len(tx) == 0 {
-			continue
-		}
-
 		txMod := tx
 		if isPrepareTx(tx) {
 			txMod = bytes.Replace(tx, []byte(PreparePrefix), []byte(ReplacePrefix), 1)

abci/example/orderbook/app.go

@@ -0,0 +1,573 @@
+package orderbook
+
+import (
+	"bytes"
+	"encoding/binary"
+	fmt "fmt"
+
+	"github.com/cosmos/gogoproto/proto"
+	dbm "github.com/tendermint/tm-db"
+
+	"github.com/tendermint/tendermint/abci/types"
+	"github.com/tendermint/tendermint/crypto/ed25519"
+	"github.com/tendermint/tendermint/crypto/tmhash"
+)
+
+var _ types.Application = (*StateMachine)(nil)
+
+const Version = 1
+
+const (
+	// In tendermint a zero code is okay and all non zero codes are errors
+	StatusOK = iota
+	StatusErrDecoding
+	StatusErrUnknownMessage
+	StatusErrValidateBasic
+	StatusErrNoAccount
+	StatusErrAccountExists
+	StatusErrNoPair
+	StatusErrPairExists
+	StatusErrInvalidOrder
+	StatusErrUnacceptableMessage
+	StatusErrNoCommodity
+)
+
+var (
+	stateKey   = []byte("state")
+	accountKey = []byte("account")
+	pairKey    = []byte("pair")
+)
+
+// StateMachine is the main struct that encompasses the logic of the orderbook
+type StateMachine struct {
+	// inherit all the abci methods so we don't have to implement everything
+	types.BaseApplication
+
+	// persisted state which is a key value store containing:
+	//   accountID -> account
+	//   pairID -> pair
+	db dbm.DB
+
+	// in-memory state
+	lastHeight int64  // the last height that was persisted
+	lastHash   []byte // the last hash that was persisted
+	// list of accounts (this is used for the app hash)
+	accounts    []*Account
+	pairs       map[string]*Pair    // lookup pairs
+	commodities map[string]struct{} // lookup commodities
+	publicKeys  map[string]struct{} // lookup existence of an account
+	// a list of transactions that have been modified by the most recent block
+	// and will need to result in an update to the db
+	touchedAccounts map[uint64]struct{}
+	// new pairs added in this block which will needed to be added to the
+	// db on "Commit"
+	newPairs []*Pair
+
+	// app-side mempool (also emphemeral)
+	// this takes ask and bid transactions from `CheckTx`
+	// and matches them as a "MatchedOrder" which is
+	// then proposed in a block
+	//
+	// it's important to note that there is no garbage collection
+	// here. Bids and asks, potentially even invalid, will
+	// continue to stay here until matched
+	markets map[string]*Market // i.e. ATOM/USDC
+}
+
+// New creates a StateMachine from a given database. If the database is
+// empty a fresh instance is created else the accounts, pairs and
+// state are loaded into memory.
+func New(db dbm.DB) (*StateMachine, error) {
+	// iterate over all the account keys
+	iter, err := db.Iterator(nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer iter.Close()
+
+	var (
+		accounts    = make([]*Account, 0)
+		publicKeys  = make(map[string]struct{})
+		commodities = make(map[string]struct{})
+		pairs       = make(map[string]*Pair)
+		markets = make(map[string]*Market)
+		lastHeight  uint64
+		lastHash    []byte
+	)
+
+	for ; iter.Valid(); iter.Next() {
+		if bytes.HasPrefix(iter.Key(), pairKey) {
+			var pair Pair
+			if err := proto.Unmarshal(iter.Value(), &pair); err != nil {
+				return nil, err
+			}
+			pairs[pair.String()] = &pair
+			commodities[pair.BuyersDenomination] = struct{}{}
+			markets[pair.String()] = NewMarket(&pair)
+		}
+
+		if bytes.HasPrefix(iter.Key(), accountKey) {
+			var acc Account
+			if err := proto.Unmarshal(iter.Value(), &acc); err != nil {
+				return nil, err
+			}
+
+			accounts = append(accounts, &acc)
+			publicKeys[string(acc.PublicKey)] = struct{}{}
+		}
+
+		if bytes.HasPrefix(iter.Key(), stateKey) {
+			state := iter.Value()
+			lastHeight = binary.BigEndian.Uint64(state[:4])
+			lastHash = state[4:]
+		}
+	}
+
+	return &StateMachine{
+		accounts:    accounts,
+		pairs:       pairs,
+		commodities: commodities,
+		publicKeys:  publicKeys,
+		markets:     markets,
+		lastHeight:  int64(lastHeight),
+		lastHash:    lastHash,
+		db:          db,
+		touchedAccounts: make(map[uint64]struct{}),
+		newPairs: make([]*Pair, 0),
+	}, nil
+}
+
+// Info is used by Tendermint to understand the state of the application.
+// This is useful for replay and syncing modes.
+func (sm *StateMachine) Info(req types.RequestInfo) types.ResponseInfo {
+	return types.ResponseInfo{
+		AppVersion:       Version,
+		LastBlockHeight:  sm.lastHeight,
+		LastBlockAppHash: sm.lastHash,
+	}
+}
+
+// CheckTx indicates which transactions should be accepted in the mempool. It is
+// not a perfect validity check because we're unsure of the state that the transaction
+// will be executed against. We should treat this as a gatekeeper to the mempool.
+// Apart from adding transactions to the app-side mempool, this check is stateless.
+func (sm *StateMachine) CheckTx(req types.RequestCheckTx) types.ResponseCheckTx {
+	var msg = new(Msg)
+
+	err := proto.Unmarshal(req.Tx, msg)
+	if err != nil {
+		return types.ResponseCheckTx{Code: StatusErrDecoding, Log: err.Error()} // decoding error
+	}
+
+	if err := msg.ValidateBasic(); err != nil {
+		return types.ResponseCheckTx{Code: StatusErrValidateBasic, Log: err.Error()}
+	}
+
+	// add either bids or asks to the market which will match them in PrepareProposal
+	switch m := msg.Sum.(type) {
+	case *Msg_MsgAsk:
+		market, ok := sm.markets[m.MsgAsk.Pair.String()]
+		if !ok {
+			return types.ResponseCheckTx{Code: StatusErrNoPair}
+		}
+		market.AddAsk(m.MsgAsk.AskOrder)
+	case *Msg_MsgBid:
+		market, ok := sm.markets[m.MsgBid.Pair.String()]
+		if !ok {
+			return types.ResponseCheckTx{Code: StatusErrNoPair}
+		}
+		market.AddBid(m.MsgBid.BidOrder)
+	}
+
+	return types.ResponseCheckTx{Code: StatusOK}
+}
+
+// ValidateTx validates the transactions against state.
+func (sm *StateMachine) ValidateTx(msg *Msg) uint32 {
+	if err := msg.ValidateBasic(); err != nil {
+		return StatusErrValidateBasic
+	}
+
+	switch m := msg.Sum.(type) {
+	case *Msg_MsgRegisterPair:
+		pair := m.MsgRegisterPair.Pair
+		if _, ok := sm.pairs[pair.String()]; ok {
+			return StatusErrPairExists
+		}
+
+		reversePair := &Pair{BuyersDenomination: pair.SellersDenomination, SellersDenomination: pair.BuyersDenomination}
+		if _, ok := sm.pairs[reversePair.String()]; ok {
+			return StatusErrPairExists
+		}
+
+	case *Msg_MsgAsk, *Msg_MsgBid: // MsgAsk and MsgBid are not allowed individually - they need to be matched as a TradeSet
+		return StatusErrUnacceptableMessage //Todo add logic around msg ask and bid to allow
+
+	case *Msg_MsgCreateAccount:
+		// check for duplicate accounts in state machine
+		if _, ok := sm.publicKeys[string(m.MsgCreateAccount.PublicKey)]; ok {
+			return StatusErrAccountExists
+		}
+
+		// check that each of the commodities is present in at least one trading pair
+		for _, commodity := range m.MsgCreateAccount.Commodities {
+			if _, exists := sm.commodities[commodity.Denom]; !exists {
+				return StatusErrNoCommodity
+			}
+		}
+
+	case *Msg_MsgTradeSet:
+		// check the pair exists
+		if _, ok := sm.pairs[m.MsgTradeSet.TradeSet.Pair.String()]; !ok {
+			return StatusErrNoPair
+		}
+
+		for _, order := range m.MsgTradeSet.TradeSet.MatchedOrders {
+			// validate matched order i.e. users have funds and signatures are valid
+			if !sm.isMatchedOrderValid(order, m.MsgTradeSet.TradeSet.Pair) {
+				return StatusErrInvalidOrder
+			}
+		}
+
+	default:
+		return StatusErrUnknownMessage
+	}
+
+	return StatusOK
+}
+
+// PrepareProposal is called whenever the validator is the proposer for that round. First, it adds the non order
+// transactions provided by tendermint. The orderbook then loops through each market and tries to match as many
+// transactions as possible. For each new transaction it checks that the max bytes has not been exceeded.
+func (sm *StateMachine) PrepareProposal(req types.RequestPrepareProposal) types.ResponsePrepareProposal {
+	// declare transaction with the size of 0
+	txs := make([][]byte, 0)
+
+	// go through the transactions passed up via Tendermint first
+	for _, tx := range req.Txs {
+		var msg = new(Msg)
+		err := proto.Unmarshal(tx, msg)
+		if err != nil {
+			panic(err)
+		}
+
+		// skip over the bids and asks that are proposed. We already have them
+		if _, ok := msg.Sum.(*Msg_MsgBid); ok {
+			continue
+		}
+		if _, ok := msg.Sum.(*Msg_MsgAsk); ok {
+			continue
+		}
+
+		// make sure we're proposing valid transactions
+		if status := sm.ValidateTx(msg); status != StatusOK {
+			continue
+		}
+
+		if len(txs)+len(tx) > int(req.MaxTxBytes) {
+			return types.ResponsePrepareProposal{Txs: txs}
+		}
+		txs = append(txs, tx)
+	}
+
+	// fetch and match all the bids and asks for each market and add these
+	for _, market := range sm.markets {
+		tradeSet := market.Match()
+		// tradesets into bytes and bytes into a transaction
+		if tradeSet == nil {
+			continue
+		}
+
+		fmt.Println("we have a tradeset")
+
+		tradeSet = sm.validateTradeSetAgainstState(tradeSet)
+		if tradeSet == nil || len(tradeSet.MatchedOrders) == 0 {
+			continue
+		}
+
+		fmt.Println("we have a valid tradeset")
+
+		// wrap this as a message typ
+		msgTradeSet := &MsgTradeSet{TradeSet: tradeSet}
+		bz, err := proto.Marshal(msgTradeSet)
+		if err != nil {
+			panic(err)
+		}
+
+		// check to see that we don't over populate the block
+		if len(txs)+len(bz) > int(req.MaxTxBytes) {
+			return types.ResponsePrepareProposal{Txs: txs}
+		}
+		txs = append(txs, bz)
+	}
+
+	return types.ResponsePrepareProposal{Txs: req.Txs}
+}
+
+// Process Proposal either rejects or accepts transactions
+//
+// It uses the same validity function for prepare proposal. This ensures the coherence property
+// is adhered to i.e. all honest validators must accept a proposal by an honest proposer
+func (sm *StateMachine) ProcessProposal(req types.RequestProcessProposal) types.ResponseProcessProposal {
+	for _, tx := range req.Txs {
+		var msg = new(Msg)
+		err := proto.Unmarshal(tx, msg)
+		if err != nil {
+			return rejectProposal()
+		}
+
+		if status := sm.ValidateTx(msg); status != StatusOK {
+			fmt.Printf("tx failed validation, status: %d\n", status)
+			return rejectProposal()
+		}
+	}
+
+	return acceptProposal()
+}
+
+func (sm *StateMachine) BeginBlock(req types.RequestBeginBlock) types.ResponseBeginBlock {
+	// reset the new pairs
+	sm.newPairs = make([]*Pair, 0)
+	return types.ResponseBeginBlock{}
+}
+
+// DeliverTx is called for each tx in a block once it has been finalized. This is where the
+// execution code lives. Most importantly it's where we update the user accounts following
+// a successful order.
+func (sm *StateMachine) DeliverTx(req types.RequestDeliverTx) types.ResponseDeliverTx {
+	var msg = new(Msg)
+
+	err := proto.Unmarshal(req.Tx, msg)
+	if err != nil {
+		return types.ResponseDeliverTx{Code: StatusErrDecoding, Log: err.Error()} // decoding error
+	}
+
+	if status := sm.ValidateTx(msg); status != StatusOK {
+		return types.ResponseDeliverTx{Code: status}
+	}
+
+	switch m := msg.Sum.(type) {
+	case *Msg_MsgRegisterPair:
+		sm.markets[m.MsgRegisterPair.Pair.String()] = NewMarket(m.MsgRegisterPair.Pair)
+		sm.pairs[m.MsgRegisterPair.Pair.String()] = m.MsgRegisterPair.Pair
+		sm.commodities[m.MsgRegisterPair.Pair.BuyersDenomination] = struct{}{}
+		sm.commodities[m.MsgRegisterPair.Pair.SellersDenomination] = struct{}{}
+		sm.newPairs = append(sm.newPairs, m.MsgRegisterPair.Pair)
+
+	case *Msg_MsgCreateAccount:
+		nextAccountID := uint64(len(sm.accounts))
+		sm.accounts = append(sm.accounts, &Account{
+			Index:       nextAccountID,
+			PublicKey:   m.MsgCreateAccount.PublicKey,
+			Commodities: m.MsgCreateAccount.Commodities,
+		})
+		sm.touchedAccounts[nextAccountID] = struct{}{}
+		sm.publicKeys[string(m.MsgCreateAccount.PublicKey)] = struct{}{}
+
+	case *Msg_MsgTradeSet:
+		pair := m.MsgTradeSet.TradeSet.Pair
+		for _, order := range m.MsgTradeSet.TradeSet.MatchedOrders {
+			buyer := sm.accounts[order.OrderBid.OwnerId]
+			seller := sm.accounts[order.OrderAsk.OwnerId]
+
+			// the buyer gets quantity of the asset that the seller was selling
+			buyer.AddCommodity(NewCommodity(pair.SellersDenomination, order.OrderAsk.Quantity))
+			// the buyer gives up quantity * ask price of the buyers denomination
+			buyer.SubtractCommodity(NewCommodity(pair.BuyersDenomination, order.OrderAsk.Quantity*order.OrderAsk.AskPrice))
+
+			// the seller gets quantity * ask price of the asset that the buyer was paying with
+			seller.AddCommodity(NewCommodity(pair.BuyersDenomination, order.OrderAsk.Quantity*order.OrderAsk.AskPrice))
+			// the seller gives up quantity of the commodity they were selling
+			seller.SubtractCommodity(NewCommodity(pair.SellersDenomination, order.OrderAsk.Quantity))
+
+			// mark that these account have been touched
+			sm.touchedAccounts[order.OrderBid.OwnerId] = struct{}{}
+			sm.touchedAccounts[order.OrderAsk.OwnerId] = struct{}{}
+		}
+
+	default:
+		return types.ResponseDeliverTx{Code: StatusErrUnknownMessage}
+	}
+
+	return types.ResponseDeliverTx{Code: 0}
+}
+
+// EndBlock is used to update consensus params and the validator set. For the orderbook,
+// we keep both the same for thw
+func (sm *StateMachine) EndBlock(req types.RequestEndBlock) types.ResponseEndBlock {
+	return types.ResponseEndBlock{}
+}
+
+// Commit is called to tell the app it is safe to persist state to disk.
+// We now take the in-memory representation and update the parts that have
+// changed on to disk.
+func (sm *StateMachine) Commit() types.ResponseCommit {
+	batch := sm.db.NewBatch()
+
+	// write to accounts that were modified by the last block
+	for accountID := range sm.touchedAccounts {
+		value, err := proto.Marshal(sm.accounts[accountID])
+		if err != nil {
+			panic(err)
+		}
+		key := binary.BigEndian.AppendUint64(accountKey, accountID)
+		if err := batch.Set(key, value); err != nil {
+			panic(err)
+		}
+	}
+
+	// write the new pairs that were added by the last block
+	pairID := len(sm.pairs) - len(sm.newPairs)
+	for id, pair := range sm.newPairs {
+		value, err := proto.Marshal(pair)
+		if err != nil {
+			panic(err)
+		}
+		key := binary.BigEndian.AppendUint64(pairKey, uint64(pairID+id))
+		if err := batch.Set(key, value); err != nil {
+			panic(err)
+		}
+	}
+
+	hash := sm.hash()
+	err := sm.updateState(batch, sm.lastHeight+1, hash)
+	if err != nil {
+		panic(err)
+	}
+	err = batch.WriteSync()
+	if err != nil {
+		panic(err)
+	}
+
+	return types.ResponseCommit{Data: hash}
+}
+
+// hash is just the the sha256 of the byte representation of all accounts.
+// remember that this needs to be deterministic for all state machines
+func (sm *StateMachine) hash() []byte {
+	digest := bytes.NewBuffer(nil)
+	for _, account := range sm.accounts {
+		bz, err := proto.Marshal(account)
+		if err != nil {
+			panic(err)
+		}
+		digest.Write(bz)
+	}
+	return tmhash.Sum(digest.Bytes())
+}
+
+func (sm *StateMachine) updateState(batch dbm.Batch, height int64, hash []byte) error {
+	sm.lastHash = hash
+	sm.lastHeight = height
+	heightBytes := make([]byte, 8)
+	binary.BigEndian.PutUint64(heightBytes, uint64(height))
+	return batch.Set(stateKey, append(heightBytes, hash...))
+}
+
+func (sm *StateMachine) validateTradeSetAgainstState(tradeSet *TradeSet) *TradeSet {
+	output := &TradeSet{Pair: tradeSet.Pair}
+
+	for _, matchedOrder := range tradeSet.MatchedOrders {
+		if !sm.isMatchedOrderValid(matchedOrder, tradeSet.Pair) {
+			continue
+		}
+
+		// yayy! this matched order is still valid and can be executed
+		output.MatchedOrders = append(output.MatchedOrders, matchedOrder)
+	}
+
+	return output
+}
+
+// isMatchedOrderValid is a check against current state to ensure that the order
+// is valid and can execute.
+//
+// This method is also called when preparing a proposal since `CheckTx` doesn't have
+// strict validity guarantees and there could be invalid transactions within the mempool
+//
+// Note: if one of the two orders are invalid we discard both. In the future we could
+// improve this by adding back the part of the order that might still be valid.
+func (sm *StateMachine) isMatchedOrderValid(order *MatchedOrder, pair *Pair) bool {
+	if int(order.OrderBid.OwnerId) >= len(sm.accounts) {
+		return false
+	}
+	bidOwner := sm.accounts[order.OrderBid.OwnerId]
+	if bidOwner == nil {
+		return false
+	}
+
+	if int(order.OrderAsk.OwnerId) >= len(sm.accounts) {
+		return false
+	}
+	askOwner := sm.accounts[order.OrderAsk.OwnerId]
+	if askOwner == nil {
+		return false
+	}
+
+	askCommodities := askOwner.FindCommidity(pair.SellersDenomination)
+	if askCommodities == nil {
+		return false
+	}
+	buyCommodities := bidOwner.FindCommidity(pair.BuyersDenomination)
+	if buyCommodities == nil {
+		return false
+	}
+
+	// Seller has enough of the commodity
+	if askCommodities.Quantity-order.OrderAsk.Quantity < 0 {
+		return false
+	}
+
+	// Buyer has enough of the buying commodity
+	if buyCommodities.Quantity-(order.OrderAsk.AskPrice*order.OrderAsk.Quantity) < 0 {
+		return false
+	}
+
+	if !order.OrderAsk.ValidateSignature(ed25519.PubKey(askOwner.PublicKey), pair) {
+		return false
+	}
+	if !order.OrderBid.ValidateSignature(ed25519.PubKey(bidOwner.PublicKey), pair) {
+		return false
+	}
+
+	return true
+}
+
+// InitDB takes an empty DB instance and populates it with the
+// provided pairs and accounts. Note that the order here is important
+func InitDB(db dbm.DB, pairs []*Pair, accounts []*Account) error {
+	batch := db.NewBatch()
+
+	for id, account := range accounts {
+		value, err := proto.Marshal(account)
+		if err != nil {
+			return err
+		}
+		key := binary.BigEndian.AppendUint64(accountKey, uint64(id))
+		if err := batch.Set(key, value); err != nil {
+			return err
+		}
+	}
+
+	for id, pair := range pairs {
+		value, err := proto.Marshal(pair)
+		if err != nil {
+			return err
+		}
+		key := binary.BigEndian.AppendUint64(pairKey, uint64(id))
+		fmt.Println(key)
+		if err := batch.Set(key, value); err != nil {
+			return err
+		}
+	}
+
+	return batch.WriteSync()
+}
+
+func rejectProposal() types.ResponseProcessProposal {
+	return types.ResponseProcessProposal{Status: types.ResponseProcessProposal_REJECT}
+}
+
+func acceptProposal() types.ResponseProcessProposal {
+	return types.ResponseProcessProposal{Status: types.ResponseProcessProposal_ACCEPT}
+}

abci/example/orderbook/app_test.go

@@ -0,0 +1,327 @@
+package orderbook_test
+
+import (
+	fmt "fmt"
+	"testing"
+
+	"github.com/cosmos/gogoproto/proto"
+	"github.com/stretchr/testify/require"
+	dbm "github.com/tendermint/tm-db"
+
+	"github.com/tendermint/tendermint/abci/example/orderbook"
+	"github.com/tendermint/tendermint/abci/types"
+	"github.com/tendermint/tendermint/crypto"
+	"github.com/tendermint/tendermint/crypto/ed25519"
+	params "github.com/tendermint/tendermint/types"
+)
+
+// TODO: we should also check that CheckTx adds bids and asks to the app-side mempool
+func TestCheckTx(t *testing.T) {
+	db := dbm.NewMemDB()
+	require.NoError(t, orderbook.InitDB(db, []*orderbook.Pair{testPair}, nil))
+	app, err := orderbook.New(db)
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name         string
+		msg          *orderbook.Msg
+		responseCode uint32
+		expOrderSize int
+	}{
+		{
+			name:         "test empty tx",
+			msg:          &orderbook.Msg{},
+			responseCode: orderbook.StatusErrValidateBasic,
+			expOrderSize: 0,
+		},
+		{
+			name: "test msg ask",
+			msg: &orderbook.Msg{
+				Sum: &orderbook.Msg_MsgAsk{
+					MsgAsk: &orderbook.MsgAsk{
+						Pair: testPair,
+						AskOrder: &orderbook.OrderAsk{
+							Quantity:  10,
+							AskPrice:  1,
+							OwnerId:   1,
+							Signature: crypto.CRandBytes(ed25519.SignatureSize),
+						},
+					},
+				},
+			},
+			responseCode: orderbook.StatusOK,
+			expOrderSize: 1,
+		},
+		{
+			name: "test msg ask wrong signature",
+			msg: &orderbook.Msg{
+				Sum: &orderbook.Msg_MsgAsk{
+					MsgAsk: &orderbook.MsgAsk{
+						Pair: testPair,
+						AskOrder: &orderbook.OrderAsk{
+							Quantity:  10,
+							AskPrice:  1,
+							OwnerId:   1,
+							Signature: crypto.CRandBytes(62),
+						},
+					},
+				},
+			},
+			responseCode: orderbook.StatusErrValidateBasic,
+			expOrderSize: 1,
+		},
+		{
+			name: "test msg bid",
+			msg: &orderbook.Msg{Sum: &orderbook.Msg_MsgBid{MsgBid: &orderbook.MsgBid{
+				Pair: testPair,
+				BidOrder: &orderbook.OrderBid{
+					MaxQuantity: 15,
+					MaxPrice:    5,
+					OwnerId:     1,
+					Signature:   crypto.CRandBytes(ed25519.SignatureSize),
+				},
+			}}},
+			responseCode: orderbook.StatusOK,
+			expOrderSize: 2,
+		},
+		{
+			name: "test msg bid blank",
+			msg: &orderbook.Msg{Sum: &orderbook.Msg_MsgBid{MsgBid: &orderbook.MsgBid{
+				Pair: testPair,
+				BidOrder: &orderbook.OrderBid{
+					MaxQuantity: 0,
+					MaxPrice:    0,
+					OwnerId:     0,
+					Signature:   crypto.CRandBytes(ed25519.SignatureSize),
+				},
+			}}},
+			responseCode: orderbook.StatusErrValidateBasic,
+			expOrderSize: 2,
+		},
+		{
+			name: "test msg register duplicate pair",
+			msg: &orderbook.Msg{Sum: &orderbook.Msg_MsgRegisterPair{MsgRegisterPair: &orderbook.MsgRegisterPair{
+				Pair: &orderbook.Pair{BuyersDenomination: "ATOM", SellersDenomination: "ATOM"},
+			}}},
+			responseCode: orderbook.StatusErrValidateBasic,
+			expOrderSize: 2,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			bz, err := proto.Marshal(tc.msg)
+			require.NoError(t, err)
+			resp := app.CheckTx(types.RequestCheckTx{Tx: bz})
+			require.Equal(t, tc.responseCode, resp.Code, resp.Log)
+			bids, asks := app.Orders(testPair)
+			require.Equal(t, tc.expOrderSize, len(bids)+len(asks))
+		})
+	}
+}
+
+// func ValidateTx(t *testing.T) {
+// 	db := dbm.NewMemDB()
+// 	require.NoError(t, orderbook.InitDB(db, []*orderbook.Pair{testPair}, nil))
+// 	app, err := orderbook.New(db)
+// 	require.NoError(t, err)
+
+// 	for _, tc := range testCases {
+// 		t.Run(tc.name, func(t *testing.T) {
+// 			bz, err := proto.Marshal(tc.msg)
+// 			require.NoError(t, err)
+// 			resp := app.CheckTx(types.RequestCheckTx{Tx: bz})
+// 			require.Equal(t, tc.responseCode, resp.Code, resp.Log)
+// 			bids, asks := app.Orders(testPair)
+// 			require.Equal(t, tc.expOrderSize, len(bids)+len(asks))
+// 		})
+// 	}
+// }
+
+// TODO: we should check that transactions in
+// a market are being validated and added to the proposal
+// // and that other transactions get in
+// func TestPrepareProposal(t *testing.T) {
+// 	db := dbm.NewMemDB()
+// 	require.NoError(t, orderbook.InitDB(db, []*orderbook.Pair{testPair}, nil))
+// 	app, err := orderbook.New(db)
+// 	require.NoError(t, err)
+
+// 	for _, tc := range testCases {
+// 		t.Run(tc.name, func(t *testing.T) {
+// 			bz, err := proto.Marshal(tc.msg)
+// 			require.NoError(t, err)
+// 			resp := app.CheckTx(types.RequestCheckTx{Tx: bz})
+// 			require.Equal(t, tc.responseCode, resp.Code, resp.Log)
+// 			bids, asks := app.Orders(testPair)
+// 			require.Equal(t, tc.expOrderSize, len(bids)+len(asks))
+// 		})
+// 	}
+// }
+
+// {
+// 	name: "test msg register pair",
+// 	msg: &orderbook.Msg{Sum: &orderbook.Msg_MsgRegisterPair{MsgRegisterPair: &orderbook.MsgRegisterPair{
+// 		Pair: &orderbook.Pair{BuyersDenomination: "ATOM", SellersDenomination: "AUD"},
+// 	}}},
+// 	responseCode: orderbook.StatusOK,
+// 	expOrderSize: 2,
+// 	pairSize:     2,
+// },
+
+// TODO: we should test that transactions are
+// always valid i.e. ValidateTx. We could potentially
+// combine this with PrepareProposal
+// func TestProcessProposal(t *testing.T) {
+// 	app := orderbook.New(dbm.NewMemDB())
+// }
+
+// TODO: we should test that a matched order
+// correctly updates the accounts. We should
+// also test that committing a block persists
+// it to the database and that we can now
+// query the new state
+// func TestFinalizeBlock(t *testing.T) {
+// 	app := orderbook.New(dbm.NewMemDB())
+// }
+
+// TODO: test that we can start from new
+// and from existing state
+// func TestNewStateMachine(t *testing.T) {}
+
+func TestEndToEnd(t *testing.T) {
+	db := dbm.NewMemDB()
+	app, err := orderbook.New(db)
+	require.NoError(t, err)
+	
+
+	var (
+		maxBytes = params.DefaultConsensusParams().Block.MaxBytes
+		commodityNZD    = &orderbook.Commodity{Denom: "NZD", Quantity: 100}
+		commodityAUD    = &orderbook.Commodity{Denom: "AUD", Quantity: 100}
+		registerPairMsg = newRegisterPair("NZD", "AUD")
+		pair            = registerPairMsg.GetMsgRegisterPair().Pair
+		pkAlice         = ed25519.GenPrivKey()
+		pkBob           = ed25519.GenPrivKey()
+		pubKeyAlice     = pkAlice.PubKey().Bytes()
+		pubKeyBob       = pkBob.PubKey().Bytes()
+		registerAlice   = newRegisterAccount(pubKeyAlice, []*orderbook.Commodity{commodityAUD})
+		registerBob     = newRegisterAccount(pubKeyBob, []*orderbook.Commodity{commodityNZD})
+		// bob is asking for 25 AUD for 5 NZD
+		ask = &orderbook.Msg{Sum: &orderbook.Msg_MsgAsk{MsgAsk: orderbook.NewMsgAsk(pair, 5, 5, 1)}}
+		// alice is bidding for 5 NZD for 25 AUD
+		bid = &orderbook.Msg{Sum: &orderbook.Msg_MsgBid{MsgBid: orderbook.NewMsgBid(pair, 5, 5, 0)}}
+	)
+
+	require.NoError(t, ask.GetMsgAsk().Sign(pkBob))
+	require.NoError(t, bid.GetMsgBid().Sign(pkAlice))
+
+	testCases := []struct {
+		txs      [][]byte
+		accepted bool
+		// assertions to be made about the state of the application
+		// after each block
+		assertions func(t *testing.T, app *orderbook.StateMachine)
+	}{
+		{
+			// block 1 sets up the trading pair
+			txs:      asTxs(registerPairMsg),
+			accepted: true,
+			assertions: func(t *testing.T, app *orderbook.StateMachine) {
+				pairs := app.Pairs()
+				require.Len(t, pairs, 1)
+				require.Equal(t, pair, &pairs[0])
+			},
+		},
+		{
+			// block 2 registers two accounts: alice and bob
+			txs:      asTxs(registerAlice, registerBob),
+			accepted: true,
+			assertions: func(t *testing.T, app *orderbook.StateMachine) {
+				alice := app.Account(0)
+				require.False(t, alice.IsEmpty(), alice)
+				require.Equal(t, pubKeyAlice, alice.PublicKey)
+				require.Len(t, alice.Commodities, 1)
+				require.Equal(t, alice.Commodities[0], commodityAUD)
+				bob := app.Account(1)
+				require.False(t, bob.IsEmpty(), bob)
+				require.Equal(t, pubKeyBob, bob.PublicKey)
+				require.Len(t, bob.Commodities, 1)
+				require.Equal(t, bob.Commodities[0], commodityNZD)
+				require.True(t, app.Account(2).IsEmpty())
+			},
+		},
+		{
+			// block 3 performs a trade between alice and bob
+			txs:      asTxs(ask, bid),
+			accepted: true,
+			assertions: func(t *testing.T, app *orderbook.StateMachine) {
+				alice := app.Account(0)
+				require.Equal(t, alice.Commodities[0].Quantity, 75) // 75 AUD
+				require.Equal(t, alice.Commodities[1].Quantity, 5)  // 5 NZD
+				bob := app.Account(1)
+				require.Equal(t, bob.Commodities[0].Quantity, 95) // 95 NZD
+				require.Equal(t, bob.Commodities[0].Quantity, 5)  // 5 AUD
+			},
+		},
+	}
+
+	for idx, tc := range testCases {
+		for _, tx := range tc.txs {
+			resp := app.CheckTx(types.RequestCheckTx{Tx: tx})
+			require.EqualValues(t, orderbook.StatusOK, resp.Code)
+		}
+		txs := app.PrepareProposal(types.RequestPrepareProposal{MaxTxBytes: maxBytes, Txs: tc.txs}).Txs
+		require.Equal(t, txs, tc.txs)
+		if idx == 2 {
+			fmt.Print(tc.txs)
+			fmt.Println()
+			fmt.Print(txs)
+		}
+
+		result := app.ProcessProposal(types.RequestProcessProposal{Txs: txs})
+		if tc.accepted {
+			require.Equal(t, types.ResponseProcessProposal_ACCEPT, result.Status)
+		} else {
+			require.Equal(t, types.ResponseProcessProposal_REJECT, result.Status)
+			continue
+		}
+
+		app.BeginBlock(types.RequestBeginBlock{})
+		for _, tx := range txs {
+			app.DeliverTx(types.RequestDeliverTx{Tx: tx})
+		}
+		app.EndBlock(types.RequestEndBlock{})
+		app.Commit()
+
+		if tc.assertions != nil {
+			tc.assertions(t, app)
+		}
+	}
+}
+
+func asTxs(msgs ...*orderbook.Msg) [][]byte {
+	output := make([][]byte, len(msgs))
+	for i, msg := range msgs {
+		bz, err := proto.Marshal(msg)
+		if err != nil {
+			panic(err)
+		}
+		output[i] = bz
+	}
+	return output
+}
+
+func newRegisterPair(d1, d2 string) *orderbook.Msg {
+	return &orderbook.Msg{Sum: &orderbook.Msg_MsgRegisterPair{MsgRegisterPair: &orderbook.MsgRegisterPair{
+		Pair: &orderbook.Pair{BuyersDenomination: d1, SellersDenomination: d2},
+	}}}
+}
+
+func newRegisterAccount(pubkey []byte, commodities []*orderbook.Commodity) *orderbook.Msg {
+	return &orderbook.Msg{Sum: &orderbook.Msg_MsgCreateAccount{MsgCreateAccount: &orderbook.MsgCreateAccount{
+		PublicKey:   pubkey,
+		Commodities: commodities,
+	}}}
+
+}

abci/example/orderbook/buf.gen.yaml

@@ -0,0 +1,9 @@
+version: v1
+plugins:
+  - name: gogofaster
+    out: .
+    opt:
+      - Mgoogle/protobuf/timestamp.proto=github.com/cosmos/gogoproto/types
+      - Mgoogle/protobuf/duration.proto=github.com/golang/protobuf/ptypes/duration
+      - plugins=grpc
+      - paths=source_relative

abci/example/orderbook/cmd/orderbook.go

@@ -0,0 +1,243 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+
+	"github.com/tendermint/tendermint/abci/example/orderbook"
+	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/libs/log"
+	tmos "github.com/tendermint/tendermint/libs/os"
+	tmrand "github.com/tendermint/tendermint/libs/rand"
+	"github.com/tendermint/tendermint/node"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/privval"
+	"github.com/tendermint/tendermint/proxy"
+	"github.com/tendermint/tendermint/types"
+	tmtime "github.com/tendermint/tendermint/types/time"
+)
+
+func main() {
+	NewCLI().Run()
+}
+
+type CLI struct {
+	root *cobra.Command
+	config *cfg.Config
+}
+
+func NewCLI() *CLI {
+	cli := &CLI{}
+	cli.root = &cobra.Command{
+		Use:   "orderbook",
+		Short: "orderbook abci++ example",
+	}
+	cli.root.AddCommand(&cobra.Command{
+		Use:   "init",
+		Short: "initialize the file system for an orderbook node",
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			root, err := os.Getwd()
+			if err != nil {
+				return err
+			}
+			
+			viper.AddConfigPath(filepath.Join(root, "config"))
+			viper.SetConfigName("config")
+			
+			config := cfg.DefaultConfig()
+
+			if err := viper.ReadInConfig(); err != nil {
+				if _, ok := err.(viper.ConfigFileNotFoundError); ok {
+					// Config file not found; use default
+					// This often happens when initializing a config for the first time
+				} else {
+					return err
+				}
+			} else {
+				if err := viper.Unmarshal(config); err != nil {
+					return err
+				}
+			}
+
+			config.SetRoot(root)
+			cli.config = config
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			privValKeyFile := cli.config.PrivValidatorKeyFile()
+			privValStateFile := cli.config.PrivValidatorStateFile()
+			var pv *privval.FilePV
+			if tmos.FileExists(privValKeyFile) {
+				pv = privval.LoadFilePV(privValKeyFile, privValStateFile)
+				fmt.Print("found private validator", "keyFile", privValKeyFile,
+					"stateFile", privValStateFile)
+			} else {
+				pv = privval.GenFilePV(privValKeyFile, privValStateFile)
+				pv.Save()
+				fmt.Print("Generated private validator", "keyFile", privValKeyFile,
+					"stateFile", privValStateFile)
+			}
+
+			nodeKeyFile := cli.config.NodeKeyFile()
+			if tmos.FileExists(nodeKeyFile) {
+				fmt.Print("Found node key", "path", nodeKeyFile)
+			} else {
+				if _, err := p2p.LoadOrGenNodeKey(nodeKeyFile); err != nil {
+					return err
+				}
+				fmt.Print("Generated node key", "path", nodeKeyFile)
+			}
+
+			// genesis file
+			genFile := cli.config.GenesisFile()
+			if tmos.FileExists(genFile) {
+				fmt.Print("Found genesis file", "path", genFile)
+			} else {
+				genDoc := types.GenesisDoc{
+					ChainID:         fmt.Sprintf("orderbook-chain-%v", tmrand.Int()),
+					GenesisTime:     tmtime.Now(),
+					ConsensusParams: types.DefaultConsensusParams(),
+				}
+				pubKey, err := pv.GetPubKey()
+				if err != nil {
+					return fmt.Errorf("can't get pubkey: %w", err)
+				}
+				genDoc.Validators = []types.GenesisValidator{{
+					Address: pubKey.Address(),
+					PubKey:  pubKey,
+					Power:   10,
+				}}
+
+				if err := genDoc.SaveAs(genFile); err != nil {
+					return err
+				}
+				fmt.Print("Generated genesis file", "path", genFile)
+			}
+
+			return nil
+		},
+	})
+	cli.root.AddCommand(&cobra.Command{
+		Use:   "run",
+		Short: "runs an orderbook node",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			dbProvider := node.DefaultDBProvider
+			appDB, err := dbProvider(&node.DBContext{"orderbook", cli.config})
+			if err != nil {
+				return err
+			}
+			app, err := orderbook.New(appDB)
+			if err != nil {
+				return err
+			}
+
+			nodeKey, err := p2p.LoadOrGenNodeKey(cli.config.NodeKeyFile())
+			if err != nil {
+				return fmt.Errorf("failed to load or gen node key %s: %w", cli.config.NodeKeyFile(), err)
+			}
+
+			logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+			n, err := node.NewNode(
+				cli.config,
+				privval.LoadOrGenFilePV(cli.config.PrivValidatorKeyFile(), cli.config.PrivValidatorStateFile()),
+				nodeKey,
+				proxy.NewLocalClientCreator(app),
+				node.DefaultGenesisDocProviderFunc(cli.config),
+				dbProvider,
+				node.DefaultMetricsProvider(cli.config.Instrumentation),
+				logger,
+			)
+			if err != nil {
+				return err
+			}
+
+			if err := n.Start(); err != nil {
+				return err
+			}
+
+			tmos.TrapSignal(logger, func() {
+				if err := n.Stop(); err != nil {
+					logger.Error("unable to stop the node", "error", err)
+				}
+			})
+
+			return nil
+		},
+	})
+	cli.root.AddCommand(&cobra.Command{
+		Use:     "create-account [commodities...]",
+		Short:   "creates a new account message and submits it to the chain",
+		Example: "create-account 500BTC 10000USD",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return nil
+		},
+	})
+	cli.root.AddCommand(&cobra.Command{
+		Use:     "create-pair buyers-denomination sellers-denomination",
+		Short:   "creates a new pair message and submits it to the chain",
+		Example: "create-pair BTC USD",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return nil
+		},
+	})
+	cli.root.AddCommand(&cobra.Command{
+		Use:     "bid buying-commodity price",
+		Short:   "creates a bid message and submits it to the chain",
+		Example: "bid 10BTC 15000BTC/USD",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return nil
+		},
+	})
+	cli.root.AddCommand(&cobra.Command{
+		Use:     "ask selling-commodity price",
+		Short:   "creates an ask message and submits it to the chain",
+		Example: "ask 5BTC 12000BTC/USD",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return nil
+		},
+	})
+	querySubcommand := &cobra.Command{
+		Use:   "query",
+		Short: "query the bal",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return nil
+		},
+	}
+	querySubcommand.AddCommand(&cobra.Command{
+		Use:   "account pubkey|id",
+		Short: "query the balance of an account",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return nil
+		},
+	})
+	querySubcommand.AddCommand(&cobra.Command{
+		Use:   "pairs",
+		Short: "list all the trading pairs",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return nil
+		},
+	})
+	querySubcommand.AddCommand(&cobra.Command{
+		Use:     "orders pair",
+		Short:   "list all current orders for a given pair",
+		Example: "orders BTC/USD",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return nil
+		},
+	})
+	cli.root.AddCommand(querySubcommand)
+
+	return cli
+}
+
+// Run runs the CLI.
+func (cli *CLI) Run() {
+	if err := cli.root.Execute(); err != nil {
+		fmt.Print(err)
+		os.Exit(1)
+	}
+}

abci/example/orderbook/doc.go

@@ -0,0 +1,19 @@
+//go:generate go install github.com/bufbuild/buf/cmd/buf
+//go:generate buf generate
+
+// The orderbook presents a more advanced example of a Tendermint application than the simple kvstore
+//
+// An orderbook is a tool used in financial markets for enabling trading of various commodities. Without
+// delving into too much detail, an orderbook is made of two types of transactions: Bids and Asks. An Ask
+// is an offer by a seller for n amount of a commodity at an AskPrice and a bid is an offer from a buyer
+// for m amount of a commodity at a BidPrice. When the bid price exceeds the ask price, and the buyer quantity
+// is less than or equal to the sellers quantity, the order is matched. In actual terms, we neglect the
+// underlying denomination (i.e. USD) and effectively both participants are simultaneously a buyer and seller.
+//
+// This example falls far short of being a decentralized orderbook, but demonstrates how one can build an
+// app-side mempool, how one can use PrepareProposal and ProcessProposal to craft complex transactions,
+// how we can use signatures and validate transactions against state. How applications can manage concurrency,
+// and demonstrate the lifecycle of transactions from RPC -> CheckTx -> Mempool -> PrepareProposal -> ProcessProposal
+// -> DeliverTx -> Commit -> Querying
+
+package orderbook

abci/example/orderbook/market.go

@@ -0,0 +1,254 @@
+package orderbook
+
+import (
+	"container/heap"
+	sync "sync"
+)
+
+type Market struct {
+	// immutable
+	pair *Pair // i.e. EUR/USD (a market is bidirectional)
+
+	mtx        sync.RWMutex
+	askOrders  *AskOrders // i.e. buying EUR for USD
+	lowestAsk  float64
+	bidOrders  *BidOrders // i.e. selling EUR for USD or  buying USD for EUR
+	highestBid float64
+}
+
+func NewMarket(p *Pair) *Market {
+	askOrders := make(AskOrders, 0)
+	bidOrders := make(BidOrders, 0)
+	return &Market{pair: p, askOrders: &askOrders, bidOrders: &bidOrders}
+}
+
+func (m *Market) AddBid(b *OrderBid) {
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	heap.Push(m.bidOrders, b)
+	if b.MaxPrice > m.highestBid {
+		m.highestBid = b.MaxPrice
+	}
+}
+
+func (m *Market) AddAsk(a *OrderAsk) {
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	heap.Push(m.askOrders, a)
+	if a.AskPrice < m.lowestAsk || m.lowestAsk == 0 {
+		m.lowestAsk = a.AskPrice
+	}
+}
+
+// Match takes the set of bids and asks and matches them together.
+// A bid matches an ask when the MaxPrice is greater than the AskPrice
+// and the MaxQuantity is greater than the quantity.
+func (m *Market) Match() *TradeSet {
+	m.mtx.Lock()
+	defer m.mtx.Unlock()
+	// if one side doesn't have any orders than there is nothing to match
+	// and we return early
+	if m.askOrders.Len() == 0 || m.bidOrders.Len() == 0 {
+		return nil
+	}
+
+	if m.highestBid < m.lowestAsk {
+		// no orders match, we return early.
+		return nil
+	}
+
+	t := &TradeSet{Pair: m.pair}
+	bids := make([]*OrderBid, 0)
+	asks := make([]*OrderAsk, 0)
+
+	// get all the bids that are greater than the lowest ask. In order from heighest bid to lowest bid
+	for m.bidOrders.Len() > 0 {
+		bid := heap.Pop(m.bidOrders).(*OrderBid)
+		if bid.MaxPrice < m.lowestAsk {
+			// we've reached the limit, push the bid back and break the loop
+			heap.Push(m.bidOrders, bid)
+			break
+		} else {
+			bids = append(bids, bid)
+		}
+	}
+
+	// get all the asks that are lower than the highest bid in the bids set. Ordered from lowest to highest ask
+	for m.askOrders.Len() > 0 {
+		ask := heap.Pop(m.askOrders).(*OrderAsk)
+		if ask.AskPrice > bids[0].MaxPrice {
+			// the ask price is greater than the highest bid; push the ask back and break theh loop
+			heap.Push(m.askOrders, ask)
+			break
+		} else {
+			asks = append(asks, ask)
+		}
+	}
+
+	// this is to keep track of the index of the bids that have been matched
+	reserved := make(map[int]struct{})
+
+	// start from the highest ask and the highest bid and for each ask loop downwards through the slice of
+	// bids until one is matched
+OUTER_LOOP:
+	for i := len(asks) - 1; i >= 0; i-- {
+		ask := asks[i]
+
+		// start with the highest bid and increment down since we're more likely to find a match
+		for j := len(bids) - 1; j >= 0; j-- {
+			if _, ok := reserved[j]; ok {
+				// skip over the bids that have already been reserved
+				continue
+			}
+
+			bid := bids[j]
+			if bid.MaxPrice >= ask.AskPrice {
+				if bid.MaxQuantity >= ask.Quantity {
+					// yay! we have a match
+					t.AddFilledOrder(ask, bid)
+
+					// reserve the bid so we don't rematch it with another ask
+					reserved[j] = struct{}{}
+					continue OUTER_LOOP
+				}
+			} else {
+				// once we've dropped below the ask price there are no more possible bids and so we break
+				break
+			}
+		}
+
+		// as we go from highest to lowest, asks that aren't matched become the new lowest ask price
+		m.lowestAsk = ask.AskPrice
+
+		// no match found, add the ask order back into the heap
+		heap.Push(m.askOrders, ask)
+	}
+
+	// if all available asks were matched then
+	// we never have the opportunity to update the lowest ask.
+	// Now we reset it to 0
+	if m.askOrders.Len() == 0 {
+		m.lowestAsk = 0
+	}
+
+	// add back the unmatched bids to the heap so they can be matched again in a later round.
+	// We also neeed to recalculate the new highest bid. First we tackle an edge case whereby all
+	// selected bids were matched. In this case we grab the next highest and set that as the new
+	// highest bid
+	m.highestBid = 0
+	if len(reserved) == len(bids) && m.bidOrders.Len() > 0 {
+		newHighestBid := heap.Pop(m.bidOrders).(*OrderBid)
+		m.highestBid = newHighestBid.MaxPrice
+		heap.Push(m.bidOrders, newHighestBid)
+	}
+	for j := 0; j < len(bids); j++ {
+		if _, ok := reserved[j]; !ok {
+			if bids[j].MaxPrice > m.highestBid {
+				m.highestBid = bids[j].MaxPrice
+			}
+			heap.Push(m.bidOrders, bids[j])
+		}
+	}
+
+	if len(t.MatchedOrders) == 0 {
+		return nil
+	}
+	return t
+}
+
+func (m Market) LowestAsk() float64 {
+	m.mtx.RLock()
+	defer m.mtx.RUnlock()
+	return m.lowestAsk
+}
+
+func (m Market) HighestBid() float64 {
+	m.mtx.RLock()
+	defer m.mtx.RUnlock()
+	return m.highestBid
+}
+
+func (m Market) GetBids() []OrderBid {
+	m.mtx.RLock()
+	defer m.mtx.RUnlock()
+	orders := make([]OrderBid, m.bidOrders.Len())
+	for idx, order := range *m.bidOrders {
+		orders[idx] = *order
+	}
+	return orders
+}
+
+func (m Market) GetAsks() []OrderAsk {
+	m.mtx.RLock()
+	defer m.mtx.RUnlock()
+	orders := make([]OrderAsk, m.askOrders.Len())
+	for idx, order := range *m.askOrders {
+		orders[idx] = *order
+	}
+	return orders
+}
+
+// Heap ordered by lowest price
+type AskOrders []*OrderAsk
+
+var _ heap.Interface = (*AskOrders)(nil)
+
+func (a AskOrders) Len() int { return len(a) }
+
+func (a AskOrders) Less(i, j int) bool {
+	return a[i].AskPrice < a[j].AskPrice
+}
+
+func (a AskOrders) Swap(i, j int) {
+	a[i], a[j] = a[j], a[i]
+}
+
+func (a *AskOrders) Push(x any) {
+	item := x.(*OrderAsk)
+	*a = append(*a, item)
+}
+
+func (a *AskOrders) Pop() any {
+	old := *a
+	n := len(old)
+	item := old[n-1]
+	old[n-1] = nil
+	*a = old[0 : n-1]
+	return item
+}
+
+// Heap ordered by highest price
+type BidOrders []*OrderBid
+
+var _ heap.Interface = (*BidOrders)(nil)
+
+func (b BidOrders) Len() int { return len(b) }
+
+func (b BidOrders) Less(i, j int) bool {
+	return b[i].MaxPrice > b[j].MaxPrice
+}
+
+func (b BidOrders) Swap(i, j int) {
+	b[i], b[j] = b[j], b[i]
+}
+
+func (b *BidOrders) Push(x any) {
+	item := x.(*OrderBid)
+	*b = append(*b, item)
+}
+
+func (b *BidOrders) Pop() any {
+	old := *b
+	n := len(old)
+	item := old[n-1]
+	old[n-1] = nil
+	*b = old[0 : n-1]
+	return item
+}
+
+func (t *TradeSet) AddFilledOrder(ask *OrderAsk, bid *OrderBid) {
+	t.MatchedOrders = append(t.MatchedOrders, &MatchedOrder{
+		OrderAsk: ask,
+		OrderBid: bid,
+	})
+}

abci/example/orderbook/market_test.go

@@ -0,0 +1,179 @@
+package orderbook_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"github.com/tendermint/tendermint/abci/example/orderbook"
+)
+
+var testPair = &orderbook.Pair{BuyersDenomination: "ATOM", SellersDenomination: "USD"}
+
+func testBid(price, quantity float64) *orderbook.OrderBid {
+	return &orderbook.OrderBid{
+		MaxPrice:    price,
+		MaxQuantity: quantity,
+	}
+}
+
+func testAsk(price, quantity float64) *orderbook.OrderAsk {
+	return &orderbook.OrderAsk{
+		AskPrice: price,
+		Quantity: quantity,
+	}
+}
+
+func TestTrackLowestAndHighestPrices(t *testing.T) {
+	market := orderbook.NewMarket(testPair)
+	require.Zero(t, market.LowestAsk())
+	require.Zero(t, market.HighestBid())
+
+	market.AddBid(testBid(100, 10))
+	require.EqualValues(t, 100, market.HighestBid())
+
+	market.AddAsk(testAsk(50, 10))
+	require.EqualValues(t, 50, market.LowestAsk())
+
+	market.AddAsk(testAsk(30, 10))
+	require.EqualValues(t, 30, market.LowestAsk())
+
+	market.AddAsk(testAsk(40, 10))
+	require.EqualValues(t, 30, market.LowestAsk())
+}
+
+func TestSimpleOrderMatching(t *testing.T) {
+	testcases := []struct {
+		bid   *orderbook.OrderBid
+		ask   *orderbook.OrderAsk
+		match bool
+	}{
+		{
+			bid:   testBid(50, 10),
+			ask:   testAsk(50, 10),
+			match: true,
+		},
+		{
+			bid:   testBid(60, 10),
+			ask:   testAsk(50, 10),
+			match: true,
+		},
+		{
+			bid:   testBid(50, 10),
+			ask:   testAsk(60, 10),
+			match: false,
+		},
+		{
+			bid:   testBid(50, 5),
+			ask:   testAsk(40, 10),
+			match: false,
+		},
+		{
+			bid:   testBid(50, 15),
+			ask:   testAsk(40, 10),
+			match: true,
+		},
+	}
+
+	for idx, tc := range testcases {
+		market := orderbook.NewMarket(testPair)
+		market.AddAsk(tc.ask)
+		market.AddBid(tc.bid)
+		resp := market.Match()
+		if tc.match {
+			require.Len(t, resp.MatchedOrders, 1, idx)
+		} else {
+			require.Nil(t, resp)
+		}
+	}
+}
+
+func TestMultiOrderMatching(t *testing.T) {
+	testcases := []struct {
+		bids               []*orderbook.OrderBid
+		asks               []*orderbook.OrderAsk
+		expected           []*orderbook.MatchedOrder
+		expectedLowestAsk  float64
+		expectedHighestBid float64
+	}{
+		{
+			bids: []*orderbook.OrderBid{
+				testBid(50, 20),
+				testBid(40, 10),
+				testBid(30, 15),
+			},
+			asks: []*orderbook.OrderAsk{
+				testAsk(30, 15),
+				testAsk(30, 5),
+			},
+			expected: []*orderbook.MatchedOrder{
+				{
+					OrderAsk: testAsk(30, 5),
+					OrderBid: testBid(30, 15),
+				},
+				{
+					OrderAsk: testAsk(30, 15),
+					OrderBid: testBid(50, 20),
+				},
+			},
+			expectedLowestAsk:  0,
+			expectedHighestBid: 40,
+		},
+		{
+			bids: []*orderbook.OrderBid{
+				testBid(60, 20),
+				testBid(80, 5),
+			},
+			asks: []*orderbook.OrderAsk{
+				testAsk(60, 15),
+				testAsk(70, 10),
+				testAsk(50, 20),
+			},
+			expected: []*orderbook.MatchedOrder{
+				{
+					OrderAsk: testAsk(60, 15),
+					OrderBid: testBid(60, 20),
+				},
+			},
+			expectedLowestAsk:  50,
+			expectedHighestBid: 80,
+		},
+		{
+			bids: []*orderbook.OrderBid{
+				testBid(60, 20),
+				testBid(80, 5),
+			},
+			asks:               []*orderbook.OrderAsk{},
+			expected:           []*orderbook.MatchedOrder{},
+			expectedLowestAsk:  0,
+			expectedHighestBid: 80,
+		},
+		{
+			bids: []*orderbook.OrderBid{},
+			asks: []*orderbook.OrderAsk{
+				testAsk(70, 10),
+				testAsk(50, 20),
+			},
+			expected:           []*orderbook.MatchedOrder{},
+			expectedLowestAsk:  50,
+			expectedHighestBid: 0,
+		},
+	}
+
+	for idx, tc := range testcases {
+		market := orderbook.NewMarket(testPair)
+		for _, ask := range tc.asks {
+			market.AddAsk(ask)
+		}
+		for _, bid := range tc.bids {
+			market.AddBid(bid)
+		}
+		resp := market.Match()
+		if len(tc.expected) == 0 {
+			require.Nil(t, resp, idx)
+		} else {
+			require.Equal(t, tc.expected, resp.MatchedOrders, idx)
+		}
+		require.EqualValues(t, tc.expectedLowestAsk, market.LowestAsk(), idx)
+		require.EqualValues(t, tc.expectedHighestBid, market.HighestBid(), idx)
+	}
+}

abci/example/orderbook/msgs.proto

@@ -0,0 +1,40 @@
+€syntax = "proto3";
+
+package orderbook;
+option go_package = "github.com/tendermint/tendermint/abci/example/orderbook";
+
+import "wire.proto";
+
+message MsgBid {
+    Pair pair  = 1;
+    OrderBid bid_order = 2;
+}
+
+message MsgAsk {
+    Pair pair  = 1;
+    OrderAsk ask_order = 2;
+}
+
+message MsgCreateAccount {
+    bytes public_key = 1;
+    repeated Commodity commodities = 2;
+}
+
+message MsgRegisterPair {
+    Pair pair = 1;
+}
+
+message MsgTradeSet {
+    TradeSet trade_set = 1;
+}
+
+message Msg {
+    //a Msg has to be one of the below
+    oneof sum {
+        MsgBid msg_bid = 1;
+        MsgAsk msg_ask = 2;
+        MsgRegisterPair msg_register_pair = 3;
+        MsgCreateAccount msg_create_account = 4;
+        MsgTradeSet msg_trade_set = 5;
+    }
+}

abci/example/orderbook/query.go

@@ -0,0 +1,31 @@
+package orderbook
+
+// Query the state of an account (returns a concrete copy)
+func (sm *StateMachine) Account(id uint64) Account {
+	if int(id) >= len(sm.accounts) {
+		return Account{}
+	}
+	return *sm.accounts[id]
+}
+
+// Query all the pairs that the orderbook has (returns a concrete copy)
+func (sm *StateMachine) Pairs() []Pair {
+	pairs := make([]Pair, len(sm.pairs))
+	idx := 0
+	for _, pair := range sm.pairs {
+		pairs[idx] = *pair
+		idx++
+	}
+	return pairs
+}
+
+// Query the current orders for a pair (returns concrete copies)
+func (sm *StateMachine) Orders(pair *Pair) ([]OrderBid, []OrderAsk) {
+	market, ok := sm.markets[pair.String()]
+	if !ok {
+		return nil, nil
+	}
+	return market.GetBids(), market.GetAsks()
+}
+
+func (sm *StateMachine) Height() int64 { return sm.lastHeight }

abci/example/orderbook/types.go

@@ -0,0 +1,299 @@
+package orderbook
+
+import (
+	"bytes"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"math"
+
+	"github.com/tendermint/tendermint/crypto"
+	"github.com/tendermint/tendermint/crypto/ed25519"
+)
+
+func NewMsgBid(pair *Pair, maxPrice, maxQuantity float64, ownerId uint64) *MsgBid {
+	return &MsgBid{
+		Pair: pair,
+		BidOrder: &OrderBid{
+			MaxPrice:    maxPrice,
+			MaxQuantity: maxQuantity,
+			OwnerId:     ownerId,
+		},
+	}
+}
+
+func (msg *MsgBid) Sign(pk crypto.PrivKey) error {
+	sig, err := pk.Sign(msg.BidOrder.DeterministicSignatureBytes(msg.Pair))
+	if err != nil {
+		return err
+	}
+	msg.BidOrder.Signature = sig
+	return nil
+}
+
+func (msg *MsgBid) ValidateBasic() error {
+	if err := msg.BidOrder.ValidateBasic(); err != nil {
+		return err
+	}
+
+	if err := msg.Pair.ValidateBasic(); err != nil {
+		return err
+	}
+
+	if len(msg.BidOrder.Signature) != ed25519.SignatureSize {
+		return errors.New("invalid signature size")
+	}
+
+	return nil
+}
+
+func NewMsgAsk(pair *Pair, askPrice, quantity float64, ownerId uint64) *MsgAsk {
+	return &MsgAsk{
+		Pair: pair,
+		AskOrder: &OrderAsk{
+			AskPrice: askPrice,
+			Quantity: quantity,
+			OwnerId:  ownerId,
+		},
+	}
+}
+
+func (msg *MsgAsk) Sign(pk crypto.PrivKey) error {
+	sig, err := pk.Sign(msg.AskOrder.DeterministicSignatureBytes(msg.Pair))
+	if err != nil {
+		return err
+	}
+	msg.AskOrder.Signature = sig
+	return nil
+}
+
+func (msg *MsgAsk) ValidateBasic() error {
+	if err := msg.AskOrder.ValidateBasic(); err != nil {
+		return err
+	}
+
+	if err := msg.Pair.ValidateBasic(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func NewMsgCreateAccount(commodities ...*Commodity) (*MsgCreateAccount, crypto.PrivKey) {
+	pk := ed25519.GenPrivKey()
+	return &MsgCreateAccount{
+		PublicKey:   pk.PubKey().Bytes(),
+		Commodities: commodities,
+	}, pk
+}
+
+func (msg *MsgCreateAccount) ValidateBasic() error {
+	if len(msg.PublicKey) != ed25519.PubKeySize {
+		return errors.New("invalid pub key size")
+	}
+
+	uniqueMap := make(map[string]struct{}, len(msg.Commodities))
+	for _, c := range msg.Commodities {
+		if err := c.ValidateBasic(); err != nil {
+			return err
+		}
+
+		if _, ok := uniqueMap[c.Denom]; ok {
+			return fmt.Errorf("commodity %s declared twice", c.Denom)
+		}
+		uniqueMap[c.Denom] = struct{}{}
+	}
+
+	return nil
+}
+
+func NewMsgRegisterPair(pair *Pair) *MsgRegisterPair {
+	return &MsgRegisterPair{Pair: pair}
+}
+
+func (msg *MsgRegisterPair) ValidateBasic() error {
+	return msg.Pair.ValidateBasic()
+}
+
+func NewCommodity(denom string, quantity float64) *Commodity {
+	return &Commodity{
+		Denom:    denom,
+		Quantity: quantity,
+	}
+}
+
+func (c *Commodity) ValidateBasic() error {
+	if c.Quantity <= 0 {
+		return errors.New("quantity must be greater than zero")
+	}
+
+	return nil
+}
+
+func (p *Pair) ValidateBasic() error {
+	if p.BuyersDenomination == "" || p.SellersDenomination == "" {
+		return errors.New("inbound and outbound commodities must be present")
+	}
+
+	if p.BuyersDenomination == p.SellersDenomination {
+		return errors.New("commodities must not be the same")
+	}
+
+	return nil
+}
+
+func (o *OrderBid) ValidateBasic() error {
+	if o.MaxQuantity == 0 {
+		return errors.New("max quantity must be non zero")
+	}
+
+	if o.MaxPrice <= 0 {
+		return errors.New("min price must be greater than 0")
+	}
+
+	if len(o.Signature) != ed25519.SignatureSize {
+		return errors.New("invalid signature size")
+	}
+
+	return nil
+}
+
+func (o *OrderBid) ValidateSignature(pk crypto.PubKey, pair *Pair) bool {
+	return pk.VerifySignature(o.DeterministicSignatureBytes(pair), o.Signature)
+}
+
+func (o *OrderBid) DeterministicSignatureBytes(pair *Pair) []byte {
+	buf := bytes.NewBuffer(nil)
+	buf.WriteString(pair.SellersDenomination)
+	buf.WriteString(pair.BuyersDenomination)
+	bz := buf.Bytes()
+	bz = binary.BigEndian.AppendUint64(bz, math.Float64bits(o.MaxQuantity))
+	bz = binary.BigEndian.AppendUint64(bz, math.Float64bits(o.MaxPrice))
+	return bz
+}
+
+func (m *MatchedOrder) ValidateBasic() error {
+	if err := m.OrderAsk.ValidateBasic(); err != nil {
+		return err
+	}
+
+	if err := m.OrderBid.ValidateBasic(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (t *TradeSet) ValidateBasic() error {
+	for _, matchedOrder := range t.MatchedOrders {
+		if err := matchedOrder.ValidateBasic(); err != nil {
+			return err
+		}
+		// checking if there is an account
+		if matchedOrder.OrderAsk.OwnerId == 0 {
+			return errors.New("must have an owner id more than zero")
+		}
+	}
+	// validate the pairs are valid
+	if err := t.Pair.ValidateBasic(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (o *OrderAsk) ValidateBasic() error {
+	if o.Quantity == 0 {
+		return errors.New("quantity outbound must be non zero")
+	}
+
+	if o.AskPrice <= 0 {
+		return errors.New("min price must be greater than 0")
+	}
+
+	if len(o.Signature) != ed25519.SignatureSize {
+		return errors.New("invalid signature size")
+	}
+
+	return nil
+}
+
+func (o *OrderAsk) ValidateSignature(pk crypto.PubKey, pair *Pair) bool {
+	return pk.VerifySignature(o.DeterministicSignatureBytes(pair), o.Signature)
+}
+
+func (o *OrderAsk) DeterministicSignatureBytes(pair *Pair) []byte {
+	buf := bytes.NewBuffer(nil)
+	buf.WriteString(pair.BuyersDenomination)
+	buf.WriteString(pair.SellersDenomination)
+	bz := buf.Bytes()
+	bz = binary.BigEndian.AppendUint64(bz, math.Float64bits(o.Quantity))
+	bz = binary.BigEndian.AppendUint64(bz, math.Float64bits(o.AskPrice))
+	return bz
+}
+
+func (a Account) IsEmpty() bool {
+	return len(a.PublicKey) == 0
+}
+
+func (a *Account) FindCommidity(denom string) *Commodity {
+	for _, c := range a.Commodities {
+		if c.Denom == denom {
+			return c
+		}
+	}
+
+	return nil
+
+}
+
+func (a *Account) AddCommodity(c *Commodity) {
+	curr := a.FindCommidity(c.Denom)
+	if curr == nil {
+		a.Commodities = append(a.Commodities, c)
+	} else {
+		curr.Quantity += c.Quantity
+	}
+}
+
+func (a *Account) SubtractCommodity(c *Commodity) {
+	curr := a.FindCommidity(c.Denom)
+	if curr == nil {
+		panic("trying to remove a commodity the account does not have")
+	}
+	curr.Quantity -= c.Quantity
+}
+
+func (msg *Msg) ValidateBasic() error {
+	switch m := msg.Sum.(type) {
+	case *Msg_MsgRegisterPair:
+		if err := m.MsgRegisterPair.ValidateBasic(); err != nil {
+			return err
+		}
+
+	case *Msg_MsgCreateAccount:
+		if err := m.MsgCreateAccount.ValidateBasic(); err != nil {
+			return err
+		}
+
+	case *Msg_MsgBid:
+		if err := m.MsgBid.ValidateBasic(); err != nil {
+			return err
+		}
+
+	case *Msg_MsgAsk:
+		if err := m.MsgAsk.ValidateBasic(); err != nil {
+			return err
+		}
+
+	case *Msg_MsgTradeSet:
+		if err := m.MsgTradeSet.TradeSet.ValidateBasic(); err != nil {
+			return err
+		}
+
+	default:
+		return errors.New("unknown tx")
+	}
+
+	return nil
+}

abci/example/orderbook/wire.proto

@@ -0,0 +1,52 @@
+syntax = "proto3";
+
+package orderbook;
+option go_package = "github.com/tendermint/tendermint/abci/example/orderbook";
+
+
+message OrderAsk {
+    double quantity = 1;
+    double ask_price = 2;
+	uint64 owner_id = 3;
+    bytes signature = 4; 
+}
+
+message OrderBid {
+    double max_quantity = 1;
+    double max_price = 2;
+	uint64 owner_id = 3;
+    bytes signature = 4;
+}
+
+message Pair {
+    // the denomination that the buyer receives i.e. EUR
+    string buyers_denomination = 1;
+    // the denomination that the seller receives i.e. USD
+    string sellers_denomination = 2;
+}
+
+message Commodity {
+    string denom = 1;
+    double quantity = 2;    
+}
+
+// Accounts is the atomic piece of information that is persisted to disk.
+message Account {
+    uint64 index = 1;
+	bytes public_key = 2;
+    // the set of commodities that the account has
+    repeated Commodity commodities = 3;
+}
+
+// TradeSet is the transaction that eventually is committed in a block
+// It is derived from a group of MsgBid and MsgAsk's 
+message TradeSet {
+    Pair pair = 1; // i.e. EUR/USD
+    // the set of matched trades for that peer 
+    repeated MatchedOrder matched_orders = 2;
+}
+
+message MatchedOrder {
+    OrderAsk order_ask = 1;
+    OrderBid order_bid = 2;
+}

abci/version/version.go

@@ -6,4 +6,4 @@ import (
 
 // TODO: eliminate this after some version refactor
 
-const Version = version.ABCIVersion
+const Version = version.ABCISemVer

blocksync/pool.go

@@ -32,7 +32,6 @@ const (
 	maxTotalRequesters        = 600
 	maxPendingRequests        = maxTotalRequesters
 	maxPendingRequestsPerPeer = 20
-	requestRetrySeconds       = 30
 
 	// Minimum recv rate to ensure we're receiving blocks from a peer fast
 	// enough. If a peer is not sending us data at at least that rate, we
@@ -603,7 +602,7 @@ OUTER_LOOP:
 			}
 			peer = bpr.pool.pickIncrAvailablePeer(bpr.height)
 			if peer == nil {
-				bpr.Logger.Debug("No peers currently available; will retry shortly", "height", bpr.height)
+				// log.Info("No peers available", "height", height)
 				time.Sleep(requestIntervalMS * time.Millisecond)
 				continue PICK_PEER_LOOP
 			}
@@ -613,7 +612,6 @@ OUTER_LOOP:
 		bpr.peerID = peer.id
 		bpr.mtx.Unlock()
 
-		to := time.NewTimer(requestRetrySeconds * time.Second)
 		// Send request and wait.
 		bpr.pool.sendRequest(bpr.height, peer.id)
 	WAIT_LOOP:
@@ -626,11 +624,6 @@ OUTER_LOOP:
 				return
 			case <-bpr.Quit():
 				return
-			case <-to.C:
-				bpr.Logger.Debug("Retrying block request after timeout", "height", bpr.height, "peer", bpr.peerID)
-				// Simulate a redo
-				bpr.reset()
-				continue OUTER_LOOP
 			case peerID := <-bpr.redoCh:
 				if peerID == bpr.peerID {
 					bpr.reset()

blocksync/reactor.go

@@ -406,7 +406,7 @@ FOR_LOOP:
 
 			// TODO: same thing for app - but we would need a way to
 			// get the hash without persisting the state
-			state, _, err = bcR.blockExec.ApplyBlock(state, firstID, first)
+			state, err = bcR.blockExec.ApplyBlock(state, firstID, first)
 			if err != nil {
 				// TODO This is bad, are we zombie?
 				panic(fmt.Sprintf("Failed to process committed block (%d:%X): %v", first.Height, first.Hash(), err))

blocksync/reactor_test.go

@@ -15,6 +15,7 @@ import (
 
 	abci "github.com/tendermint/tendermint/abci/types"
 	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/internal/test"
 	"github.com/tendermint/tendermint/libs/log"
 	mpmocks "github.com/tendermint/tendermint/mempool/mocks"
 	"github.com/tendermint/tendermint/p2p"
@@ -42,7 +43,7 @@ func randGenesisDoc(numValidators int, randPower bool, minPower int64) (*types.G
 
 	return &types.GenesisDoc{
 		GenesisTime: tmtime.Now(),
-		ChainID:     config.ChainID(),
+		ChainID:     test.DefaultTestChainID,
 		Validators:  validators,
 	}, privValidators
 }
@@ -103,7 +104,7 @@ func newReactor(
 		DiscardABCIResponses: false,
 	})
 	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyApp.Consensus(),
-		mp, sm.EmptyEvidencePool{})
+		mp, sm.EmptyEvidencePool{}, blockStore)
 	if err = stateStore.Save(state); err != nil {
 		panic(err)
 	}
@@ -136,7 +137,7 @@ func newReactor(
 		require.NoError(t, err)
 		blockID := types.BlockID{Hash: thisBlock.Hash(), PartSetHeader: thisParts.Header()}
 
-		state, _, err = blockExec.ApplyBlock(state, blockID, thisBlock)
+		state, err = blockExec.ApplyBlock(state, blockID, thisBlock)
 		if err != nil {
 			panic(fmt.Errorf("error apply block: %w", err))
 		}
@@ -151,7 +152,7 @@ func newReactor(
 }
 
 func TestNoBlockResponse(t *testing.T) {
-	config = cfg.ResetTestRoot("blockchain_reactor_test")
+	config = test.ResetTestRoot("blockchain_reactor_test")
 	defer os.RemoveAll(config.RootDir)
 	genDoc, privVals := randGenesisDoc(1, false, 30)
 
@@ -213,7 +214,7 @@ func TestNoBlockResponse(t *testing.T) {
 // Alternatively we could actually dial a TCP conn but
 // that seems extreme.
 func TestBadBlockStopsPeer(t *testing.T) {
-	config = cfg.ResetTestRoot("blockchain_reactor_test")
+	config = test.ResetTestRoot("blockchain_reactor_test")
 	defer os.RemoveAll(config.RootDir)
 	genDoc, privVals := randGenesisDoc(1, false, 30)
 

cmd/tendermint/commands/debug/util.go

@@ -67,8 +67,7 @@ func copyConfig(home, dir string) error {
 func dumpProfile(dir, addr, profile string, debug int) error {
 	endpoint := fmt.Sprintf("%s/debug/pprof/%s?debug=%d", addr, profile, debug)
 
-	//nolint:gosec,nolintlint
-	resp, err := http.Get(endpoint)
+	resp, err := http.Get(endpoint) //nolint: gosec
 	if err != nil {
 		return fmt.Errorf("failed to query for %s profile: %w", profile, err)
 	}

cmd/tendermint/commands/reindex_event.go

@@ -57,12 +57,18 @@ want to use this command.
 			return
 		}
 
+		state, err := ss.Load()
+		if err != nil {
+			fmt.Println(reindexFailed, err)
+			return
+		}
+
 		if err := checkValidHeight(bs); err != nil {
 			fmt.Println(reindexFailed, err)
 			return
 		}
 
-		bi, ti, err := loadEventSinks(config)
+		bi, ti, err := loadEventSinks(config, state.ChainID)
 		if err != nil {
 			fmt.Println(reindexFailed, err)
 			return
@@ -94,7 +100,7 @@ func init() {
 	ReIndexEventCmd.Flags().Int64Var(&endHeight, "end-height", 0, "the block height would like to finish for re-index")
 }
 
-func loadEventSinks(cfg *tmcfg.Config) (indexer.BlockIndexer, txindex.TxIndexer, error) {
+func loadEventSinks(cfg *tmcfg.Config, chainID string) (indexer.BlockIndexer, txindex.TxIndexer, error) {
 	switch strings.ToLower(cfg.TxIndex.Indexer) {
 	case "null":
 		return nil, nil, errors.New("found null event sink, please check the tx-index section in the config.toml")
@@ -103,7 +109,7 @@ func loadEventSinks(cfg *tmcfg.Config) (indexer.BlockIndexer, txindex.TxIndexer,
 		if conn == "" {
 			return nil, nil, errors.New("the psql connection settings cannot be empty")
 		}
-		es, err := psql.NewEventSink(conn, cfg.ChainID())
+		es, err := psql.NewEventSink(conn, chainID)
 		if err != nil {
 			return nil, nil, err
 		}

cmd/tendermint/commands/reindex_event_test.go

@@ -13,6 +13,7 @@ import (
 
 	abcitypes "github.com/tendermint/tendermint/abci/types"
 	tmcfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/internal/test"
 	prototmstate "github.com/tendermint/tendermint/proto/tendermint/state"
 	blockmocks "github.com/tendermint/tendermint/state/indexer/mocks"
 	"github.com/tendermint/tendermint/state/mocks"
@@ -98,7 +99,7 @@ func TestLoadEventSink(t *testing.T) {
 		cfg := tmcfg.TestConfig()
 		cfg.TxIndex.Indexer = tc.sinks
 		cfg.TxIndex.PsqlConn = tc.connURL
-		_, _, err := loadEventSinks(cfg)
+		_, _, err := loadEventSinks(cfg, test.DefaultTestChainID)
 		if tc.loadErr {
 			require.Error(t, err, idx)
 		} else {

cmd/tendermint/commands/rollback.go

@@ -14,6 +14,12 @@ import (
 	"github.com/tendermint/tendermint/store"
 )
 
+var removeBlock bool = false
+
+func init() {
+	RollbackStateCmd.Flags().BoolVar(&removeBlock, "hard", false, "remove last block as well as state")
+}
+
 var RollbackStateCmd = &cobra.Command{
 	Use:   "rollback",
 	Short: "rollback tendermint state by one height",
@@ -21,17 +27,23 @@ var RollbackStateCmd = &cobra.Command{
 A state rollback is performed to recover from an incorrect application state transition,
 when Tendermint has persisted an incorrect app hash and is thus unable to make
 progress. Rollback overwrites a state at height n with the state at height n - 1.
-The application should also roll back to height n - 1. No blocks are removed, so upon
-restarting Tendermint the transactions in block n will be re-executed against the
-application.
+The application should also roll back to height n - 1. If the --hard flag is not used, 
+no blocks will be removed so upon restarting Tendermint the transactions in block n will be 
+re-executed against the application. Using --hard will also remove block n. This can
+be done multiple times.
 `,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		height, hash, err := RollbackState(config)
+		height, hash, err := RollbackState(config, removeBlock)
 		if err != nil {
 			return fmt.Errorf("failed to rollback state: %w", err)
 		}
 
-		fmt.Printf("Rolled back state to height %d and hash %v", height, hash)
+		if removeBlock {
+			fmt.Printf("Rolled back both state and block to height %d and hash %X\n", height, hash)
+		} else {
+			fmt.Printf("Rolled back state to height %d and hash %X\n", height, hash)
+		}
+
 		return nil
 	},
 }
@@ -39,7 +51,7 @@ application.
 // RollbackState takes the state at the current height n and overwrites it with the state
 // at height n - 1. Note state here refers to tendermint state not application state.
 // Returns the latest state height and app hash alongside an error if there was one.
-func RollbackState(config *cfg.Config) (int64, []byte, error) {
+func RollbackState(config *cfg.Config, removeBlock bool) (int64, []byte, error) {
 	// use the parsed config to load the block and state store
 	blockStore, stateStore, err := loadStateAndBlockStore(config)
 	if err != nil {
@@ -51,7 +63,7 @@ func RollbackState(config *cfg.Config) (int64, []byte, error) {
 	}()
 
 	// rollback the last state
-	return state.Rollback(blockStore, stateStore)
+	return state.Rollback(blockStore, stateStore, removeBlock)
 }
 
 func loadStateAndBlockStore(config *cfg.Config) (*store.BlockStore, state.Store, error) {

cmd/tendermint/commands/version.go

@@ -14,6 +14,11 @@ var VersionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Show version info",
 	Run: func(cmd *cobra.Command, args []string) {
+		tmVersion := version.TMCoreSemVer
+		if version.TMGitCommitHash != "" {
+			tmVersion += "+" + version.TMGitCommitHash
+		}
+
 		if verbose {
 			values, _ := json.MarshalIndent(struct {
 				Tendermint    string `json:"tendermint"`
@@ -21,14 +26,14 @@ var VersionCmd = &cobra.Command{
 				BlockProtocol uint64 `json:"block_protocol"`
 				P2PProtocol   uint64 `json:"p2p_protocol"`
 			}{
-				Tendermint:    version.TMCoreSemVer,
-				ABCI:          version.ABCIVersion,
+				Tendermint:    tmVersion,
+				ABCI:          version.ABCISemVer,
 				BlockProtocol: version.BlockProtocol,
 				P2PProtocol:   version.P2PProtocol,
 			}, "", "  ")
 			fmt.Println(string(values))
 		} else {
-			fmt.Println(version.TMCoreSemVer)
+			fmt.Println(tmVersion)
 		}
 	},
 }

config/config.go

@@ -7,7 +7,10 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"regexp"
 	"time"
+
+	"github.com/tendermint/tendermint/version"
 )
 
 const (
@@ -28,6 +31,19 @@ const (
 	// Default is v0.
 	MempoolV0 = "v0"
 	MempoolV1 = "v1"
+
+	DefaultTendermintDir = ".tendermint"
+	DefaultConfigDir     = "config"
+	DefaultDataDir       = "data"
+
+	DefaultConfigFileName  = "config.toml"
+	DefaultGenesisJSONName = "genesis.json"
+
+	DefaultPrivValKeyName   = "priv_validator_key.json"
+	DefaultPrivValStateName = "priv_validator_state.json"
+
+	DefaultNodeKeyName  = "node_key.json"
+	DefaultAddrBookName = "addrbook.json"
 )
 
 // NOTE: Most of the structs & relevant comments + the
@@ -37,29 +53,19 @@ const (
 // config/toml.go
 // NOTE: libs/cli must know to look in the config dir!
 var (
-	DefaultTendermintDir = ".tendermint"
-	defaultConfigDir     = "config"
-	defaultDataDir       = "data"
+	defaultConfigFilePath   = filepath.Join(DefaultConfigDir, DefaultConfigFileName)
+	defaultGenesisJSONPath  = filepath.Join(DefaultConfigDir, DefaultGenesisJSONName)
+	defaultPrivValKeyPath   = filepath.Join(DefaultConfigDir, DefaultPrivValKeyName)
+	defaultPrivValStatePath = filepath.Join(DefaultDataDir, DefaultPrivValStateName)
 
-	defaultConfigFileName  = "config.toml"
-	defaultGenesisJSONName = "genesis.json"
-
-	defaultPrivValKeyName   = "priv_validator_key.json"
-	defaultPrivValStateName = "priv_validator_state.json"
-
-	defaultNodeKeyName  = "node_key.json"
-	defaultAddrBookName = "addrbook.json"
-
-	defaultConfigFilePath   = filepath.Join(defaultConfigDir, defaultConfigFileName)
-	defaultGenesisJSONPath  = filepath.Join(defaultConfigDir, defaultGenesisJSONName)
-	defaultPrivValKeyPath   = filepath.Join(defaultConfigDir, defaultPrivValKeyName)
-	defaultPrivValStatePath = filepath.Join(defaultDataDir, defaultPrivValStateName)
-
-	defaultNodeKeyPath  = filepath.Join(defaultConfigDir, defaultNodeKeyName)
-	defaultAddrBookPath = filepath.Join(defaultConfigDir, defaultAddrBookName)
+	defaultNodeKeyPath  = filepath.Join(DefaultConfigDir, DefaultNodeKeyName)
+	defaultAddrBookPath = filepath.Join(DefaultConfigDir, DefaultAddrBookName)
 
 	minSubscriptionBufferSize     = 100
 	defaultSubscriptionBufferSize = 200
+
+	// taken from https://semver.org/
+	semverRegexp = regexp.MustCompile(`^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)(?:-(?P<prerelease>(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+(?P<buildmetadata>[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$`)
 )
 
 // Config defines the top level configuration for a Tendermint node
@@ -68,18 +74,15 @@ type Config struct {
 	BaseConfig `mapstructure:",squash"`
 
 	// Options for services
-	RPC       *RPCConfig       `mapstructure:"rpc"`
-	P2P       *P2PConfig       `mapstructure:"p2p"`
-	Mempool   *MempoolConfig   `mapstructure:"mempool"`
-	StateSync *StateSyncConfig `mapstructure:"statesync"`
-	BlockSync *BlockSyncConfig `mapstructure:"blocksync"`
-	//TODO(williambanfield): remove this field once v0.37 is released.
-	// https://github.com/tendermint/tendermint/issues/9279
-	DeprecatedFastSyncConfig map[interface{}]interface{} `mapstructure:"fastsync"`
-	Consensus                *ConsensusConfig            `mapstructure:"consensus"`
-	Storage                  *StorageConfig              `mapstructure:"storage"`
-	TxIndex                  *TxIndexConfig              `mapstructure:"tx_index"`
-	Instrumentation          *InstrumentationConfig      `mapstructure:"instrumentation"`
+	RPC             *RPCConfig             `mapstructure:"rpc"`
+	P2P             *P2PConfig             `mapstructure:"p2p"`
+	Mempool         *MempoolConfig         `mapstructure:"mempool"`
+	StateSync       *StateSyncConfig       `mapstructure:"statesync"`
+	BlockSync       *BlockSyncConfig       `mapstructure:"blocksync"`
+	Consensus       *ConsensusConfig       `mapstructure:"consensus"`
+	Storage         *StorageConfig         `mapstructure:"storage"`
+	TxIndex         *TxIndexConfig         `mapstructure:"tx_index"`
+	Instrumentation *InstrumentationConfig `mapstructure:"instrumentation"`
 }
 
 // DefaultConfig returns a default configuration for a Tendermint node
@@ -154,14 +157,9 @@ func (cfg *Config) ValidateBasic() error {
 	return nil
 }
 
+// CheckDeprecated returns any deprecation warnings. These are printed to the operator on startup
 func (cfg *Config) CheckDeprecated() []string {
 	var warnings []string
-	if cfg.DeprecatedFastSyncConfig != nil {
-		warnings = append(warnings, "[fastsync] table detected. This section has been renamed to [blocksync]. The values in this deprecated section will be disregarded.")
-	}
-	if cfg.BaseConfig.DeprecatedFastSyncMode != nil {
-		warnings = append(warnings, "fast_sync key detected. This key has been renamed to block_sync. The value of this deprecated key will be disregarded.")
-	}
 	return warnings
 }
 
@@ -170,8 +168,10 @@ func (cfg *Config) CheckDeprecated() []string {
 
 // BaseConfig defines the base configuration for a Tendermint node
 type BaseConfig struct { //nolint: maligned
-	// chainID is unexposed and immutable but here for convenience
-	chainID string
+
+	// The version of the Tendermint binary that created
+	// or last modified the config file
+	Version string `mapstructure:"version"`
 
 	// The root directory for all data.
 	// This should be set in viper so it can unmarshal into this struct
@@ -189,10 +189,6 @@ type BaseConfig struct { //nolint: maligned
 	// and verifying their commits
 	BlockSyncMode bool `mapstructure:"block_sync"`
 
-	//TODO(williambanfield): remove this field once v0.37 is released.
-	// https://github.com/tendermint/tendermint/issues/9279
-	DeprecatedFastSyncMode interface{} `mapstructure:"fast_sync"`
-
 	// Database backend: goleveldb | cleveldb | boltdb | rocksdb
 	// * goleveldb (github.com/syndtr/goleveldb - most popular implementation)
 	//   - pure go
@@ -250,6 +246,7 @@ type BaseConfig struct { //nolint: maligned
 // DefaultBaseConfig returns a default base configuration for a Tendermint node
 func DefaultBaseConfig() BaseConfig {
 	return BaseConfig{
+		Version:            version.TMCoreSemVer,
 		Genesis:            defaultGenesisJSONPath,
 		PrivValidatorKey:   defaultPrivValKeyPath,
 		PrivValidatorState: defaultPrivValStatePath,
@@ -262,24 +259,19 @@ func DefaultBaseConfig() BaseConfig {
 		BlockSyncMode:      true,
 		FilterPeers:        false,
 		DBBackend:          "goleveldb",
-		DBPath:             "data",
+		DBPath:             DefaultDataDir,
 	}
 }
 
 // TestBaseConfig returns a base configuration for testing a Tendermint node
 func TestBaseConfig() BaseConfig {
 	cfg := DefaultBaseConfig()
-	cfg.chainID = "tendermint_test"
 	cfg.ProxyApp = "kvstore"
 	cfg.BlockSyncMode = false
 	cfg.DBBackend = "memdb"
 	return cfg
 }
 
-func (cfg BaseConfig) ChainID() string {
-	return cfg.chainID
-}
-
 // GenesisFile returns the full path to the genesis.json file
 func (cfg BaseConfig) GenesisFile() string {
 	return rootify(cfg.Genesis, cfg.RootDir)
@@ -308,6 +300,12 @@ func (cfg BaseConfig) DBDir() string {
 // ValidateBasic performs basic validation (checking param bounds, etc.) and
 // returns an error if any check fails.
 func (cfg BaseConfig) ValidateBasic() error {
+	// version on old config files aren't set so we can't expect it
+	// always to exist
+	if cfg.Version != "" && !semverRegexp.MatchString(cfg.Version) {
+		return fmt.Errorf("invalid version string: %s", cfg.Version)
+	}
+
 	switch cfg.LogFormat {
 	case LogFormatPlain, LogFormatJSON:
 	default:
@@ -513,7 +511,7 @@ func (cfg RPCConfig) KeyFile() string {
 	if filepath.IsAbs(path) {
 		return path
 	}
-	return rootify(filepath.Join(defaultConfigDir, path), cfg.RootDir)
+	return rootify(filepath.Join(DefaultConfigDir, path), cfg.RootDir)
 }
 
 func (cfg RPCConfig) CertFile() string {
@@ -521,7 +519,7 @@ func (cfg RPCConfig) CertFile() string {
 	if filepath.IsAbs(path) {
 		return path
 	}
-	return rootify(filepath.Join(defaultConfigDir, path), cfg.RootDir)
+	return rootify(filepath.Join(DefaultConfigDir, path), cfg.RootDir)
 }
 
 func (cfg RPCConfig) IsTLSEnabled() bool {
@@ -970,7 +968,7 @@ type ConsensusConfig struct {
 // DefaultConsensusConfig returns a default configuration for the consensus service
 func DefaultConsensusConfig() *ConsensusConfig {
 	return &ConsensusConfig{
-		WalPath:                     filepath.Join(defaultDataDir, "cs.wal", "wal"),
+		WalPath:                     filepath.Join(DefaultDataDir, "cs.wal", "wal"),
 		TimeoutPropose:              3000 * time.Millisecond,
 		TimeoutProposeDelta:         500 * time.Millisecond,
 		TimeoutPrevote:              1000 * time.Millisecond,

config/config_test.go

@@ -1,4 +1,4 @@
-package config
+package config_test
 
 import (
 	"reflect"
@@ -7,13 +7,15 @@ import (
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/tendermint/tendermint/config"
 )
 
 func TestDefaultConfig(t *testing.T) {
 	assert := assert.New(t)
 
 	// set up some defaults
-	cfg := DefaultConfig()
+	cfg := config.DefaultConfig()
 	assert.NotNil(cfg.P2P)
 	assert.NotNil(cfg.Mempool)
 	assert.NotNil(cfg.Consensus)
@@ -31,7 +33,7 @@ func TestDefaultConfig(t *testing.T) {
 }
 
 func TestConfigValidateBasic(t *testing.T) {
-	cfg := DefaultConfig()
+	cfg := config.DefaultConfig()
 	assert.NoError(t, cfg.ValidateBasic())
 
 	// tamper with timeout_propose
@@ -41,7 +43,7 @@ func TestConfigValidateBasic(t *testing.T) {
 
 func TestTLSConfiguration(t *testing.T) {
 	assert := assert.New(t)
-	cfg := DefaultConfig()
+	cfg := config.DefaultConfig()
 	cfg.SetRoot("/home/user")
 
 	cfg.RPC.TLSCertFile = "file.crt"
@@ -56,7 +58,7 @@ func TestTLSConfiguration(t *testing.T) {
 }
 
 func TestBaseConfigValidateBasic(t *testing.T) {
-	cfg := TestBaseConfig()
+	cfg := config.TestBaseConfig()
 	assert.NoError(t, cfg.ValidateBasic())
 
 	// tamper with log format
@@ -65,7 +67,7 @@ func TestBaseConfigValidateBasic(t *testing.T) {
 }
 
 func TestRPCConfigValidateBasic(t *testing.T) {
-	cfg := TestRPCConfig()
+	cfg := config.TestRPCConfig()
 	assert.NoError(t, cfg.ValidateBasic())
 
 	fieldsToTest := []string{
@@ -86,7 +88,7 @@ func TestRPCConfigValidateBasic(t *testing.T) {
 }
 
 func TestP2PConfigValidateBasic(t *testing.T) {
-	cfg := TestP2PConfig()
+	cfg := config.TestP2PConfig()
 	assert.NoError(t, cfg.ValidateBasic())
 
 	fieldsToTest := []string{
@@ -106,7 +108,7 @@ func TestP2PConfigValidateBasic(t *testing.T) {
 }
 
 func TestMempoolConfigValidateBasic(t *testing.T) {
-	cfg := TestMempoolConfig()
+	cfg := config.TestMempoolConfig()
 	assert.NoError(t, cfg.ValidateBasic())
 
 	fieldsToTest := []string{
@@ -124,12 +126,12 @@ func TestMempoolConfigValidateBasic(t *testing.T) {
 }
 
 func TestStateSyncConfigValidateBasic(t *testing.T) {
-	cfg := TestStateSyncConfig()
+	cfg := config.TestStateSyncConfig()
 	require.NoError(t, cfg.ValidateBasic())
 }
 
 func TestBlockSyncConfigValidateBasic(t *testing.T) {
-	cfg := TestBlockSyncConfig()
+	cfg := config.TestBlockSyncConfig()
 	assert.NoError(t, cfg.ValidateBasic())
 
 	// tamper with version
@@ -143,33 +145,33 @@ func TestBlockSyncConfigValidateBasic(t *testing.T) {
 func TestConsensusConfig_ValidateBasic(t *testing.T) {
 	//nolint: lll
 	testcases := map[string]struct {
-		modify    func(*ConsensusConfig)
+		modify    func(*config.ConsensusConfig)
 		expectErr bool
 	}{
-		"TimeoutPropose":                       {func(c *ConsensusConfig) { c.TimeoutPropose = time.Second }, false},
-		"TimeoutPropose negative":              {func(c *ConsensusConfig) { c.TimeoutPropose = -1 }, true},
-		"TimeoutProposeDelta":                  {func(c *ConsensusConfig) { c.TimeoutProposeDelta = time.Second }, false},
-		"TimeoutProposeDelta negative":         {func(c *ConsensusConfig) { c.TimeoutProposeDelta = -1 }, true},
-		"TimeoutPrevote":                       {func(c *ConsensusConfig) { c.TimeoutPrevote = time.Second }, false},
-		"TimeoutPrevote negative":              {func(c *ConsensusConfig) { c.TimeoutPrevote = -1 }, true},
-		"TimeoutPrevoteDelta":                  {func(c *ConsensusConfig) { c.TimeoutPrevoteDelta = time.Second }, false},
-		"TimeoutPrevoteDelta negative":         {func(c *ConsensusConfig) { c.TimeoutPrevoteDelta = -1 }, true},
-		"TimeoutPrecommit":                     {func(c *ConsensusConfig) { c.TimeoutPrecommit = time.Second }, false},
-		"TimeoutPrecommit negative":            {func(c *ConsensusConfig) { c.TimeoutPrecommit = -1 }, true},
-		"TimeoutPrecommitDelta":                {func(c *ConsensusConfig) { c.TimeoutPrecommitDelta = time.Second }, false},
-		"TimeoutPrecommitDelta negative":       {func(c *ConsensusConfig) { c.TimeoutPrecommitDelta = -1 }, true},
-		"TimeoutCommit":                        {func(c *ConsensusConfig) { c.TimeoutCommit = time.Second }, false},
-		"TimeoutCommit negative":               {func(c *ConsensusConfig) { c.TimeoutCommit = -1 }, true},
-		"PeerGossipSleepDuration":              {func(c *ConsensusConfig) { c.PeerGossipSleepDuration = time.Second }, false},
-		"PeerGossipSleepDuration negative":     {func(c *ConsensusConfig) { c.PeerGossipSleepDuration = -1 }, true},
-		"PeerQueryMaj23SleepDuration":          {func(c *ConsensusConfig) { c.PeerQueryMaj23SleepDuration = time.Second }, false},
-		"PeerQueryMaj23SleepDuration negative": {func(c *ConsensusConfig) { c.PeerQueryMaj23SleepDuration = -1 }, true},
-		"DoubleSignCheckHeight negative":       {func(c *ConsensusConfig) { c.DoubleSignCheckHeight = -1 }, true},
+		"TimeoutPropose":                       {func(c *config.ConsensusConfig) { c.TimeoutPropose = time.Second }, false},
+		"TimeoutPropose negative":              {func(c *config.ConsensusConfig) { c.TimeoutPropose = -1 }, true},
+		"TimeoutProposeDelta":                  {func(c *config.ConsensusConfig) { c.TimeoutProposeDelta = time.Second }, false},
+		"TimeoutProposeDelta negative":         {func(c *config.ConsensusConfig) { c.TimeoutProposeDelta = -1 }, true},
+		"TimeoutPrevote":                       {func(c *config.ConsensusConfig) { c.TimeoutPrevote = time.Second }, false},
+		"TimeoutPrevote negative":              {func(c *config.ConsensusConfig) { c.TimeoutPrevote = -1 }, true},
+		"TimeoutPrevoteDelta":                  {func(c *config.ConsensusConfig) { c.TimeoutPrevoteDelta = time.Second }, false},
+		"TimeoutPrevoteDelta negative":         {func(c *config.ConsensusConfig) { c.TimeoutPrevoteDelta = -1 }, true},
+		"TimeoutPrecommit":                     {func(c *config.ConsensusConfig) { c.TimeoutPrecommit = time.Second }, false},
+		"TimeoutPrecommit negative":            {func(c *config.ConsensusConfig) { c.TimeoutPrecommit = -1 }, true},
+		"TimeoutPrecommitDelta":                {func(c *config.ConsensusConfig) { c.TimeoutPrecommitDelta = time.Second }, false},
+		"TimeoutPrecommitDelta negative":       {func(c *config.ConsensusConfig) { c.TimeoutPrecommitDelta = -1 }, true},
+		"TimeoutCommit":                        {func(c *config.ConsensusConfig) { c.TimeoutCommit = time.Second }, false},
+		"TimeoutCommit negative":               {func(c *config.ConsensusConfig) { c.TimeoutCommit = -1 }, true},
+		"PeerGossipSleepDuration":              {func(c *config.ConsensusConfig) { c.PeerGossipSleepDuration = time.Second }, false},
+		"PeerGossipSleepDuration negative":     {func(c *config.ConsensusConfig) { c.PeerGossipSleepDuration = -1 }, true},
+		"PeerQueryMaj23SleepDuration":          {func(c *config.ConsensusConfig) { c.PeerQueryMaj23SleepDuration = time.Second }, false},
+		"PeerQueryMaj23SleepDuration negative": {func(c *config.ConsensusConfig) { c.PeerQueryMaj23SleepDuration = -1 }, true},
+		"DoubleSignCheckHeight negative":       {func(c *config.ConsensusConfig) { c.DoubleSignCheckHeight = -1 }, true},
 	}
 	for desc, tc := range testcases {
 		tc := tc // appease linter
 		t.Run(desc, func(t *testing.T) {
-			cfg := DefaultConsensusConfig()
+			cfg := config.DefaultConsensusConfig()
 			tc.modify(cfg)
 
 			err := cfg.ValidateBasic()
@@ -183,7 +185,7 @@ func TestConsensusConfig_ValidateBasic(t *testing.T) {
 }
 
 func TestInstrumentationConfigValidateBasic(t *testing.T) {
-	cfg := TestInstrumentationConfig()
+	cfg := config.TestInstrumentationConfig()
 	assert.NoError(t, cfg.ValidateBasic())
 
 	// tamper with maximum open connections

config/toml.go

@@ -2,8 +2,6 @@ package config
 
 import (
 	"bytes"
-	"fmt"
-	"os"
 	"path/filepath"
 	"strings"
 	"text/template"
@@ -34,10 +32,10 @@ func EnsureRoot(rootDir string) {
 	if err := tmos.EnsureDir(rootDir, DefaultDirPerm); err != nil {
 		panic(err.Error())
 	}
-	if err := tmos.EnsureDir(filepath.Join(rootDir, defaultConfigDir), DefaultDirPerm); err != nil {
+	if err := tmos.EnsureDir(filepath.Join(rootDir, DefaultConfigDir), DefaultDirPerm); err != nil {
 		panic(err.Error())
 	}
-	if err := tmos.EnsureDir(filepath.Join(rootDir, defaultDataDir), DefaultDirPerm); err != nil {
+	if err := tmos.EnsureDir(filepath.Join(rootDir, DefaultDataDir), DefaultDirPerm); err != nil {
 		panic(err.Error())
 	}
 
@@ -76,6 +74,10 @@ const defaultConfigTemplate = `# This is a TOML config file.
 # "$HOME/.tendermint" by default, but could be changed via $TMHOME env variable
 # or --home cmd flag.
 
+# The version of the Tendermint binary that created or
+# last modified the config file. Do not modify this.
+version = "{{ .BaseConfig.Version }}"
+
 #######################################################################
 ###                   Main Base Config Options                      ###
 #######################################################################
@@ -537,101 +539,3 @@ max_open_connections = {{ .Instrumentation.MaxOpenConnections }}
 # Instrumentation namespace
 namespace = "{{ .Instrumentation.Namespace }}"
 `
-
-/****** these are for test settings ***********/
-
-func ResetTestRoot(testName string) *Config {
-	return ResetTestRootWithChainID(testName, "")
-}
-
-func ResetTestRootWithChainID(testName string, chainID string) *Config {
-	// create a unique, concurrency-safe test directory under os.TempDir()
-	rootDir, err := os.MkdirTemp("", fmt.Sprintf("%s-%s_", chainID, testName))
-	if err != nil {
-		panic(err)
-	}
-	// ensure config and data subdirs are created
-	if err := tmos.EnsureDir(filepath.Join(rootDir, defaultConfigDir), DefaultDirPerm); err != nil {
-		panic(err)
-	}
-	if err := tmos.EnsureDir(filepath.Join(rootDir, defaultDataDir), DefaultDirPerm); err != nil {
-		panic(err)
-	}
-
-	baseConfig := DefaultBaseConfig()
-	configFilePath := filepath.Join(rootDir, defaultConfigFilePath)
-	genesisFilePath := filepath.Join(rootDir, baseConfig.Genesis)
-	privKeyFilePath := filepath.Join(rootDir, baseConfig.PrivValidatorKey)
-	privStateFilePath := filepath.Join(rootDir, baseConfig.PrivValidatorState)
-
-	// Write default config file if missing.
-	if !tmos.FileExists(configFilePath) {
-		writeDefaultConfigFile(configFilePath)
-	}
-	if !tmos.FileExists(genesisFilePath) {
-		if chainID == "" {
-			chainID = "tendermint_test"
-		}
-		testGenesis := fmt.Sprintf(testGenesisFmt, chainID)
-		tmos.MustWriteFile(genesisFilePath, []byte(testGenesis), 0644)
-	}
-	// we always overwrite the priv val
-	tmos.MustWriteFile(privKeyFilePath, []byte(testPrivValidatorKey), 0644)
-	tmos.MustWriteFile(privStateFilePath, []byte(testPrivValidatorState), 0644)
-
-	config := TestConfig().SetRoot(rootDir)
-	return config
-}
-
-var testGenesisFmt = `{
-  "genesis_time": "2018-10-10T08:20:13.695936996Z",
-  "chain_id": "%s",
-  "initial_height": "1",
-	"consensus_params": {
-		"block": {
-			"max_bytes": "22020096",
-			"max_gas": "-1",
-			"time_iota_ms": "10"
-		},
-		"evidence": {
-			"max_age_num_blocks": "100000",
-			"max_age_duration": "172800000000000",
-			"max_bytes": "1048576"
-		},
-		"validator": {
-			"pub_key_types": [
-				"ed25519"
-			]
-		},
-		"version": {}
-	},
-  "validators": [
-    {
-      "pub_key": {
-        "type": "tendermint/PubKeyEd25519",
-        "value":"AT/+aaL1eB0477Mud9JMm8Sh8BIvOYlPGC9KkIUmFaE="
-      },
-      "power": "10",
-      "name": ""
-    }
-  ],
-  "app_hash": ""
-}`
-
-var testPrivValidatorKey = `{
-  "address": "A3258DCBF45DCA0DF052981870F2D1441A36D145",
-  "pub_key": {
-    "type": "tendermint/PubKeyEd25519",
-    "value": "AT/+aaL1eB0477Mud9JMm8Sh8BIvOYlPGC9KkIUmFaE="
-  },
-  "priv_key": {
-    "type": "tendermint/PrivKeyEd25519",
-    "value": "EVkqJO/jIXp3rkASXfh9YnyToYXRXhBr6g9cQVxPFnQBP/5povV4HTjvsy530kybxKHwEi85iU8YL0qQhSYVoQ=="
-  }
-}`
-
-var testPrivValidatorState = `{
-  "height": "0",
-  "round": 0,
-  "step": 0
-}`

config/toml_test.go

@@ -1,20 +1,22 @@
-package config
+package config_test
 
 import (
 	"os"
 	"path/filepath"
-	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+
+	"github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/internal/test"
 )
 
 func ensureFiles(t *testing.T, rootDir string, files ...string) {
 	for _, f := range files {
-		p := rootify(rootDir, f)
+		p := filepath.Join(rootDir, f)
 		_, err := os.Stat(p)
-		assert.Nil(t, err, p)
+		assert.NoError(t, err, p)
 	}
 }
 
@@ -27,15 +29,13 @@ func TestEnsureRoot(t *testing.T) {
 	defer os.RemoveAll(tmpDir)
 
 	// create root dir
-	EnsureRoot(tmpDir)
+	config.EnsureRoot(tmpDir)
 
 	// make sure config is set properly
-	data, err := os.ReadFile(filepath.Join(tmpDir, defaultConfigFilePath))
+	data, err := os.ReadFile(filepath.Join(tmpDir, config.DefaultConfigDir, config.DefaultConfigFileName))
 	require.Nil(err)
 
-	if !checkConfig(string(data)) {
-		t.Fatalf("config file missing some information")
-	}
+	assertValidConfig(t, string(data))
 
 	ensureFiles(t, tmpDir, "data")
 }
@@ -43,35 +43,30 @@ func TestEnsureRoot(t *testing.T) {
 func TestEnsureTestRoot(t *testing.T) {
 	require := require.New(t)
 
-	testName := "ensureTestRoot"
-
 	// create root dir
-	cfg := ResetTestRoot(testName)
+	cfg := test.ResetTestRoot("ensureTestRoot")
 	defer os.RemoveAll(cfg.RootDir)
 	rootDir := cfg.RootDir
 
 	// make sure config is set properly
-	data, err := os.ReadFile(filepath.Join(rootDir, defaultConfigFilePath))
+	data, err := os.ReadFile(filepath.Join(rootDir, config.DefaultConfigDir, config.DefaultConfigFileName))
 	require.Nil(err)
 
-	if !checkConfig(string(data)) {
-		t.Fatalf("config file missing some information")
-	}
+	assertValidConfig(t, string(data))
 
 	// TODO: make sure the cfg returned and testconfig are the same!
-	baseConfig := DefaultBaseConfig()
-	ensureFiles(t, rootDir, defaultDataDir, baseConfig.Genesis, baseConfig.PrivValidatorKey, baseConfig.PrivValidatorState)
+	baseConfig := config.DefaultBaseConfig()
+	ensureFiles(t, rootDir, config.DefaultDataDir, baseConfig.Genesis, baseConfig.PrivValidatorKey, baseConfig.PrivValidatorState)
 }
 
-func checkConfig(configFile string) bool {
-	var valid bool
-
+func assertValidConfig(t *testing.T, configFile string) {
+	t.Helper()
 	// list of words we expect in the config
 	var elems = []string{
 		"moniker",
 		"seeds",
 		"proxy_app",
-		"fast_sync",
+		"block_sync",
 		"create_empty_blocks",
 		"peer",
 		"timeout",
@@ -84,11 +79,6 @@ func checkConfig(configFile string) bool {
 		"genesis",
 	}
 	for _, e := range elems {
-		if !strings.Contains(configFile, e) {
-			valid = false
-		} else {
-			valid = true
-		}
+		assert.Contains(t, configFile, e)
 	}
-	return valid
 }

consensus/README.md

@@ -1,3 +1,3 @@
 # Consensus 
 
-See the [consensus spec](https://github.com/tendermint/tendermint/tree/v0.37.x/spec/consensus) and the [reactor consensus spec](https://github.com/tendermint/tendermint/tree/v0.37.x/spec/reactors/consensus) for more information.
+See the [consensus spec](https://github.com/tendermint/tendermint/tree/main/spec/consensus) for more information.

consensus/byzantine_test.go

@@ -100,7 +100,7 @@ func TestByzantinePrevoteEquivocation(t *testing.T) {
 		evpool.SetLogger(logger.With("module", "evidence"))
 
 		// Make State
-		blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyAppConnCon, mempool, evpool)
+		blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyAppConnCon, mempool, evpool, blockStore)
 		cs := NewState(thisConfig.Consensus, state, blockExec, blockStore, mempool, evpool)
 		cs.SetLogger(cs.Logger)
 		// set private validator
@@ -214,7 +214,7 @@ func TestByzantinePrevoteEquivocation(t *testing.T) {
 		proposerAddr := lazyProposer.privValidatorPubKey.Address()
 
 		block, err := lazyProposer.blockExec.CreateProposalBlock(
-			lazyProposer.Height, lazyProposer.state, commit, proposerAddr)
+			lazyProposer.Height, lazyProposer.state, commit, proposerAddr, nil)
 		require.NoError(t, err)
 		blockParts, err := block.MakePartSet(types.BlockPartSizeBytes)
 		require.NoError(t, err)

consensus/common_test.go

@@ -24,6 +24,7 @@ import (
 	abci "github.com/tendermint/tendermint/abci/types"
 	cfg "github.com/tendermint/tendermint/config"
 	cstypes "github.com/tendermint/tendermint/consensus/types"
+	"github.com/tendermint/tendermint/internal/test"
 	tmbytes "github.com/tendermint/tendermint/libs/bytes"
 	"github.com/tendermint/tendermint/libs/log"
 	tmos "github.com/tendermint/tendermint/libs/os"
@@ -63,7 +64,7 @@ func ensureDir(dir string, mode os.FileMode) {
 }
 
 func ResetConfig(name string) *cfg.Config {
-	return cfg.ResetTestRoot(name)
+	return test.ResetTestRoot(name)
 }
 
 //-------------------------------------------------------------------------------
@@ -108,7 +109,7 @@ func (vs *validatorStub) signVote(
 		BlockID:          types.BlockID{Hash: hash, PartSetHeader: header},
 	}
 	v := vote.ToProto()
-	if err := vs.PrivValidator.SignVote(config.ChainID(), v); err != nil {
+	if err := vs.PrivValidator.SignVote(test.DefaultTestChainID, v); err != nil {
 		return nil, fmt.Errorf("sign vote failed: %w", err)
 	}
 
@@ -369,7 +370,7 @@ func subscribeToVoter(cs *State, addr []byte) <-chan tmpubsub.Message {
 // consensus states
 
 func newState(state sm.State, pv types.PrivValidator, app abci.Application) *State {
-	config := cfg.ResetTestRoot("consensus_state_test")
+	config := test.ResetTestRoot("consensus_state_test")
 	return newStateWithConfig(config, state, pv, app)
 }
 
@@ -438,7 +439,7 @@ func newStateWithConfigAndBlockStore(
 		panic(err)
 	}
 
-	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyAppConnCon, mempool, evpool)
+	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyAppConnCon, mempool, evpool, blockStore)
 	cs := NewState(thisConfig.Consensus, state, blockExec, blockStore, mempool, evpool)
 	cs.SetLogger(log.TestingLogger().With("module", "consensus"))
 	cs.SetPrivValidator(pv)
@@ -868,7 +869,7 @@ func randGenesisDoc(numValidators int, randPower bool, minPower int64) (*types.G
 	return &types.GenesisDoc{
 		GenesisTime:   tmtime.Now(),
 		InitialHeight: 1,
-		ChainID:       config.ChainID(),
+		ChainID:       test.DefaultTestChainID,
 		Validators:    validators,
 	}, privValidators
 }

consensus/reactor_test.go

@@ -190,7 +190,7 @@ func TestReactorWithEvidence(t *testing.T) {
 		// mock the evidence pool
 		// everyone includes evidence of another double signing
 		vIdx := (i + 1) % nValidators
-		ev, err := types.NewMockDuplicateVoteEvidenceWithValidator(1, defaultTestTime, privVals[vIdx], config.ChainID())
+		ev, err := types.NewMockDuplicateVoteEvidenceWithValidator(1, defaultTestTime, privVals[vIdx], genDoc.ChainID)
 		require.NoError(t, err)
 		evpool := &statemocks.EvidencePool{}
 		evpool.On("CheckEvidence", mock.AnythingOfType("types.EvidenceList")).Return(nil)
@@ -201,7 +201,7 @@ func TestReactorWithEvidence(t *testing.T) {
 		evpool2 := sm.EmptyEvidencePool{}
 
 		// Make State
-		blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyAppConnCon, mempool, evpool)
+		blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyAppConnCon, mempool, evpool, blockStore)
 		cs := NewState(thisConfig.Consensus, state, blockExec, blockStore, mempool, evpool2)
 		cs.SetLogger(log.TestingLogger().With("module", "consensus"))
 		cs.SetPrivValidator(pv)

consensus/replay.go

@@ -496,11 +496,11 @@ func (h *Handshaker) replayBlock(state sm.State, height int64, proxyApp proxy.Ap
 
 	// Use stubs for both mempool and evidence pool since no transactions nor
 	// evidence are needed here - block already exists.
-	blockExec := sm.NewBlockExecutor(h.stateStore, h.logger, proxyApp, emptyMempool{}, sm.EmptyEvidencePool{})
+	blockExec := sm.NewBlockExecutor(h.stateStore, h.logger, proxyApp, emptyMempool{}, sm.EmptyEvidencePool{}, h.store)
 	blockExec.SetEventBus(h.eventBus)
 
 	var err error
-	state, _, err = blockExec.ApplyBlock(state, meta.BlockID, block)
+	state, err = blockExec.ApplyBlock(state, meta.BlockID, block)
 	if err != nil {
 		return sm.State{}, err
 	}

consensus/replay_file.go

@@ -330,7 +330,7 @@ func newConsensusStateForReplay(config cfg.BaseConfig, csConfig *cfg.ConsensusCo
 	}
 
 	mempool, evpool := emptyMempool{}, sm.EmptyEvidencePool{}
-	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyApp.Consensus(), mempool, evpool)
+	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyApp.Consensus(), mempool, evpool, blockStore)
 
 	consensusState := NewState(csConfig, state.Copy(), blockExec,
 		blockStore, mempool, evpool)

consensus/replay_test.go

@@ -373,7 +373,7 @@ func TestSimulateValidatorsChange(t *testing.T) {
 
 	proposal := types.NewProposal(vss[1].Height, round, -1, blockID)
 	p := proposal.ToProto()
-	if err := vss[1].SignProposal(config.ChainID(), p); err != nil {
+	if err := vss[1].SignProposal(genDoc.ChainID, p); err != nil {
 		t.Fatal("failed to sign bad proposal", err)
 	}
 	proposal.Signature = p.Signature
@@ -405,7 +405,7 @@ func TestSimulateValidatorsChange(t *testing.T) {
 
 	proposal = types.NewProposal(vss[2].Height, round, -1, blockID)
 	p = proposal.ToProto()
-	if err := vss[2].SignProposal(config.ChainID(), p); err != nil {
+	if err := vss[2].SignProposal(genDoc.ChainID, p); err != nil {
 		t.Fatal("failed to sign bad proposal", err)
 	}
 	proposal.Signature = p.Signature
@@ -464,7 +464,7 @@ func TestSimulateValidatorsChange(t *testing.T) {
 
 	proposal = types.NewProposal(vss[3].Height, round, -1, blockID)
 	p = proposal.ToProto()
-	if err := vss[3].SignProposal(config.ChainID(), p); err != nil {
+	if err := vss[3].SignProposal(genDoc.ChainID, p); err != nil {
 		t.Fatal("failed to sign bad proposal", err)
 	}
 	proposal.Signature = p.Signature
@@ -525,7 +525,7 @@ func TestSimulateValidatorsChange(t *testing.T) {
 	selfIndex = valIndexFn(0)
 	proposal = types.NewProposal(vss[1].Height, round, -1, blockID)
 	p = proposal.ToProto()
-	if err := vss[1].SignProposal(config.ChainID(), p); err != nil {
+	if err := vss[1].SignProposal(genDoc.ChainID, p); err != nil {
 		t.Fatal("failed to sign bad proposal", err)
 	}
 	proposal.Signature = p.Signature
@@ -711,7 +711,7 @@ func testHandshakeReplay(t *testing.T, config *cfg.Config, nBlocks int, mode uin
 
 	state := genesisState.Copy()
 	// run the chain through state.ApplyBlock to build up the tendermint state
-	state = buildTMStateFromChain(t, config, stateStore, state, chain, nBlocks, mode)
+	state = buildTMStateFromChain(t, config, stateStore, state, chain, nBlocks, mode, store)
 	latestAppHash := state.AppHash
 
 	// make a new client creator
@@ -729,13 +729,13 @@ func testHandshakeReplay(t *testing.T, config *cfg.Config, nBlocks int, mode uin
 		})
 		err := stateStore.Save(genesisState)
 		require.NoError(t, err)
-		buildAppStateFromChain(t, proxyApp, stateStore, genesisState, chain, nBlocks, mode)
+		buildAppStateFromChain(t, proxyApp, stateStore, genesisState, chain, nBlocks, mode, store)
 	}
 
 	// Prune block store if requested
 	expectError := false
 	if mode == 3 {
-		pruned, err := store.PruneBlocks(2)
+		pruned, _, err := store.PruneBlocks(2, state)
 		require.NoError(t, err)
 		require.EqualValues(t, 1, pruned)
 		expectError = int64(nBlocks) < 2
@@ -789,20 +789,20 @@ func testHandshakeReplay(t *testing.T, config *cfg.Config, nBlocks int, mode uin
 	}
 }
 
-func applyBlock(t *testing.T, stateStore sm.Store, st sm.State, blk *types.Block, proxyApp proxy.AppConns) sm.State {
+func applyBlock(t *testing.T, stateStore sm.Store, st sm.State, blk *types.Block, proxyApp proxy.AppConns, bs *mockBlockStore) sm.State {
 	testPartSize := types.BlockPartSizeBytes
-	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyApp.Consensus(), mempool, evpool)
+	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyApp.Consensus(), mempool, evpool, bs)
 
 	bps, err := blk.MakePartSet(testPartSize)
 	require.NoError(t, err)
 	blkID := types.BlockID{Hash: blk.Hash(), PartSetHeader: bps.Header()}
-	newState, _, err := blockExec.ApplyBlock(st, blkID, blk)
+	newState, err := blockExec.ApplyBlock(st, blkID, blk)
 	require.NoError(t, err)
 	return newState
 }
 
 func buildAppStateFromChain(t *testing.T, proxyApp proxy.AppConns, stateStore sm.Store,
-	state sm.State, chain []*types.Block, nBlocks int, mode uint) {
+	state sm.State, chain []*types.Block, nBlocks int, mode uint, blockStore *mockBlockStore) {
 	// start a new app without handshake, play nBlocks blocks
 	if err := proxyApp.Start(); err != nil {
 		panic(err)
@@ -823,18 +823,18 @@ func buildAppStateFromChain(t *testing.T, proxyApp proxy.AppConns, stateStore sm
 	case 0:
 		for i := 0; i < nBlocks; i++ {
 			block := chain[i]
-			state = applyBlock(t, stateStore, state, block, proxyApp)
+			state = applyBlock(t, stateStore, state, block, proxyApp, blockStore)
 		}
 	case 1, 2, 3:
 		for i := 0; i < nBlocks-1; i++ {
 			block := chain[i]
-			state = applyBlock(t, stateStore, state, block, proxyApp)
+			state = applyBlock(t, stateStore, state, block, proxyApp, blockStore)
 		}
 
 		if mode == 2 || mode == 3 {
 			// update the kvstore height and apphash
 			// as if we ran commit but not
-			state = applyBlock(t, stateStore, state, chain[nBlocks-1], proxyApp)
+			state = applyBlock(t, stateStore, state, chain[nBlocks-1], proxyApp, blockStore)
 		}
 	default:
 		panic(fmt.Sprintf("unknown mode %v", mode))
@@ -849,7 +849,8 @@ func buildTMStateFromChain(
 	state sm.State,
 	chain []*types.Block,
 	nBlocks int,
-	mode uint) sm.State {
+	mode uint,
+	blockStore *mockBlockStore) sm.State {
 	// run the whole chain against this client to build up the tendermint state
 	clientCreator := proxy.NewLocalClientCreator(
 		kvstore.NewPersistentKVStoreApplication(
@@ -874,19 +875,19 @@ func buildTMStateFromChain(
 	case 0:
 		// sync right up
 		for _, block := range chain {
-			state = applyBlock(t, stateStore, state, block, proxyApp)
+			state = applyBlock(t, stateStore, state, block, proxyApp, blockStore)
 		}
 
 	case 1, 2, 3:
 		// sync up to the penultimate as if we stored the block.
 		// whether we commit or not depends on the appHash
 		for _, block := range chain[:len(chain)-1] {
-			state = applyBlock(t, stateStore, state, block, proxyApp)
+			state = applyBlock(t, stateStore, state, block, proxyApp, blockStore)
 		}
 
 		// apply the final block to a state copy so we can
 		// get the right next appHash but keep the state back
-		applyBlock(t, stateStore, state, chain[len(chain)-1], proxyApp)
+		applyBlock(t, stateStore, state, chain[len(chain)-1], proxyApp, blockStore)
 	default:
 		panic(fmt.Sprintf("unknown mode %v", mode))
 	}
@@ -1184,7 +1185,8 @@ func (bs *mockBlockStore) LoadSeenCommit(height int64) *types.Commit {
 	return bs.commits[height-1]
 }
 
-func (bs *mockBlockStore) PruneBlocks(height int64) (uint64, error) {
+func (bs *mockBlockStore) PruneBlocks(height int64, state sm.State) (uint64, int64, error) {
+	evidencePoint := height
 	pruned := uint64(0)
 	for i := int64(0); i < height-1; i++ {
 		bs.chain[i] = nil
@@ -1192,9 +1194,11 @@ func (bs *mockBlockStore) PruneBlocks(height int64) (uint64, error) {
 		pruned++
 	}
 	bs.base = height
-	return pruned, nil
+	return pruned, evidencePoint, nil
 }
 
+func (bs *mockBlockStore) DeleteLatestBlock() error { return nil }
+
 //---------------------------------------
 // Test handshake/init chain
 

consensus/state.go

@@ -468,6 +468,7 @@ func (cs *State) AddVote(vote *types.Vote, peerID p2p.ID) (added bool, err error
 
 // SetProposal inputs a proposal.
 func (cs *State) SetProposal(proposal *types.Proposal, peerID p2p.ID) error {
+
 	if peerID == "" {
 		cs.internalMsgQueue <- msgInfo{&ProposalMessage{proposal}, ""}
 	} else {
@@ -480,6 +481,7 @@ func (cs *State) SetProposal(proposal *types.Proposal, peerID p2p.ID) error {
 
 // AddProposalBlockPart inputs a part of the proposal block.
 func (cs *State) AddProposalBlockPart(height int64, round int32, part *types.Part, peerID p2p.ID) error {
+
 	if peerID == "" {
 		cs.internalMsgQueue <- msgInfo{&BlockPartMessage{height, round, part}, ""}
 	} else {
@@ -497,6 +499,7 @@ func (cs *State) SetProposalAndBlock(
 	parts *types.PartSet,
 	peerID p2p.ID,
 ) error {
+
 	if err := cs.SetProposal(proposal, peerID); err != nil {
 		return err
 	}
@@ -942,6 +945,7 @@ func (cs *State) handleTimeout(ti timeoutInfo, rs cstypes.RoundState) {
 	default:
 		panic(fmt.Sprintf("invalid timeout step: %v", ti.Step))
 	}
+
 }
 
 func (cs *State) handleTxsAvailable() {
@@ -1192,6 +1196,7 @@ func (cs *State) isProposalComplete() bool {
 	}
 	// if this is false the proposer is lying or we haven't received the POL yet
 	return cs.Votes.Prevotes(cs.Proposal.POLRound).HasTwoThirdsMajority()
+
 }
 
 // Create the next block to propose and return it. Returns nil block upon error.
@@ -1229,7 +1234,7 @@ func (cs *State) createProposalBlock() (*types.Block, error) {
 
 	proposerAddr := cs.privValidatorPubKey.Address()
 
-	ret, err := cs.blockExec.CreateProposalBlock(cs.Height, cs.state, commit, proposerAddr)
+	ret, err := cs.blockExec.CreateProposalBlock(cs.Height, cs.state, commit, proposerAddr, cs.LastCommit.GetVotes())
 	if err != nil {
 		panic(err)
 	}
@@ -1689,12 +1694,7 @@ func (cs *State) finalizeCommit(height int64) {
 
 	// Execute and commit the block, update and save the state, and update the mempool.
 	// NOTE The block.AppHash wont reflect these txs until the next block.
-	var (
-		err          error
-		retainHeight int64
-	)
-
-	stateCopy, retainHeight, err = cs.blockExec.ApplyBlock(
+	stateCopy, err := cs.blockExec.ApplyBlock(
 		stateCopy,
 		types.BlockID{
 			Hash:          block.Hash(),
@@ -1709,16 +1709,6 @@ func (cs *State) finalizeCommit(height int64) {
 
 	fail.Fail() // XXX
 
-	// Prune old heights, if requested by ABCI app.
-	if retainHeight > 0 {
-		pruned, err := cs.pruneBlocks(retainHeight)
-		if err != nil {
-			logger.Error("failed to prune blocks", "retain_height", retainHeight, "err", err)
-		} else {
-			logger.Debug("pruned blocks", "pruned", pruned, "retain_height", retainHeight)
-		}
-	}
-
 	// must be called before we update state
 	cs.recordMetrics(height, block)
 
@@ -1742,22 +1732,6 @@ func (cs *State) finalizeCommit(height int64) {
 	// * cs.StartTime is set to when we will start round0.
 }
 
-func (cs *State) pruneBlocks(retainHeight int64) (uint64, error) {
-	base := cs.blockStore.Base()
-	if retainHeight <= base {
-		return 0, nil
-	}
-	pruned, err := cs.blockStore.PruneBlocks(retainHeight)
-	if err != nil {
-		return 0, fmt.Errorf("failed to prune block store: %w", err)
-	}
-	err = cs.blockExec.Store().PruneStates(base, retainHeight)
-	if err != nil {
-		return 0, fmt.Errorf("failed to prune state database: %w", err)
-	}
-	return pruned, nil
-}
-
 func (cs *State) recordMetrics(height int64, block *types.Block) {
 	cs.metrics.Validators.Set(float64(cs.Validators.Size()))
 	cs.metrics.ValidatorsPower.Set(float64(cs.Validators.TotalVotingPower()))
@@ -1936,7 +1910,7 @@ func (cs *State) addProposalBlockPart(msg *BlockPartMessage, peerID p2p.ID) (add
 			return added, err
 		}
 
-		pbb := new(tmproto.Block)
+		var pbb = new(tmproto.Block)
 		err = proto.Unmarshal(bz, pbb)
 		if err != nil {
 			return added, err
@@ -2269,10 +2243,10 @@ func (cs *State) voteTime() time.Time {
 	// Minimum time increment between blocks
 	const timeIota = time.Millisecond
 	// TODO: We should remove next line in case we don't vote for v in case cs.ProposalBlock == nil,
-	// even if cs.LockedBlock != nil. See https://github.com/tendermint/tendermint/tree/v0.37.x/spec/.
+	// even if cs.LockedBlock != nil. See https://github.com/tendermint/tendermint/tree/main/spec/.
 	if cs.LockedBlock != nil {
 		// See the BFT time spec
-		// https://github.com/tendermint/tendermint/blob/v0.37.x/spec/consensus/bft-time.md
+		// https://github.com/tendermint/tendermint/blob/main/spec/consensus/bft-time.md
 		minVoteTime = cs.LockedBlock.Time.Add(timeIota)
 	} else if cs.ProposalBlock != nil {
 		minVoteTime = cs.ProposalBlock.Time.Add(timeIota)

consensus/state_test.go

@@ -214,7 +214,7 @@ func TestStateBadProposal(t *testing.T) {
 	blockID := types.BlockID{Hash: propBlock.Hash(), PartSetHeader: propBlockParts.Header()}
 	proposal := types.NewProposal(vs2.Height, round, -1, blockID)
 	p := proposal.ToProto()
-	if err := vs2.SignProposal(config.ChainID(), p); err != nil {
+	if err := vs2.SignProposal(cs1.state.ChainID, p); err != nil {
 		t.Fatal("failed to sign bad proposal", err)
 	}
 
@@ -276,7 +276,7 @@ func TestStateOversizedBlock(t *testing.T) {
 	blockID := types.BlockID{Hash: propBlock.Hash(), PartSetHeader: propBlockParts.Header()}
 	proposal := types.NewProposal(height, round, -1, blockID)
 	p := proposal.ToProto()
-	if err := vs2.SignProposal(config.ChainID(), p); err != nil {
+	if err := vs2.SignProposal(cs1.state.ChainID, p); err != nil {
 		t.Fatal("failed to sign bad proposal", err)
 	}
 	proposal.Signature = p.Signature
@@ -1132,7 +1132,7 @@ func TestStateLockPOLSafety2(t *testing.T) {
 	// in round 2 we see the polkad block from round 0
 	newProp := types.NewProposal(height, round, 0, propBlockID0)
 	p := newProp.ToProto()
-	if err := vs3.SignProposal(config.ChainID(), p); err != nil {
+	if err := vs3.SignProposal(cs1.state.ChainID, p); err != nil {
 		t.Fatal(err)
 	}
 

consensus/types/height_vote_set_test.go

@@ -7,6 +7,7 @@ import (
 
 	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/crypto/tmhash"
+	"github.com/tendermint/tendermint/internal/test"
 	tmrand "github.com/tendermint/tendermint/libs/rand"
 	tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
 	"github.com/tendermint/tendermint/types"
@@ -16,7 +17,7 @@ import (
 var config *cfg.Config // NOTE: must be reset for each _test.go file
 
 func TestMain(m *testing.M) {
-	config = cfg.ResetTestRoot("consensus_height_vote_set_test")
+	config = test.ResetTestRoot("consensus_height_vote_set_test")
 	code := m.Run()
 	os.RemoveAll(config.RootDir)
 	os.Exit(code)
@@ -25,7 +26,7 @@ func TestMain(m *testing.M) {
 func TestPeerCatchupRounds(t *testing.T) {
 	valSet, privVals := types.RandValidatorSet(10, 1)
 
-	hvs := NewHeightVoteSet(config.ChainID(), 1, valSet)
+	hvs := NewHeightVoteSet(test.DefaultTestChainID, 1, valSet)
 
 	vote999_0 := makeVoteHR(t, 1, 0, 999, privVals)
 	added, err := hvs.AddVote(vote999_0, "peer1")
@@ -73,10 +74,9 @@ func makeVoteHR(t *testing.T, height int64, valIndex, round int32, privVals []ty
 		Type:             tmproto.PrecommitType,
 		BlockID:          types.BlockID{Hash: randBytes, PartSetHeader: types.PartSetHeader{}},
 	}
-	chainID := config.ChainID()
 
 	v := vote.ToProto()
-	err = privVal.SignVote(chainID, v)
+	err = privVal.SignVote(test.DefaultTestChainID, v)
 	if err != nil {
 		panic(fmt.Sprintf("Error signing vote: %v", err))
 	}

consensus/wal_generator.go

@@ -13,6 +13,7 @@ import (
 
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/internal/test"
 	"github.com/tendermint/tendermint/libs/log"
 	tmrand "github.com/tendermint/tendermint/libs/rand"
 	"github.com/tendermint/tendermint/privval"
@@ -84,7 +85,7 @@ func WALGenerateNBlocks(t *testing.T, wr io.Writer, numBlocks int) (err error) {
 	})
 	mempool := emptyMempool{}
 	evpool := sm.EmptyEvidencePool{}
-	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyApp.Consensus(), mempool, evpool)
+	blockExec := sm.NewBlockExecutor(stateStore, log.TestingLogger(), proxyApp.Consensus(), mempool, evpool, blockStore)
 	consensusState := NewState(config.Consensus, state.Copy(), blockExec, blockStore, mempool, evpool)
 	consensusState.SetLogger(logger)
 	consensusState.SetEventBus(eventBus)
@@ -149,7 +150,7 @@ func makeAddrs() (string, string, string) {
 
 // getConfig returns a config for test cases
 func getConfig(t *testing.T) *cfg.Config {
-	c := cfg.ResetTestRoot(t.Name())
+	c := test.ResetTestRoot(t.Name())
 
 	// and we use random ports to run in parallel
 	tm, rpc, grpc := makeAddrs()

crypto/README.md

@@ -12,7 +12,7 @@ For any specific algorithm, use its specific module e.g.
 
 ## Binary encoding
 
-For Binary encoding, please refer to the [Tendermint encoding specification](https://github.com/tendermint/tendermint/blob/v0.37.x/spec/core/encoding.md).
+For Binary encoding, please refer to the [Tendermint encoding specification](https://github.com/tendermint/tendermint/blob/main/spec/core/encoding.md).
 
 ## JSON Encoding
 

crypto/batch/batch.go

@@ -0,0 +1,32 @@
+package batch
+
+import (
+	"github.com/tendermint/tendermint/crypto"
+	"github.com/tendermint/tendermint/crypto/ed25519"
+	"github.com/tendermint/tendermint/crypto/sr25519"
+)
+
+// CreateBatchVerifier checks if a key type implements the batch verifier interface.
+// Currently only ed25519 & sr25519 supports batch verification.
+func CreateBatchVerifier(pk crypto.PubKey) (crypto.BatchVerifier, bool) {
+	switch pk.Type() {
+	case ed25519.KeyType:
+		return ed25519.NewBatchVerifier(), true
+	case sr25519.KeyType:
+		return sr25519.NewBatchVerifier(), true
+	}
+
+	// case where the key does not support batch verification
+	return nil, false
+}
+
+// SupportsBatchVerifier checks if a key type implements the batch verifier
+// interface.
+func SupportsBatchVerifier(pk crypto.PubKey) bool {
+	switch pk.Type() {
+	case ed25519.KeyType, sr25519.KeyType:
+		return true
+	}
+
+	return false
+}

crypto/crypto.go

@@ -40,3 +40,15 @@ type Symmetric interface {
 	Encrypt(plaintext []byte, secret []byte) (ciphertext []byte)
 	Decrypt(ciphertext []byte, secret []byte) (plaintext []byte, err error)
 }
+
+// If a new key type implements batch verification,
+// the key type must be registered in github.com/tendermint/tendermint/crypto/batch
+type BatchVerifier interface {
+	// Add appends an entry into the BatchVerifier.
+	Add(key PubKey, message, signature []byte) error
+	// Verify verifies all the entries in the BatchVerifier, and returns
+	// if every signature in the batch is valid, and a vector of bools
+	// indicating the verification status of each signature (in the order
+	// that signatures were added to the batch).
+	Verify() (bool, []bool)
+}

crypto/ed25519/bench_test.go

@@ -1,9 +1,12 @@
 package ed25519
 
 import (
+	"fmt"
 	"io"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/internal/benchmarking"
 )
@@ -24,3 +27,42 @@ func BenchmarkVerification(b *testing.B) {
 	priv := GenPrivKey()
 	benchmarking.BenchmarkVerification(b, priv)
 }
+
+func BenchmarkVerifyBatch(b *testing.B) {
+	msg := []byte("BatchVerifyTest")
+
+	for _, sigsCount := range []int{1, 8, 64, 1024} {
+		sigsCount := sigsCount
+		b.Run(fmt.Sprintf("sig-count-%d", sigsCount), func(b *testing.B) {
+			// Pre-generate all of the keys, and signatures, but do not
+			// benchmark key-generation and signing.
+			pubs := make([]crypto.PubKey, 0, sigsCount)
+			sigs := make([][]byte, 0, sigsCount)
+			for i := 0; i < sigsCount; i++ {
+				priv := GenPrivKey()
+				sig, _ := priv.Sign(msg)
+				pubs = append(pubs, priv.PubKey().(PubKey))
+				sigs = append(sigs, sig)
+			}
+			b.ResetTimer()
+
+			b.ReportAllocs()
+			// NOTE: dividing by n so that metrics are per-signature
+			for i := 0; i < b.N/sigsCount; i++ {
+				// The benchmark could just benchmark the Verify()
+				// routine, but there is non-trivial overhead associated
+				// with BatchVerifier.Add(), which should be included
+				// in the benchmark.
+				v := NewBatchVerifier()
+				for i := 0; i < sigsCount; i++ {
+					err := v.Add(pubs[i], msg, sigs[i])
+					require.NoError(b, err)
+				}
+
+				if ok, _ := v.Verify(); !ok {
+					b.Fatal("signature set failed batch verification")
+				}
+			}
+		})
+	}
+}

crypto/ed25519/ed25519.go

@@ -3,10 +3,12 @@ package ed25519
 import (
 	"bytes"
 	"crypto/subtle"
+	"errors"
 	"fmt"
 	"io"
 
-	"golang.org/x/crypto/ed25519"
+	"github.com/oasisprotocol/curve25519-voi/primitives/ed25519"
+	"github.com/oasisprotocol/curve25519-voi/primitives/ed25519/extra/cache"
 
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/tmhash"
@@ -15,7 +17,19 @@ import (
 
 //-------------------------------------
 
-var _ crypto.PrivKey = PrivKey{}
+var (
+	_ crypto.PrivKey       = PrivKey{}
+	_ crypto.BatchVerifier = &BatchVerifier{}
+
+	// curve25519-voi's Ed25519 implementation supports configurable
+	// verification behavior, and tendermint uses the ZIP-215 verification
+	// semantics.
+	verifyOptions = &ed25519.Options{
+		Verify: ed25519.VerifyOptionsZIP_215,
+	}
+
+	cachingVerifier = cache.NewVerifier(cache.NewLRUCache(cacheSize))
+)
 
 const (
 	PrivKeyName = "tendermint/PrivKeyEd25519"
@@ -32,6 +46,14 @@ const (
 	SeedSize = 32
 
 	KeyType = "ed25519"
+
+	// cacheSize is the number of public keys that will be cached in
+	// an expanded format for repeated signature verification.
+	//
+	// TODO/perf: Either this should exclude single verification, or be
+	// tuned to `> validatorSize + maxTxnsPerBlock` to avoid cache
+	// thrashing.
+	cacheSize = 4096
 )
 
 func init() {
@@ -105,14 +127,12 @@ func GenPrivKey() PrivKey {
 
 // genPrivKey generates a new ed25519 private key using the provided reader.
 func genPrivKey(rand io.Reader) PrivKey {
-	seed := make([]byte, SeedSize)
-
-	_, err := io.ReadFull(rand, seed)
+	_, priv, err := ed25519.GenerateKey(rand)
 	if err != nil {
 		panic(err)
 	}
 
-	return PrivKey(ed25519.NewKeyFromSeed(seed))
+	return PrivKey(priv)
 }
 
 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
@@ -129,7 +149,7 @@ func GenPrivKeyFromSecret(secret []byte) PrivKey {
 
 var _ crypto.PubKey = PubKey{}
 
-// PubKeyEd25519 implements crypto.PubKey for the Ed25519 signature scheme.
+// PubKey implements crypto.PubKey for the Ed25519 signature scheme.
 type PubKey []byte
 
 // Address is the SHA256-20 of the raw pubkey bytes.
@@ -151,7 +171,7 @@ func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool {
 		return false
 	}
 
-	return ed25519.Verify(ed25519.PublicKey(pubKey), msg, sig)
+	return cachingVerifier.VerifyWithOptions(ed25519.PublicKey(pubKey), msg, sig, verifyOptions)
 }
 
 func (pubKey PubKey) String() string {
@@ -169,3 +189,40 @@ func (pubKey PubKey) Equals(other crypto.PubKey) bool {
 
 	return false
 }
+
+//-------------------------------------
+
+// BatchVerifier implements batch verification for ed25519.
+type BatchVerifier struct {
+	*ed25519.BatchVerifier
+}
+
+func NewBatchVerifier() crypto.BatchVerifier {
+	return &BatchVerifier{ed25519.NewBatchVerifier()}
+}
+
+func (b *BatchVerifier) Add(key crypto.PubKey, msg, signature []byte) error {
+	pkEd, ok := key.(PubKey)
+	if !ok {
+		return fmt.Errorf("pubkey is not Ed25519")
+	}
+
+	pkBytes := pkEd.Bytes()
+
+	if l := len(pkBytes); l != PubKeySize {
+		return fmt.Errorf("pubkey size is incorrect; expected: %d, got %d", PubKeySize, l)
+	}
+
+	// check that the signature is the correct length
+	if len(signature) != SignatureSize {
+		return errors.New("invalid signature")
+	}
+
+	cachingVerifier.AddWithOptions(b.BatchVerifier, ed25519.PublicKey(pkBytes), msg, signature, verifyOptions)
+
+	return nil
+}
+
+func (b *BatchVerifier) Verify() (bool, []bool) {
+	return b.BatchVerifier.Verify(crypto.CReader())
+}

crypto/ed25519/ed25519_test.go

@@ -11,7 +11,6 @@ import (
 )
 
 func TestSignAndValidateEd25519(t *testing.T) {
-
 	privKey := ed25519.GenPrivKey()
 	pubKey := privKey.PubKey()
 
@@ -28,3 +27,28 @@ func TestSignAndValidateEd25519(t *testing.T) {
 
 	assert.False(t, pubKey.VerifySignature(msg, sig))
 }
+
+func TestBatchSafe(t *testing.T) {
+	v := ed25519.NewBatchVerifier()
+
+	for i := 0; i <= 38; i++ {
+		priv := ed25519.GenPrivKey()
+		pub := priv.PubKey()
+
+		var msg []byte
+		if i%2 == 0 {
+			msg = []byte("easter")
+		} else {
+			msg = []byte("egg")
+		}
+
+		sig, err := priv.Sign(msg)
+		require.NoError(t, err)
+
+		err = v.Add(pub, msg, sig)
+		require.NoError(t, err)
+	}
+
+	ok, _ := v.Verify()
+	require.True(t, ok)
+}

crypto/merkle/hash.go

@@ -1,6 +1,8 @@
 package merkle
 
 import (
+	"hash"
+
 	"github.com/tendermint/tendermint/crypto/tmhash"
 )
 
@@ -20,7 +22,27 @@ func leafHash(leaf []byte) []byte {
 	return tmhash.Sum(append(leafPrefix, leaf...))
 }
 
+// returns tmhash(0x00 || leaf)
+func leafHashOpt(s hash.Hash, leaf []byte) []byte {
+	s.Reset()
+	s.Write(leafPrefix)
+	s.Write(leaf)
+	return s.Sum(nil)
+}
+
 // returns tmhash(0x01 || left || right)
 func innerHash(left []byte, right []byte) []byte {
-	return tmhash.Sum(append(innerPrefix, append(left, right...)...))
+	data := make([]byte, len(innerPrefix)+len(left)+len(right))
+	n := copy(data, innerPrefix)
+	n += copy(data[n:], left)
+	copy(data[n:], right)
+	return tmhash.Sum(data)
+}
+
+func innerHashOpt(s hash.Hash, left []byte, right []byte) []byte {
+	s.Reset()
+	s.Write(innerPrefix)
+	s.Write(left)
+	s.Write(right)
+	return s.Sum(nil)
 }

crypto/merkle/proof.go

@@ -50,13 +50,13 @@ func ProofsFromByteSlices(items [][]byte) (rootHash []byte, proofs []*Proof) {
 // Verify that the Proof proves the root hash.
 // Check sp.Index/sp.Total manually if needed
 func (sp *Proof) Verify(rootHash []byte, leaf []byte) error {
-	leafHash := leafHash(leaf)
 	if sp.Total < 0 {
 		return errors.New("proof total must be positive")
 	}
 	if sp.Index < 0 {
 		return errors.New("proof index cannot be negative")
 	}
+	leafHash := leafHash(leaf)
 	if !bytes.Equal(sp.LeafHash, leafHash) {
 		return fmt.Errorf("invalid leaf hash: wanted %X got %X", leafHash, sp.LeafHash)
 	}

crypto/merkle/proof_key_path_test.go

@@ -35,6 +35,7 @@ func TestKeyPath(t *testing.T) {
 
 		res, err := KeyPathToKeys(path.String())
 		require.Nil(t, err)
+		require.Equal(t, len(keys), len(res))
 
 		for i, key := range keys {
 			require.Equal(t, key, res[i])

crypto/merkle/proof_test.go

@@ -171,12 +171,12 @@ func TestProofValidateBasic(t *testing.T) {
 	}
 }
 func TestVoteProtobuf(t *testing.T) {
-
 	_, proofs := ProofsFromByteSlices([][]byte{
 		[]byte("apple"),
 		[]byte("watermelon"),
 		[]byte("kiwi"),
 	})
+
 	testCases := []struct {
 		testName string
 		v1       *Proof

crypto/merkle/tree.go

@@ -1,22 +1,28 @@
 package merkle
 
 import (
+	"crypto/sha256"
+	"hash"
 	"math/bits"
 )
 
 // HashFromByteSlices computes a Merkle tree where the leaves are the byte slice,
 // in the provided order. It follows RFC-6962.
 func HashFromByteSlices(items [][]byte) []byte {
+	return hashFromByteSlices(sha256.New(), items)
+}
+
+func hashFromByteSlices(sha hash.Hash, items [][]byte) []byte {
 	switch len(items) {
 	case 0:
 		return emptyHash()
 	case 1:
-		return leafHash(items[0])
+		return leafHashOpt(sha, items[0])
 	default:
 		k := getSplitPoint(int64(len(items)))
-		left := HashFromByteSlices(items[:k])
-		right := HashFromByteSlices(items[k:])
-		return innerHash(left, right)
+		left := hashFromByteSlices(sha, items[:k])
+		right := hashFromByteSlices(sha, items[k:])
+		return innerHashOpt(sha, left, right)
 	}
 }
 
@@ -61,7 +67,7 @@ func HashFromByteSlices(items [][]byte) []byte {
 // implementation for so little benefit.
 func HashFromByteSlicesIterative(input [][]byte) []byte {
 	items := make([][]byte, len(input))
-
+	sha := sha256.New()
 	for i, leaf := range input {
 		items[i] = leafHash(leaf)
 	}
@@ -78,7 +84,7 @@ func HashFromByteSlicesIterative(input [][]byte) []byte {
 			wp := 0 // write position
 			for rp < size {
 				if rp+1 < size {
-					items[wp] = innerHash(items[rp], items[rp+1])
+					items[wp] = innerHashOpt(sha, items[rp], items[rp+1])
 					rp += 2
 				} else {
 					items[wp] = items[rp]

crypto/sr25519/batch.go

@@ -0,0 +1,46 @@
+package sr25519
+
+import (
+	"fmt"
+
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
+
+	"github.com/tendermint/tendermint/crypto"
+)
+
+var _ crypto.BatchVerifier = &BatchVerifier{}
+
+// BatchVerifier implements batch verification for sr25519.
+type BatchVerifier struct {
+	*sr25519.BatchVerifier
+}
+
+func NewBatchVerifier() crypto.BatchVerifier {
+	return &BatchVerifier{sr25519.NewBatchVerifier()}
+}
+
+func (b *BatchVerifier) Add(key crypto.PubKey, msg, signature []byte) error {
+	pk, ok := key.(PubKey)
+	if !ok {
+		return fmt.Errorf("sr25519: pubkey is not sr25519")
+	}
+
+	var srpk sr25519.PublicKey
+	if err := srpk.UnmarshalBinary(pk); err != nil {
+		return fmt.Errorf("sr25519: invalid public key: %w", err)
+	}
+
+	var sig sr25519.Signature
+	if err := sig.UnmarshalBinary(signature); err != nil {
+		return fmt.Errorf("sr25519: unable to decode signature: %w", err)
+	}
+
+	st := signingCtx.NewTranscriptBytes(msg)
+	b.BatchVerifier.Add(&srpk, st, &sig)
+
+	return nil
+}
+
+func (b *BatchVerifier) Verify() (bool, []bool) {
+	return b.BatchVerifier.Verify(crypto.CReader())
+}

crypto/sr25519/bench_test.go

@@ -1,9 +1,12 @@
 package sr25519
 
 import (
+	"fmt"
 	"io"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/internal/benchmarking"
 )
@@ -24,3 +27,42 @@ func BenchmarkVerification(b *testing.B) {
 	priv := GenPrivKey()
 	benchmarking.BenchmarkVerification(b, priv)
 }
+
+func BenchmarkVerifyBatch(b *testing.B) {
+	msg := []byte("BatchVerifyTest")
+
+	for _, sigsCount := range []int{1, 8, 64, 1024} {
+		sigsCount := sigsCount
+		b.Run(fmt.Sprintf("sig-count-%d", sigsCount), func(b *testing.B) {
+			// Pre-generate all of the keys, and signatures, but do not
+			// benchmark key-generation and signing.
+			pubs := make([]crypto.PubKey, 0, sigsCount)
+			sigs := make([][]byte, 0, sigsCount)
+			for i := 0; i < sigsCount; i++ {
+				priv := GenPrivKey()
+				sig, _ := priv.Sign(msg)
+				pubs = append(pubs, priv.PubKey().(PubKey))
+				sigs = append(sigs, sig)
+			}
+			b.ResetTimer()
+
+			b.ReportAllocs()
+			// NOTE: dividing by n so that metrics are per-signature
+			for i := 0; i < b.N/sigsCount; i++ {
+				// The benchmark could just benchmark the Verify()
+				// routine, but there is non-trivial overhead associated
+				// with BatchVerifier.Add(), which should be included
+				// in the benchmark.
+				v := NewBatchVerifier()
+				for i := 0; i < sigsCount; i++ {
+					err := v.Add(pubs[i], msg, sigs[i])
+					require.NoError(b, err)
+				}
+
+				if ok, _ := v.Verify(); !ok {
+					b.Fatal("signature set failed batch verification")
+				}
+			}
+		})
+	}
+}

crypto/sr25519/encoding.go

@@ -1,23 +1,13 @@
 package sr25519
 
-import (
-	"github.com/tendermint/tendermint/crypto"
-	tmjson "github.com/tendermint/tendermint/libs/json"
-)
-
-var _ crypto.PrivKey = PrivKey{}
+import tmjson "github.com/tendermint/tendermint/libs/json"
 
 const (
 	PrivKeyName = "tendermint/PrivKeySr25519"
 	PubKeyName  = "tendermint/PubKeySr25519"
-
-	// SignatureSize is the size of an Edwards25519 signature. Namely the size of a compressed
-	// Sr25519 point, and a field element. Both of which are 32 bytes.
-	SignatureSize = 64
 )
 
 func init() {
-
 	tmjson.RegisterType(PubKey{}, PubKeyName)
 	tmjson.RegisterType(PrivKey{}, PrivKeyName)
 }

crypto/sr25519/privkey.go

@@ -1,76 +1,126 @@
 package sr25519
 
 import (
-	"crypto/subtle"
+	"encoding/json"
 	"fmt"
 	"io"
 
-	"github.com/tendermint/tendermint/crypto"
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
 
-	schnorrkel "github.com/ChainSafe/go-schnorrkel"
+	"github.com/tendermint/tendermint/crypto"
 )
 
-// PrivKeySize is the number of bytes in an Sr25519 private key.
-const PrivKeySize = 32
+var (
+	_ crypto.PrivKey = PrivKey{}
 
-// PrivKeySr25519 implements crypto.PrivKey.
-type PrivKey []byte
+	signingCtx = sr25519.NewSigningContext([]byte{})
+)
+
+const (
+	// PrivKeySize is the number of bytes in an Sr25519 private key.
+	PrivKeySize = 32
+
+	KeyType = "sr25519"
+)
+
+// PrivKey implements crypto.PrivKey.
+type PrivKey struct {
+	msk sr25519.MiniSecretKey
+	kp  *sr25519.KeyPair
+}
 
 // Bytes returns the byte representation of the PrivKey.
 func (privKey PrivKey) Bytes() []byte {
-	return []byte(privKey)
+	if privKey.kp == nil {
+		return nil
+	}
+	return privKey.msk[:]
 }
 
 // Sign produces a signature on the provided message.
 func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
-	var p [PrivKeySize]byte
-	copy(p[:], privKey)
-	miniSecretKey, err := schnorrkel.NewMiniSecretKeyFromRaw(p)
-	if err != nil {
-		return []byte{}, err
-	}
-	secretKey := miniSecretKey.ExpandEd25519()
-
-	signingContext := schnorrkel.NewSigningContext([]byte{}, msg)
-
-	sig, err := secretKey.Sign(signingContext)
-	if err != nil {
-		return []byte{}, err
+	if privKey.kp == nil {
+		return nil, fmt.Errorf("sr25519: uninitialized private key")
 	}
 
-	sigBytes := sig.Encode()
-	return sigBytes[:], nil
+	st := signingCtx.NewTranscriptBytes(msg)
+
+	sig, err := privKey.kp.Sign(crypto.CReader(), st)
+	if err != nil {
+		return nil, fmt.Errorf("sr25519: failed to sign message: %w", err)
+	}
+
+	sigBytes, err := sig.MarshalBinary()
+	if err != nil {
+		return nil, fmt.Errorf("sr25519: failed to serialize signature: %w", err)
+	}
+
+	return sigBytes, nil
 }
 
 // PubKey gets the corresponding public key from the private key.
 func (privKey PrivKey) PubKey() crypto.PubKey {
-	var p [PrivKeySize]byte
-	copy(p[:], privKey)
-	miniSecretKey, err := schnorrkel.NewMiniSecretKeyFromRaw(p)
-	if err != nil {
-		panic(fmt.Sprintf("Invalid private key: %v", err))
+	if privKey.kp == nil {
+		panic("sr25519: uninitialized private key")
 	}
-	secretKey := miniSecretKey.ExpandEd25519()
 
-	pubkey, err := secretKey.Public()
+	b, err := privKey.kp.PublicKey().MarshalBinary()
 	if err != nil {
-		panic(fmt.Sprintf("Could not generate public key: %v", err))
+		panic("sr25519: failed to serialize public key: " + err.Error())
 	}
-	key := pubkey.Encode()
-	return PubKey(key[:])
+
+	return PubKey(b)
 }
 
 // Equals - you probably don't need to use this.
 // Runs in constant time based on length of the keys.
 func (privKey PrivKey) Equals(other crypto.PrivKey) bool {
-	if otherEd, ok := other.(PrivKey); ok {
-		return subtle.ConstantTimeCompare(privKey[:], otherEd[:]) == 1
+	if otherSr, ok := other.(PrivKey); ok {
+		return privKey.msk.Equal(&otherSr.msk)
 	}
 	return false
 }
 
 func (privKey PrivKey) Type() string {
-	return keyType
+	return KeyType
+}
+
+func (privKey PrivKey) MarshalJSON() ([]byte, error) {
+	var b []byte
+
+	// Handle uninitialized private keys gracefully.
+	if privKey.kp != nil {
+		b = privKey.Bytes()
+	}
+
+	return json.Marshal(b)
+}
+
+func (privKey *PrivKey) UnmarshalJSON(data []byte) error {
+	for i := range privKey.msk {
+		privKey.msk[i] = 0
+	}
+	privKey.kp = nil
+
+	var b []byte
+	if err := json.Unmarshal(data, &b); err != nil {
+		return fmt.Errorf("sr25519: failed to deserialize JSON: %w", err)
+	}
+	if len(b) == 0 {
+		return nil
+	}
+
+	msk, err := sr25519.NewMiniSecretKeyFromBytes(b)
+	if err != nil {
+		return err
+	}
+
+	sk := msk.ExpandEd25519()
+
+	privKey.msk = *msk
+	privKey.kp = sk.KeyPair()
+
+	return nil
 }
 
 // GenPrivKey generates a new sr25519 private key.
@@ -81,19 +131,18 @@ func GenPrivKey() PrivKey {
 }
 
 // genPrivKey generates a new sr25519 private key using the provided reader.
-func genPrivKey(rand io.Reader) PrivKey {
-	var seed [64]byte
-
-	out := make([]byte, 64)
-	_, err := io.ReadFull(rand, out)
+func genPrivKey(rng io.Reader) PrivKey {
+	msk, err := sr25519.GenerateMiniSecretKey(rng)
 	if err != nil {
-		panic(err)
+		panic("sr25519: failed to generate MiniSecretKey: " + err.Error())
 	}
 
-	copy(seed[:], out)
+	sk := msk.ExpandEd25519()
 
-	key := schnorrkel.NewMiniSecretKey(seed).ExpandEd25519().Encode()
-	return key[:]
+	return PrivKey{
+		msk: *msk,
+		kp:  sk.KeyPair(),
+	}
 }
 
 // GenPrivKeyFromSecret hashes the secret with SHA2, and uses
@@ -102,9 +151,14 @@ func genPrivKey(rand io.Reader) PrivKey {
 // if it's derived from user input.
 func GenPrivKeyFromSecret(secret []byte) PrivKey {
 	seed := crypto.Sha256(secret) // Not Ripemd160 because we want 32 bytes.
-	var bz [PrivKeySize]byte
-	copy(bz[:], seed)
-	privKey, _ := schnorrkel.NewMiniSecretKeyFromRaw(bz)
-	key := privKey.ExpandEd25519().Encode()
-	return key[:]
+
+	var privKey PrivKey
+	if err := privKey.msk.UnmarshalBinary(seed); err != nil {
+		panic("sr25519: failed to deserialize MiniSecretKey: " + err.Error())
+	}
+
+	sk := privKey.msk.ExpandEd25519()
+	privKey.kp = sk.KeyPair()
+
+	return privKey
 }

crypto/sr25519/pubkey.go

@@ -4,25 +4,30 @@ import (
 	"bytes"
 	"fmt"
 
+	"github.com/oasisprotocol/curve25519-voi/primitives/sr25519"
+
 	"github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/tmhash"
-
-	schnorrkel "github.com/ChainSafe/go-schnorrkel"
 )
 
 var _ crypto.PubKey = PubKey{}
 
-// PubKeySize is the number of bytes in an Sr25519 public key.
 const (
+	// PubKeySize is the number of bytes in an Sr25519 public key.
 	PubKeySize = 32
-	keyType    = "sr25519"
+
+	// SignatureSize is the size of a Sr25519 signature in bytes.
+	SignatureSize = 64
 )
 
-// PubKeySr25519 implements crypto.PubKey for the Sr25519 signature scheme.
+// PubKey implements crypto.PubKey for the Sr25519 signature scheme.
 type PubKey []byte
 
 // Address is the SHA256-20 of the raw pubkey bytes.
 func (pubKey PubKey) Address() crypto.Address {
+	if len(pubKey) != PubKeySize {
+		panic("pubkey is incorrect size")
+	}
 	return crypto.Address(tmhash.SumTruncated(pubKey[:]))
 }
 
@@ -31,47 +36,35 @@ func (pubKey PubKey) Bytes() []byte {
 	return []byte(pubKey)
 }
 
-func (pubKey PubKey) VerifySignature(msg []byte, sig []byte) bool {
-	// make sure we use the same algorithm to sign
-	if len(sig) != SignatureSize {
-		return false
+// Equals - checks that two public keys are the same time
+// Runs in constant time based on length of the keys.
+func (pubKey PubKey) Equals(other crypto.PubKey) bool {
+	if otherSr, ok := other.(PubKey); ok {
+		return bytes.Equal(pubKey[:], otherSr[:])
 	}
-	var sig64 [SignatureSize]byte
-	copy(sig64[:], sig)
 
-	publicKey := &(schnorrkel.PublicKey{})
-	var p [PubKeySize]byte
-	copy(p[:], pubKey)
-	err := publicKey.Decode(p)
-	if err != nil {
+	return false
+}
+
+func (pubKey PubKey) VerifySignature(msg []byte, sigBytes []byte) bool {
+	var srpk sr25519.PublicKey
+	if err := srpk.UnmarshalBinary(pubKey); err != nil {
 		return false
 	}
 
-	signingContext := schnorrkel.NewSigningContext([]byte{}, msg)
-
-	signature := &(schnorrkel.Signature{})
-	err = signature.Decode(sig64)
-	if err != nil {
+	var sig sr25519.Signature
+	if err := sig.UnmarshalBinary(sigBytes); err != nil {
 		return false
 	}
 
-	return publicKey.Verify(signature, signingContext)
+	st := signingCtx.NewTranscriptBytes(msg)
+	return srpk.Verify(st, &sig)
 }
 
 func (pubKey PubKey) String() string {
 	return fmt.Sprintf("PubKeySr25519{%X}", []byte(pubKey))
 }
 
-// Equals - checks that two public keys are the same time
-// Runs in constant time based on length of the keys.
-func (pubKey PubKey) Equals(other crypto.PubKey) bool {
-	if otherEd, ok := other.(PubKey); ok {
-		return bytes.Equal(pubKey[:], otherEd[:])
-	}
-	return false
-}
-
 func (pubKey PubKey) Type() string {
-	return keyType
-
+	return KeyType
 }

crypto/sr25519/sr25519_test.go

@@ -1,6 +1,8 @@
 package sr25519_test
 
 import (
+	"encoding/base64"
+	"encoding/json"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -11,7 +13,6 @@ import (
 )
 
 func TestSignAndValidateSr25519(t *testing.T) {
-
 	privKey := sr25519.GenPrivKey()
 	pubKey := privKey.PubKey()
 
@@ -29,3 +30,69 @@ func TestSignAndValidateSr25519(t *testing.T) {
 
 	assert.False(t, pubKey.VerifySignature(msg, sig))
 }
+
+func TestBatchSafe(t *testing.T) {
+	v := sr25519.NewBatchVerifier()
+	vFail := sr25519.NewBatchVerifier()
+	for i := 0; i <= 38; i++ {
+		priv := sr25519.GenPrivKey()
+		pub := priv.PubKey()
+
+		var msg []byte
+		if i%2 == 0 {
+			msg = []byte("easter")
+		} else {
+			msg = []byte("egg")
+		}
+
+		sig, err := priv.Sign(msg)
+		require.NoError(t, err)
+
+		err = v.Add(pub, msg, sig)
+		require.NoError(t, err)
+
+		switch i % 2 {
+		case 0:
+			err = vFail.Add(pub, msg, sig)
+		case 1:
+			msg[2] ^= byte(0x01)
+			err = vFail.Add(pub, msg, sig)
+		}
+		require.NoError(t, err)
+	}
+
+	ok, valid := v.Verify()
+	require.True(t, ok, "failed batch verification")
+	for i, ok := range valid {
+		require.Truef(t, ok, "sig[%d] should be marked valid", i)
+	}
+
+	ok, valid = vFail.Verify()
+	require.False(t, ok, "succeeded batch verification (invalid batch)")
+	for i, ok := range valid {
+		expected := (i % 2) == 0
+		require.Equalf(t, expected, ok, "sig[%d] should be %v", i, expected)
+	}
+}
+
+func TestJSON(t *testing.T) {
+	privKey := sr25519.GenPrivKey()
+
+	t.Run("PrivKey", func(t *testing.T) {
+		b, err := json.Marshal(privKey)
+		require.NoError(t, err)
+
+		// b should be the base64 encoded MiniSecretKey, enclosed by doublequotes.
+		b64 := base64.StdEncoding.EncodeToString(privKey.Bytes())
+		b64 = "\"" + b64 + "\""
+		require.Equal(t, []byte(b64), b)
+
+		var privKey2 sr25519.PrivKey
+		err = json.Unmarshal(b, &privKey2)
+		require.NoError(t, err)
+		require.Len(t, privKey2.Bytes(), sr25519.PrivKeySize)
+		require.EqualValues(t, privKey.Bytes(), privKey2.Bytes())
+	})
+
+	// PubKeys are just []byte, so there is no special handling.
+}

docs/.vuepress/config.js

@@ -9,8 +9,8 @@ module.exports = {
     editLinks: true,
     label: 'core',
     algolia: {
-      id: "QQFROLBNZC",
-      key: "f1b68b96fb31d8aa4a54412c44917a26",
+      id: "BH4D9OD16A",
+      key: "59f0e2deb984aa9cdf2b3a5fd24ac501",
       index: "tendermint"
     },
     versions: [

docs/DOCS_README.md

@@ -99,4 +99,4 @@ configuration file that we can update with PRs.
 Because the build processes are identical (as is the information contained
 herein), this file should be kept in sync as much as possible with its
 [counterpart in the Cosmos SDK
-repo](https://github.com/cosmos/cosmos-sdk/blob/main/docs/README.md).
+repo](https://github.com/cosmos/cosmos-sdk/blob/master/docs/DOCS_README.md).

docs/README.md

@@ -21,7 +21,7 @@ Tendermint?](introduction/what-is-tendermint.md).
 
 To get started quickly with an example application, see the [quick start guide](introduction/quick-start.md).
 
-To learn about application development on Tendermint, see the [Application Blockchain Interface](https://github.com/tendermint/tendermint/tree/v0.37.x/spec/abci).
+To learn about application development on Tendermint, see the [Application Blockchain Interface](https://github.com/tendermint/tendermint/tree/main/spec/abci).
 
 For more details on using Tendermint, see the respective documentation for
 [Tendermint Core](tendermint-core/), [benchmarking and monitoring](tools/), and [network deployments](networks/).
@@ -30,4 +30,4 @@ To find out about the Tendermint ecosystem you can go [here](https://github.com/
 
 ## Contribute
 
-To contribute to the documentation, see [this file](https://github.com/tendermint/tendermint/blob/v0.37.x/docs/DOCS_README.md) for details of the build process and considerations when making changes.
+To contribute to the documentation, see [this file](https://github.com/tendermint/tendermint/blob/main/docs/DOCS_README.md) for details of the build process and considerations when making changes.

docs/app-dev/abci-cli.md

@@ -27,28 +27,22 @@ Usage:
   abci-cli [command]
 
 Available Commands:
-  batch            run a batch of abci commands against an application
-  check_tx         validate a transaction
-  commit           commit the application state and return the Merkle root hash
-  completion       Generate the autocompletion script for the specified shell
-  console          start an interactive ABCI console for multiple commands
-  deliver_tx       deliver a new transaction to the application
-  echo             have the application echo a message
-  help             Help about any command
-  info             get some info about the application
-  kvstore          ABCI demo example
-  prepare_proposal prepare proposal
-  process_proposal process proposal
-  query            query the application state
-  test             run integration tests
-  version          print ABCI console version
+  batch       Run a batch of abci commands against an application
+  check_tx    Validate a tx
+  commit      Commit the application state and return the Merkle root hash
+  console     Start an interactive abci console for multiple commands
+  deliver_tx  Deliver a new tx to the application
+  kvstore     ABCI demo example
+  echo        Have the application echo a message
+  help        Help about any command
+  info        Get some info about the application
+  query       Query the application state
 
 Flags:
-      --abci string        either socket or grpc (default "socket")
-      --address string     address of application socket (default "tcp://0.0.0.0:26658")
-  -h, --help               help for abci-cli
-      --log_level string   set the logger level (default "debug")
-  -v, --verbose            print the command and results as if it were a console session
+      --abci string      socket or grpc (default "socket")
+      --address string   address of application socket (default "tcp://127.0.0.1:26658")
+  -h, --help             help for abci-cli
+  -v, --verbose          print the command and results as if it were a console session
 
 Use "abci-cli [command] --help" for more information about a command.
 ```
@@ -64,51 +58,47 @@ purposes.
 
 We'll start a kvstore application, which was installed at the same time
 as `abci-cli` above. The kvstore just stores transactions in a merkle
-tree. Its code can be found
-[here](https://github.com/tendermint/tendermint/blob/main/abci/cmd/abci-cli/abci-cli.go)
-and looks like the following:
+tree.
+
+Its code can be found
+[here](https://github.com/tendermint/tendermint/blob/v0.34.x/abci/cmd/abci-cli/abci-cli.go)
+and looks like:
 
 ```go
 func cmdKVStore(cmd *cobra.Command, args []string) error {
-	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+    logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
 
-	// Create the application - in memory or persisted to disk
-	var app types.Application
-	if flagPersist == "" {
-		var err error
-		flagPersist, err = os.MkdirTemp("", "persistent_kvstore_tmp")
-		if err != nil {
-			return err
-		}
-	}
-	app = kvstore.NewPersistentKVStoreApplication(flagPersist)
-	app.(*kvstore.PersistentKVStoreApplication).SetLogger(logger.With("module", "kvstore"))
+    // Create the application - in memory or persisted to disk
+    var app types.Application
+    if flagPersist == "" {
+        app = kvstore.NewKVStoreApplication()
+    } else {
+        app = kvstore.NewPersistentKVStoreApplication(flagPersist)
+        app.(*kvstore.PersistentKVStoreApplication).SetLogger(logger.With("module", "kvstore"))
+    }
 
-	// Start the listener
-	srv, err := server.NewServer(flagAddress, flagAbci, app)
-	if err != nil {
-		return err
-	}
-	srv.SetLogger(logger.With("module", "abci-server"))
-	if err := srv.Start(); err != nil {
-		return err
-	}
+    // Start the listener
+    srv, err := server.NewServer(flagAddrD, flagAbci, app)
+    if err != nil {
+        return err
+    }
+    srv.SetLogger(logger.With("module", "abci-server"))
+    if err := srv.Start(); err != nil {
+        return err
+    }
 
-	// Stop upon receiving SIGTERM or CTRL-C.
-	tmos.TrapSignal(logger, func() {
-		// Cleanup
-		if err := srv.Stop(); err != nil {
-			logger.Error("Error while stopping server", "err", err)
-		}
-	})
+    // Stop upon receiving SIGTERM or CTRL-C.
+    tmos.TrapSignal(logger, func() {
+        // Cleanup
+        srv.Stop()
+    })
 
-	// Run forever.
-	select {}
+    // Run forever.
+    select {}
 }
-
 ```
 
-Start the application by running:
+Start by running:
 
 ```sh
 abci-cli kvstore
@@ -146,7 +136,7 @@ response.
 
 The server may be generic for a particular language, and we provide a
 [reference implementation in
-Golang](https://github.com/tendermint/tendermint/tree/v0.37.x/abci/server). See the
+Golang](https://github.com/tendermint/tendermint/tree/main/abci/server). See the
 [list of other ABCI implementations](https://github.com/tendermint/awesome#ecosystem) for servers in
 other languages.
 
@@ -173,32 +163,32 @@ Try running these commands:
 -> data: hello
 -> data.hex: 0x68656C6C6F
 
-> info 
+> info
 -> code: OK
 -> data: {"size":0}
 -> data.hex: 0x7B2273697A65223A307D
 
 > prepare_proposal "abc"
 -> code: OK
--> log: Succeeded. Tx: abc
+-> log: Succeeded. Tx: abc action: UNMODIFIED
 
 > process_proposal "abc"
 -> code: OK
 -> status: ACCEPT
 
-> commit 
+> commit
 -> code: OK
 -> data.hex: 0x0000000000000000
 
 > deliver_tx "abc"
 -> code: OK
 
-> info 
+> info
 -> code: OK
 -> data: {"size":1}
 -> data.hex: 0x7B2273697A65223A317D
 
-> commit 
+> commit
 -> code: OK
 -> data.hex: 0x0200000000000000
 
@@ -214,7 +204,7 @@ Try running these commands:
 > deliver_tx "def=xyz"
 -> code: OK
 
-> commit 
+> commit
 -> code: OK
 -> data.hex: 0x0400000000000000
 
@@ -229,9 +219,11 @@ Try running these commands:
 
 > prepare_proposal "preparedef"
 -> code: OK
--> log: Succeeded. Tx: replacedef
+-> log: Succeeded. Tx: def action: ADDED
+-> code: OK
+-> log: Succeeded. Tx: preparedef action: REMOVED
 
-> process_proposal "replacedef"
+> process_proposal "def"
 -> code: OK
 -> status: ACCEPT
 
@@ -253,21 +245,21 @@ Try running these commands:
 Note that if we do `deliver_tx "abc"` it will store `(abc, abc)`, but if
 we do `deliver_tx "abc=efg"` it will store `(abc, efg)`.
 
-You could put the commands in a file and run
+Similarly, you could put the commands in a file and run
 `abci-cli --verbose batch < myfile`.
 
-
-Note that the `abci-cli` is designed strictly for testing and debugging. In a real
-deployment, the role of sending messages is taken by Tendermint, which
-connects to the app using three separate connections, each with its own
-pattern of messages.
-
-For examples of running an ABCI app with Tendermint, see the 
-[getting started guide](./getting-started.md).
-
 ## Bounties
 
 Want to write an app in your favorite language?! We'd be happy
 to add you to our [ecosystem](https://github.com/tendermint/awesome#ecosystem)!
 See [funding](https://github.com/interchainio/funding) opportunities from the
-[Interchain Foundation](https://interchain.io/) for implementations in new languages and more.
+[Interchain Foundation](https://interchain.io) for implementations in new languages and more.
+
+The `abci-cli` is designed strictly for testing and debugging. In a real
+deployment, the role of sending messages is taken by Tendermint, which
+connects to the app using three separate connections, each with its own
+pattern of messages.
+
+For examples of running an ABCI app with
+Tendermint, see the [getting started guide](./getting-started.md).
+Next is the ABCI specification.

docs/app-dev/app-architecture.md

@@ -55,6 +55,6 @@ Tendermint.
 See the following for more extensive documentation:
 
 - [Interchain Standard for the Light-Client REST API](https://github.com/cosmos/cosmos-sdk/pull/1028)
-- [Tendermint RPC Docs](https://docs.tendermint.com/v0.37/rpc/)
+- [Tendermint RPC Docs](https://docs.tendermint.com/main/rpc/)
 - [Tendermint in Production](../tendermint-core/running-in-production.md)
 - [ABCI spec](https://github.com/tendermint/spec/tree/95cf253b6df623066ff7cd4074a94e7a3f147c7a/spec/abci)

docs/app-dev/getting-started.md

@@ -11,10 +11,9 @@ application you want to run. So, to run a complete blockchain that does
 something useful, you must start two programs: one is Tendermint Core,
 the other is your application, which can be written in any programming
 language. Recall from [the intro to
-ABCI](../introduction/what-is-tendermint.md#abci-overview) that Tendermint Core
-handles all the p2p and consensus stuff, and just forwards transactions to the
+ABCI](../introduction/what-is-tendermint.md#abci-overview) that Tendermint Core handles all the p2p and consensus stuff, and just forwards transactions to the
 application when they need to be validated, or when they're ready to be
-executed and committed.
+committed to a block.
 
 In this guide, we show you some examples of how to run an application
 using Tendermint.
@@ -23,8 +22,7 @@ using Tendermint.
 
 The first apps we will work with are written in Go. To install them, you
 need to [install Go](https://golang.org/doc/install), put
-`$GOPATH/bin` in your `$PATH` and enable go modules. If you use `bash`, 
-follow these instructions:
+`$GOPATH/bin` in your `$PATH` and enable go modules with these instructions:
 
 ```bash
 echo export GOPATH=\"\$HOME/go\" >> ~/.bash_profile
@@ -33,48 +31,17 @@ echo export PATH=\"\$PATH:\$GOPATH/bin\" >> ~/.bash_profile
 
 Then run
 
-```bash
+```sh
 go get github.com/tendermint/tendermint
 cd $GOPATH/src/github.com/tendermint/tendermint
 make install_abci
 ```
 
-Now you should have the `abci-cli` installed; run `abci-cli` to see the list of commands:
+Now you should have the `abci-cli` installed; you'll notice the `kvstore`
+command, an example application written
+in Go. See below for an application written in JavaScript.
 
-```
-Usage:
-  abci-cli [command]
-
-Available Commands:
-  batch            run a batch of abci commands against an application
-  check_tx         validate a transaction
-  commit           commit the application state and return the Merkle root hash
-  completion       Generate the autocompletion script for the specified shell
-  console          start an interactive ABCI console for multiple commands
-  deliver_tx       deliver a new transaction to the application
-  echo             have the application echo a message
-  help             Help about any command
-  info             get some info about the application
-  kvstore          ABCI demo example
-  prepare_proposal prepare proposal
-  process_proposal process proposal
-  query            query the application state
-  test             run integration tests
-  version          print ABCI console version
-
-Flags:
-      --abci string        either socket or grpc (default "socket")
-      --address string     address of application socket (default "tcp://0.0.0.0:26658")
-  -h, --help               help for abci-cli
-      --log_level string   set the logger level (default "debug")
-  -v, --verbose            print the command and results as if it were a console session
-
-Use "abci-cli [command] --help" for more information about a command.
-```
-
-You'll notice the `kvstore` command, an example application written in Go.
-
-Now, let's run an app!
+Now, let's run some apps!
 
 ## KVStore - A First Example
 
@@ -101,7 +68,7 @@ tendermint node
 ```
 
 If you have used Tendermint, you may want to reset the data for a new
-blockchain by running `tendermint unsafe-reset-all`. Then you can run
+blockchain by running `tendermint unsafe_reset_all`. Then you can run
 `tendermint node` to start Tendermint, and connect to the app. For more
 details, see [the guide on using Tendermint](../tendermint-core/using-tendermint.md).
 
@@ -197,3 +164,47 @@ curl -s 'localhost:26657/abci_query?data="name"'
 
 Try some other transactions and queries to make sure everything is
 working!
+
+
+## CounterJS - Example in Another Language
+
+We also want to run applications in another language - in this case,
+we'll run a Javascript version of the `counter`. To run it, you'll need
+to [install node](https://nodejs.org/en/download/).
+
+You'll also need to fetch the relevant repository, from
+[here](https://github.com/tendermint/js-abci), then install it:
+
+```sh
+git clone https://github.com/tendermint/js-abci.git
+cd js-abci
+npm install abci
+```
+
+Kill the previous `counter` and `tendermint` processes. Now run the app:
+
+```sh
+node example/counter.js
+```
+
+In another window, reset and start `tendermint`:
+
+```sh
+tendermint unsafe_reset_all
+tendermint node
+```
+
+Once again, you should see blocks streaming by - but now, our
+application is written in Javascript! Try sending some transactions, and
+like before - the results should be the same:
+
+```sh
+# ok
+curl localhost:26657/broadcast_tx_commit?tx=0x00
+# invalid nonce
+curl localhost:26657/broadcast_tx_commit?tx=0x05
+# ok
+curl localhost:26657/broadcast_tx_commit?tx=0x01
+```
+
+Neat, eh?

docs/app-dev/indexing-transactions.md

@@ -15,7 +15,7 @@ the block itself is never stored.
 Each event contains a type and a list of attributes, which are key-value pairs
 denoting something about what happened during the method's execution. For more
 details on `Events`, see the
-[ABCI](https://github.com/tendermint/tendermint/blob/v0.37.x/spec/abci/abci.md#events)
+[ABCI](https://github.com/tendermint/tendermint/blob/main/spec/abci/abci++_basic_concepts.md#events)
 documentation.
 
 An `Event` has a composite key associated with it. A `compositeKey` is
@@ -146,7 +146,7 @@ You can query for a paginated set of transaction by their events by calling the
 curl "localhost:26657/tx_search?query=\"message.sender='cosmos1...'\"&prove=true"
 ```
 
-Check out [API docs](https://docs.tendermint.com/v0.37/rpc/#/Info/tx_search)
+Check out [API docs](https://docs.tendermint.com/main/rpc/#/Info/tx_search)
 for more information on query syntax and other options.
 
 ## Subscribing to Transactions
@@ -165,7 +165,7 @@ a query to `/subscribe` RPC endpoint.
 }
 ```
 
-Check out [API docs](https://docs.tendermint.com/v0.37/rpc/#subscribe) for more information
+Check out [API docs](https://docs.tendermint.com/main/rpc/#subscribe) for more information
 on query syntax and other options.
 
 ## Querying Blocks Events
@@ -177,5 +177,5 @@ You can query for a paginated set of blocks by their events by calling the
 curl "localhost:26657/block_search?query=\"block.height > 10 AND val_set.num_changed > 0\""
 ```
 
-Check out [API docs](https://docs.tendermint.com/v0.37/rpc/#/Info/block_search)
+Check out [API docs](https://docs.tendermint.com/main/rpc/#/Info/block_search)
 for more information on query syntax and other options.

docs/architecture/adr-021-abci-events.md

@@ -7,7 +7,7 @@
 
 ## Context
 
-ABCI tags were first described in [ADR 002](https://github.com/tendermint/tendermint/blob/v0.37.x/docs/architecture/adr-002-event-subscription.md).
+ABCI tags were first described in [ADR 002](https://github.com/tendermint/tendermint/blob/main/docs/architecture/adr-002-event-subscription.md).
 They are key-value pairs that can be used to index transactions.
 
 Currently, ABCI messages return a list of tags to describe an

docs/architecture/adr-024-sign-bytes.md

@@ -16,7 +16,7 @@ The messages exchanged between tendermint and a remote signer currently live in
 
 [privval/socket.go]: https://github.com/tendermint/tendermint/blob/d419fffe18531317c28c29a292ad7d253f6cafdf/privval/socket.go#L496-L502
 [issue#1622]: https://github.com/tendermint/tendermint/issues/1622
-[types]: https://github.com/tendermint/tendermint/tree/v0.37.x/types
+[types]: https://github.com/tendermint/tendermint/tree/main/types
  
 
 ## Decision

docs/architecture/adr-043-blockchain-riri-org.md

@@ -9,7 +9,7 @@
 
 ## Context
 
-The blockchain reactor is responsible for two high level processes:sending/receiving blocks from peers and FastSync-ing blocks to catch upnode who is far behind. The goal of [ADR-40](https://github.com/tendermint/tendermint/blob/v0.37.x/docs/architecture/adr-040-blockchain-reactor-refactor.md) was to refactor these two processes by separating business logic currently wrapped up in go-channels into pure `handle*` functions. While the ADR specified what the final form of the reactor might look like it lacked guidance on intermediary steps to get there.
+The blockchain reactor is responsible for two high level processes:sending/receiving blocks from peers and FastSync-ing blocks to catch upnode who is far behind. The goal of [ADR-40](https://github.com/tendermint/tendermint/blob/main/docs/architecture/adr-040-blockchain-reactor-refactor.md) was to refactor these two processes by separating business logic currently wrapped up in go-channels into pure `handle*` functions. While the ADR specified what the final form of the reactor might look like it lacked guidance on intermediary steps to get there.
 The following diagram illustrates the state of the [blockchain-reorg](https://github.com/tendermint/tendermint/pull/3561) reactor which will be referred to as `v1`.
 
 ![v1 Blockchain Reactor Architecture
@@ -22,7 +22,7 @@ While `v1` of the blockchain reactor has shown significant improvements in terms
 - Peer communication is spread over multiple components creating complex dependency graph which must be mocked out during testing.
 - Timeouts modeled as stateful tickers introduce non-determinism in tests
 
-This ADR is meant to specify the missing components and control necessary to achieve [ADR-40](https://github.com/tendermint/tendermint/blob/v0.37.x/docs/architecture/adr-040-blockchain-reactor-refactor.md).
+This ADR is meant to specify the missing components and control necessary to achieve [ADR-40](https://github.com/tendermint/tendermint/blob/main/docs/architecture/adr-040-blockchain-reactor-refactor.md).
 
 ## Decision
 
@@ -41,7 +41,7 @@ Diagram](https://github.com/tendermint/tendermint/blob/5cf570690f989646fb3b615b7
 
 ### Reactor changes in detail
 
-The reactor will include a demultiplexing routine which will send each message to each sub routine for independent processing. Each sub routine will then select the messages it's interested in and call the handle specific function specified in [ADR-40](https://github.com/tendermint/tendermint/blob/v0.37.x/docs/architecture/adr-040-blockchain-reactor-refactor.md). The demuxRoutine acts as "pacemaker" setting the time in which events are expected to be handled.
+The reactor will include a demultiplexing routine which will send each message to each sub routine for independent processing. Each sub routine will then select the messages it's interested in and call the handle specific function specified in [ADR-40](https://github.com/tendermint/tendermint/blob/main/docs/architecture/adr-040-blockchain-reactor-refactor.md). The demuxRoutine acts as "pacemaker" setting the time in which events are expected to be handled.
 
 ```go
 func demuxRoutine(msgs, scheduleMsgs, processorMsgs, ioMsgs) {
@@ -400,5 +400,5 @@ Implemented
 
 ## References
 
-- [ADR-40](https://github.com/tendermint/tendermint/blob/v0.37.x/docs/architecture/adr-040-blockchain-reactor-refactor.md): The original blockchain reactor re-org proposal
+- [ADR-40](https://github.com/tendermint/tendermint/blob/main/docs/architecture/adr-040-blockchain-reactor-refactor.md): The original blockchain reactor re-org proposal
 - [Blockchain re-org](https://github.com/tendermint/tendermint/pull/3561): The current blockchain reactor re-org implementation (v1)

docs/architecture/adr-044-lite-client-with-weak-subjectivity.md

@@ -32,7 +32,7 @@ fork the network at some point in its prior history. See Vitalik’s post at
 Subjectivity](https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity/).
 
 Currently, Tendermint provides a lite client implementation in the
-[light](https://github.com/tendermint/tendermint/tree/v0.37.x/light) package. This
+[light](https://github.com/tendermint/tendermint/tree/main/light) package. This
 lite client implements a bisection algorithm that tries to use a binary search
 to find the minimum number of block headers where the validator set voting
 power changes are less than < 1/3rd. This interface does not support weak
@@ -84,7 +84,7 @@ The linear verification algorithm requires downloading all headers
 between the `TrustHeight` and the `LatestHeight`. The lite client downloads the
 full header for the provided `TrustHeight` and then proceeds to download `N+1`
 headers and applies the [Tendermint validation
-rules](https://github.com/tendermint/tendermint/tree/v0.37.x/spec/light-client/verification/README.md)
+rules](https://github.com/tendermint/tendermint/tree/main/spec/light-client/verification/README.md)
 to each block.
 
 ### Bisecting Verification
@@ -119,7 +119,7 @@ network usage.
 ---
 
 Check out the formal specification
-[here](https://github.com/tendermint/tendermint/tree/v0.37.x/spec/light-client).
+[here](https://github.com/tendermint/tendermint/tree/main/spec/light-client).
 
 ## Status