Prevent further double vote incidents #1778
Description
Currently, there are no reliable double vote prevention mechanisms. Current VoteCollector constantly clears old votes, votes_received bitset is cleared every time we move_to_step. Even if we make a mistake (like we accidentally made a step regression, race condition, etc) the double vote shouldn't occur at any cost.
There should be a mechanism to assert an invariant (such as 1. no double vote on the same step, 2. vote step should be monotonically increased, etc.)
- Refactor to manage vote related states
- Add invariant
- Respect vote collector's double vote report