evidence: fix bug with hashes (backport #6375) (#6381)

2025-12-23 06:15:19 +00:00 · 2021-04-22 15:05:56 +02:00
parent a9b4fac610
commit 353e3a3243
11 changed files with 419 additions and 317 deletions
--- a/evidence/pool.go
+++ b/evidence/pool.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"sort"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -194,9 +193,11 @@ func (evpool *Pool) CheckEvidence(evList types.EvidenceList) error {
 	hashes := make([][]byte, len(evList))
 	for idx, ev := range evList {

-		ok := evpool.fastCheck(ev)
+		_, isLightEv := ev.(*types.LightClientAttackEvidence)

-		if !ok {
+		// We must verify light client attack evidence regardless because there could be a
+		// different conflicting block with the same hash.
+		if isLightEv || !evpool.isPending(ev) {
 			// check that the evidence isn't already committed
 			if evpool.isCommitted(ev) {
 				return &types.ErrInvalidEvidence{Evidence: ev, Reason: errors.New("evidence was already committed")}
@@ -213,7 +214,7 @@ func (evpool *Pool) CheckEvidence(evList types.EvidenceList) error {
 				evpool.logger.Error("Can't add evidence to pending list", "err", err, "ev", ev)
 			}

-			evpool.logger.Info("Verified new evidence of byzantine behavior", "evidence", ev)
+			evpool.logger.Info("Check evidence: verified evidence of byzantine behavior", "evidence", ev)
 		}

 		// check for duplicate evidence. We cache hashes so we don't have to work them out again.
@@ -255,68 +256,6 @@ func (evpool *Pool) State() sm.State {
 	return evpool.state
 }

-//--------------------------------------------------------------------------
-
-// fastCheck leverages the fact that the evidence pool may have already verified the evidence to see if it can
-// quickly conclude that the evidence is already valid.
-func (evpool *Pool) fastCheck(ev types.Evidence) bool {
-	if lcae, ok := ev.(*types.LightClientAttackEvidence); ok {
-		key := keyPending(ev)
-		evBytes, err := evpool.evidenceStore.Get(key)
-		if evBytes == nil { // the evidence is not in the nodes pending list
-			return false
-		}
-		if err != nil {
-			evpool.logger.Error("Failed to load light client attack evidence", "err", err, "key(height/hash)", key)
-			return false
-		}
-		var trustedPb tmproto.LightClientAttackEvidence
-		err = trustedPb.Unmarshal(evBytes)
-		if err != nil {
-			evpool.logger.Error("Failed to convert light client attack evidence from bytes",
-				"err", err, "key(height/hash)", key)
-			return false
-		}
-		trustedEv, err := types.LightClientAttackEvidenceFromProto(&trustedPb)
-		if err != nil {
-			evpool.logger.Error("Failed to convert light client attack evidence from protobuf",
-				"err", err, "key(height/hash)", key)
-			return false
-		}
-		// ensure that all the byzantine validators that the evidence pool has match the byzantine validators
-		// in this evidence
-		if trustedEv.ByzantineValidators == nil && lcae.ByzantineValidators != nil {
-			return false
-		}
-
-		if len(trustedEv.ByzantineValidators) != len(lcae.ByzantineValidators) {
-			return false
-		}
-
-		byzValsCopy := make([]*types.Validator, len(lcae.ByzantineValidators))
-		for i, v := range lcae.ByzantineValidators {
-			byzValsCopy[i] = v.Copy()
-		}
-
-		// ensure that both validator arrays are in the same order
-		sort.Sort(types.ValidatorsByVotingPower(byzValsCopy))
-
-		for idx, val := range trustedEv.ByzantineValidators {
-			if !bytes.Equal(byzValsCopy[idx].Address, val.Address) {
-				return false
-			}
-			if byzValsCopy[idx].VotingPower != val.VotingPower {
-				return false
-			}
-		}
-
-		return true
-	}
-
-	// for all other evidence the evidence pool just checks if it is already in the pending db
-	return evpool.isPending(ev)
-}
-
 // IsExpired checks whether evidence or a polc is expired by checking whether a height and time is older
 // than set by the evidence consensus parameters
 func (evpool *Pool) isExpired(height int64, time time.Time) bool {
--- a/evidence/pool_test.go
+++ b/evidence/pool_test.go
@@ -174,6 +174,9 @@ func TestReportConflictingVotes(t *testing.T) {
 	// should be able to retrieve evidence from pool
 	evList, _ = pool.PendingEvidence(defaultEvidenceMaxBytes)
 	require.Equal(t, []types.Evidence{ev}, evList)
+
+	next = pool.EvidenceFront()
+	require.NotNil(t, next)
 }

 func TestEvidencePoolUpdate(t *testing.T) {
@@ -234,62 +237,29 @@ func TestVerifyDuplicatedEvidenceFails(t *testing.T) {

 // check that valid light client evidence is correctly validated and stored in
 // evidence pool
-func TestCheckEvidenceWithLightClientAttack(t *testing.T) {
+func TestLightClientAttackEvidenceLifecycle(t *testing.T) {
 	var (
-		nValidators          = 5
-		validatorPower int64 = 10
-		height         int64 = 10
+		height       int64 = 100
+		commonHeight int64 = 90
 	)
-	conflictingVals, conflictingPrivVals := types.RandValidatorSet(nValidators, validatorPower)
-	trustedHeader := makeHeaderRandom(height)
-	trustedHeader.Time = defaultEvidenceTime

-	conflictingHeader := makeHeaderRandom(height)
-	conflictingHeader.ValidatorsHash = conflictingVals.Hash()
-
-	trustedHeader.ValidatorsHash = conflictingHeader.ValidatorsHash
-	trustedHeader.NextValidatorsHash = conflictingHeader.NextValidatorsHash
-	trustedHeader.ConsensusHash = conflictingHeader.ConsensusHash
-	trustedHeader.AppHash = conflictingHeader.AppHash
-	trustedHeader.LastResultsHash = conflictingHeader.LastResultsHash
-
-	// for simplicity we are simulating a duplicate vote attack where all the validators in the
-	// conflictingVals set voted twice
-	blockID := makeBlockID(conflictingHeader.Hash(), 1000, []byte("partshash"))
-	voteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), conflictingVals)
-	commit, err := types.MakeCommit(blockID, height, 1, voteSet, conflictingPrivVals, defaultEvidenceTime)
-	require.NoError(t, err)
-	ev := &types.LightClientAttackEvidence{
-		ConflictingBlock: &types.LightBlock{
-			SignedHeader: &types.SignedHeader{
-				Header: conflictingHeader,
-				Commit: commit,
-			},
-			ValidatorSet: conflictingVals,
-		},
-		CommonHeight:        10,
-		TotalVotingPower:    int64(nValidators) * validatorPower,
-		ByzantineValidators: conflictingVals.Validators,
-		Timestamp:           defaultEvidenceTime,
-	}
-
-	trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash"))
-	trustedVoteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), conflictingVals)
-	trustedCommit, err := types.MakeCommit(trustedBlockID, height, 1, trustedVoteSet, conflictingPrivVals,
-		defaultEvidenceTime)
-	require.NoError(t, err)
+	ev, trusted, common := makeLunaticEvidence(t, height, commonHeight,
+		10, 5, 5, defaultEvidenceTime, defaultEvidenceTime.Add(1*time.Hour))

 	state := sm.State{
-		LastBlockTime:   defaultEvidenceTime.Add(1 * time.Minute),
-		LastBlockHeight: 11,
+		LastBlockTime:   defaultEvidenceTime.Add(2 * time.Hour),
+		LastBlockHeight: 110,
 		ConsensusParams: *types.DefaultConsensusParams(),
 	}
 	stateStore := &smmocks.Store{}
-	stateStore.On("LoadValidators", height).Return(conflictingVals, nil)
+	stateStore.On("LoadValidators", height).Return(trusted.ValidatorSet, nil)
+	stateStore.On("LoadValidators", commonHeight).Return(common.ValidatorSet, nil)
 	stateStore.On("Load").Return(state, nil)
 	blockStore := &mocks.BlockStore{}
-	blockStore.On("LoadBlockMeta", height).Return(&types.BlockMeta{Header: *trustedHeader})
-	blockStore.On("LoadBlockCommit", height).Return(trustedCommit)
+	blockStore.On("LoadBlockMeta", height).Return(&types.BlockMeta{Header: *trusted.Header})
+	blockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
+	blockStore.On("LoadBlockCommit", height).Return(trusted.Commit)
+	blockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)

 	pool, err := evidence.NewPool(dbm.NewMemDB(), stateStore, blockStore)
 	require.NoError(t, err)
@@ -298,14 +268,32 @@ func TestCheckEvidenceWithLightClientAttack(t *testing.T) {
 	err = pool.AddEvidence(ev)
 	assert.NoError(t, err)

-	err = pool.CheckEvidence(types.EvidenceList{ev})
-	assert.NoError(t, err)
+	hash := ev.Hash()

-	// take away the last signature -> there are less validators then what we have detected,
-	// hence this should fail
-	commit.Signatures = append(commit.Signatures[:nValidators-1], types.NewCommitSigAbsent())
-	err = pool.CheckEvidence(types.EvidenceList{ev})
-	assert.Error(t, err)
+	require.NoError(t, pool.AddEvidence(ev))
+	require.NoError(t, pool.AddEvidence(ev))
+
+	pendingEv, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
+	require.Equal(t, 1, len(pendingEv))
+	require.Equal(t, ev, pendingEv[0])
+
+	require.NoError(t, pool.CheckEvidence(pendingEv))
+	require.Equal(t, ev, pendingEv[0])
+
+	state.LastBlockHeight++
+	state.LastBlockTime = state.LastBlockTime.Add(1 * time.Minute)
+	pool.Update(state, pendingEv)
+	require.Equal(t, hash, pendingEv[0].Hash())
+
+	remaindingEv, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
+	require.Empty(t, remaindingEv)
+
+	// evidence is already committed so it shouldn't pass
+	require.Error(t, pool.CheckEvidence(types.EvidenceList{ev}))
+	require.NoError(t, pool.AddEvidence(ev))
+
+	remaindingEv, _ = pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
+	require.Empty(t, remaindingEv)
 }

 // Tests that restarting the evidence pool after a potential failure will recover the
@@ -345,7 +333,7 @@ func TestRecoverPendingEvidence(t *testing.T) {
 			Evidence: tmproto.EvidenceParams{
 				MaxAgeNumBlocks: 20,
 				MaxAgeDuration:  20 * time.Minute,
-				MaxBytes:        1000,
+				MaxBytes:        defaultEvidenceMaxBytes,
 			},
 		},
 	}, nil)
--- a/evidence/verify.go
+++ b/evidence/verify.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"sort"
 	"time"

 	"github.com/tendermint/tendermint/light"
@@ -94,34 +93,6 @@ func (evpool *Pool) verify(evidence types.Evidence) error {
 		if err != nil {
 			return err
 		}
-		// find out what type of attack this was and thus extract the malicious validators. Note in the case of an
-		// Amnesia attack we don't have any malicious validators.
-		validators := ev.GetByzantineValidators(commonVals, trustedHeader)
-		// ensure this matches the validators that are listed in the evidence. They should be ordered based on power.
-		if validators == nil && ev.ByzantineValidators != nil {
-			return fmt.Errorf("expected nil validators from an amnesia light client attack but got %d",
-				len(ev.ByzantineValidators))
-		}
-
-		if exp, got := len(validators), len(ev.ByzantineValidators); exp != got {
-			return fmt.Errorf("expected %d byzantine validators from evidence but got %d",
-				exp, got)
-		}
-
-		// ensure that both validator arrays are in the same order
-		sort.Sort(types.ValidatorsByVotingPower(ev.ByzantineValidators))
-
-		for idx, val := range validators {
-			if !bytes.Equal(ev.ByzantineValidators[idx].Address, val.Address) {
-				return fmt.Errorf("evidence contained a different byzantine validator address to the one we were expecting."+
-					"Expected %v, got %v", val.Address, ev.ByzantineValidators[idx].Address)
-			}
-			if ev.ByzantineValidators[idx].VotingPower != val.VotingPower {
-				return fmt.Errorf("evidence contained a byzantine validator with a different power to the one we were expecting."+
-					"Expected %d, got %d", val.VotingPower, ev.ByzantineValidators[idx].VotingPower)
-			}
-		}
-
 		return nil
 	default:
 		return fmt.Errorf("unrecognized evidence type: %T", evidence)
@@ -149,7 +120,7 @@ func VerifyLightClientAttack(e *types.LightClientAttackEvidence, commonHeader, t
 		}

 		// In the case of equivocation and amnesia we expect all header hashes to be correctly derived
-	} else if isInvalidHeader(trustedHeader.Header, e.ConflictingBlock.Header) {
+	} else if e.ConflictingHeaderIsInvalid(trustedHeader.Header) {
 		return errors.New("common height is the same as conflicting block height so expected the conflicting" +
 			" block to be correctly derived yet it wasn't")
 	}
@@ -178,7 +149,7 @@ func VerifyLightClientAttack(e *types.LightClientAttackEvidence, commonHeader, t
 			trustedHeader.Hash())
 	}

-	return nil
+	return validateABCIEvidence(e, commonVals, trustedHeader)
 }

 // VerifyDuplicateVote verifies DuplicateVoteEvidence against the state of full node. This involves the
@@ -249,6 +220,55 @@ func VerifyDuplicateVote(e *types.DuplicateVoteEvidence, chainID string, valSet
 	return nil
 }

+// validateABCIEvidence validates the ABCI component of the light client attack
+// evidence i.e voting power and byzantine validators
+func validateABCIEvidence(
+	ev *types.LightClientAttackEvidence,
+	commonVals *types.ValidatorSet,
+	trustedHeader *types.SignedHeader,
+) error {
+	if evTotal, valsTotal := ev.TotalVotingPower, commonVals.TotalVotingPower(); evTotal != valsTotal {
+		return fmt.Errorf("total voting power from the evidence and our validator set does not match (%d != %d)",
+			evTotal, valsTotal)
+	}
+
+	// Find out what type of attack this was and thus extract the malicious
+	// validators. Note, in the case of an Amnesia attack we don't have any
+	// malicious validators.
+	validators := ev.GetByzantineValidators(commonVals, trustedHeader)
+
+	// Ensure this matches the validators that are listed in the evidence. They
+	// should be ordered based on power.
+	if validators == nil && ev.ByzantineValidators != nil {
+		return fmt.Errorf(
+			"expected nil validators from an amnesia light client attack but got %d",
+			len(ev.ByzantineValidators),
+		)
+	}
+
+	if exp, got := len(validators), len(ev.ByzantineValidators); exp != got {
+		return fmt.Errorf("expected %d byzantine validators from evidence but got %d", exp, got)
+	}
+
+	for idx, val := range validators {
+		if !bytes.Equal(ev.ByzantineValidators[idx].Address, val.Address) {
+			return fmt.Errorf(
+				"evidence contained an unexpected byzantine validator address; expected: %v, got: %v",
+				val.Address, ev.ByzantineValidators[idx].Address,
+			)
+		}
+
+		if ev.ByzantineValidators[idx].VotingPower != val.VotingPower {
+			return fmt.Errorf(
+				"evidence contained unexpected byzantine validator power; expected %d, got %d",
+				val.VotingPower, ev.ByzantineValidators[idx].VotingPower,
+			)
+		}
+	}
+
+	return nil
+}
+
 func getSignedHeader(blockStore BlockStore, height int64) (*types.SignedHeader, error) {
 	blockMeta := blockStore.LoadBlockMeta(height)
 	if blockMeta == nil {
@@ -263,15 +283,3 @@ func getSignedHeader(blockStore BlockStore, height int64) (*types.SignedHeader,
 		Commit: commit,
 	}, nil
 }
-
-// isInvalidHeader takes a trusted header and matches it againt a conflicting header
-// to determine whether the conflicting header was the product of a valid state transition
-// or not. If it is then all the deterministic fields of the header should be the same.
-// If not, it is an invalid header and constitutes a lunatic attack.
-func isInvalidHeader(trusted, conflicting *types.Header) bool {
-	return !bytes.Equal(trusted.ValidatorsHash, conflicting.ValidatorsHash) ||
-		!bytes.Equal(trusted.NextValidatorsHash, conflicting.NextValidatorsHash) ||
-		!bytes.Equal(trusted.ConsensusHash, conflicting.ConsensusHash) ||
-		!bytes.Equal(trusted.AppHash, conflicting.AppHash) ||
-		!bytes.Equal(trusted.LastResultsHash, conflicting.LastResultsHash)
-}
--- a/evidence/verify_test.go
+++ b/evidence/verify_test.go
@@ -1,6 +1,7 @@
 package evidence_test

 import (
+	"bytes"
 	"testing"
 	"time"

@@ -22,140 +23,171 @@ import (
 	"github.com/tendermint/tendermint/version"
 )

+const (
+	defaultVotingPower = 10
+)
+
 func TestVerifyLightClientAttack_Lunatic(t *testing.T) {
-	commonVals, commonPrivVals := types.RandValidatorSet(2, 10)
-
-	newVal, newPrivVal := types.RandValidator(false, 9)
-
-	conflictingVals, err := types.ValidatorSetFromExistingValidators(append(commonVals.Validators, newVal))
-	require.NoError(t, err)
-	conflictingPrivVals := append(commonPrivVals, newPrivVal)
-
-	commonHeader := makeHeaderRandom(4)
-	commonHeader.Time = defaultEvidenceTime
-	trustedHeader := makeHeaderRandom(10)
-	trustedHeader.Time = defaultEvidenceTime.Add(1 * time.Hour)
-
-	conflictingHeader := makeHeaderRandom(10)
-	conflictingHeader.Time = defaultEvidenceTime.Add(1 * time.Hour)
-	conflictingHeader.ValidatorsHash = conflictingVals.Hash()
-
-	// we are simulating a lunatic light client attack
-	blockID := makeBlockID(conflictingHeader.Hash(), 1000, []byte("partshash"))
-	voteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals)
-	commit, err := types.MakeCommit(blockID, 10, 1, voteSet, conflictingPrivVals, defaultEvidenceTime)
-	require.NoError(t, err)
-	ev := &types.LightClientAttackEvidence{
-		ConflictingBlock: &types.LightBlock{
-			SignedHeader: &types.SignedHeader{
-				Header: conflictingHeader,
-				Commit: commit,
-			},
-			ValidatorSet: conflictingVals,
-		},
-		CommonHeight:        4,
-		TotalVotingPower:    20,
-		ByzantineValidators: commonVals.Validators,
-		Timestamp:           defaultEvidenceTime,
-	}
-
-	commonSignedHeader := &types.SignedHeader{
-		Header: commonHeader,
-		Commit: &types.Commit{},
-	}
-	trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash"))
-	vals, privVals := types.RandValidatorSet(3, 8)
-	trustedVoteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), vals)
-	trustedCommit, err := types.MakeCommit(trustedBlockID, 10, 1, trustedVoteSet, privVals, defaultEvidenceTime)
-	require.NoError(t, err)
-	trustedSignedHeader := &types.SignedHeader{
-		Header: trustedHeader,
-		Commit: trustedCommit,
-	}
+	const (
+		height       int64 = 10
+		commonHeight int64 = 4
+		totalVals          = 10
+		byzVals            = 4
+	)
+	attackTime := defaultEvidenceTime.Add(1 * time.Hour)
+	// create valid lunatic evidence
+	ev, trusted, common := makeLunaticEvidence(
+		t, height, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
+	require.NoError(t, ev.ValidateBasic())

 	// good pass -> no error
-	err = evidence.VerifyLightClientAttack(ev, commonSignedHeader, trustedSignedHeader, commonVals,
+	err := evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
 		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
 	assert.NoError(t, err)

 	// trusted and conflicting hashes are the same -> an error should be returned
-	err = evidence.VerifyLightClientAttack(ev, commonSignedHeader, ev.ConflictingBlock.SignedHeader, commonVals,
+	err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, ev.ConflictingBlock.SignedHeader, common.ValidatorSet,
 		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
 	assert.Error(t, err)

 	// evidence with different total validator power should fail
-	ev.TotalVotingPower = 1
-	err = evidence.VerifyLightClientAttack(ev, commonSignedHeader, trustedSignedHeader, commonVals,
+	ev.TotalVotingPower = 1 * defaultVotingPower
+	err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
 		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
 	assert.Error(t, err)
-	ev.TotalVotingPower = 20

-	forwardConflictingHeader := makeHeaderRandom(11)
-	forwardConflictingHeader.Time = defaultEvidenceTime.Add(30 * time.Minute)
-	forwardConflictingHeader.ValidatorsHash = conflictingVals.Hash()
-	forwardBlockID := makeBlockID(forwardConflictingHeader.Hash(), 1000, []byte("partshash"))
-	forwardVoteSet := types.NewVoteSet(evidenceChainID, 11, 1, tmproto.SignedMsgType(2), conflictingVals)
-	forwardCommit, err := types.MakeCommit(forwardBlockID, 11, 1, forwardVoteSet, conflictingPrivVals, defaultEvidenceTime)
-	require.NoError(t, err)
-	forwardLunaticEv := &types.LightClientAttackEvidence{
-		ConflictingBlock: &types.LightBlock{
-			SignedHeader: &types.SignedHeader{
-				Header: forwardConflictingHeader,
-				Commit: forwardCommit,
-			},
-			ValidatorSet: conflictingVals,
-		},
-		CommonHeight:        4,
-		TotalVotingPower:    20,
-		ByzantineValidators: commonVals.Validators,
-		Timestamp:           defaultEvidenceTime,
-	}
-	err = evidence.VerifyLightClientAttack(forwardLunaticEv, commonSignedHeader, trustedSignedHeader, commonVals,
+	// evidence without enough malicious votes should fail
+	ev, trusted, common = makeLunaticEvidence(
+		t, height, commonHeight, totalVals, byzVals-1, totalVals-byzVals, defaultEvidenceTime, attackTime)
+	err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
 		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
-	assert.NoError(t, err)
+	assert.Error(t, err)
+}

+func TestVerify_LunaticAttackAgainstState(t *testing.T) {
+	const (
+		height       int64 = 10
+		commonHeight int64 = 4
+		totalVals          = 10
+		byzVals            = 4
+	)
+	attackTime := defaultEvidenceTime.Add(1 * time.Hour)
+	// create valid lunatic evidence
+	ev, trusted, common := makeLunaticEvidence(
+		t, height, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
+
+	// now we try to test verification against state
 	state := sm.State{
 		LastBlockTime:   defaultEvidenceTime.Add(2 * time.Hour),
-		LastBlockHeight: 11,
+		LastBlockHeight: height + 1,
 		ConsensusParams: *types.DefaultConsensusParams(),
 	}
 	stateStore := &smmocks.Store{}
-	stateStore.On("LoadValidators", int64(4)).Return(commonVals, nil)
+	stateStore.On("LoadValidators", commonHeight).Return(common.ValidatorSet, nil)
 	stateStore.On("Load").Return(state, nil)
 	blockStore := &mocks.BlockStore{}
-	blockStore.On("LoadBlockMeta", int64(4)).Return(&types.BlockMeta{Header: *commonHeader})
-	blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: *trustedHeader})
-	blockStore.On("LoadBlockMeta", int64(11)).Return(nil)
-	blockStore.On("LoadBlockCommit", int64(4)).Return(commit)
-	blockStore.On("LoadBlockCommit", int64(10)).Return(trustedCommit)
-	blockStore.On("Height").Return(int64(10))
-
+	blockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
+	blockStore.On("LoadBlockMeta", height).Return(&types.BlockMeta{Header: *trusted.Header})
+	blockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
+	blockStore.On("LoadBlockCommit", height).Return(trusted.Commit)
 	pool, err := evidence.NewPool(dbm.NewMemDB(), stateStore, blockStore)
 	require.NoError(t, err)
 	pool.SetLogger(log.TestingLogger())

 	evList := types.EvidenceList{ev}
-	err = pool.CheckEvidence(evList)
-	assert.NoError(t, err)
+	// check that the evidence pool correctly verifies the evidence
+	assert.NoError(t, pool.CheckEvidence(evList))

+	// as it was not originally in the pending bucket, it should now have been added
 	pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
 	assert.Equal(t, 1, len(pendingEvs))
+	assert.Equal(t, ev, pendingEvs[0])

 	// if we submit evidence only against a single byzantine validator when we see there are more validators then this
 	// should return an error
-	ev.ByzantineValidators = []*types.Validator{commonVals.Validators[0]}
-	err = pool.CheckEvidence(evList)
-	assert.Error(t, err)
-	ev.ByzantineValidators = commonVals.Validators // restore evidence
+	ev.ByzantineValidators = ev.ByzantineValidators[:1]
+	t.Log(evList)
+	assert.Error(t, pool.CheckEvidence(evList))
+	// restore original byz vals
+	ev.ByzantineValidators = ev.GetByzantineValidators(common.ValidatorSet, trusted.SignedHeader)
+
+	// duplicate evidence should be rejected
+	evList = types.EvidenceList{ev, ev}
+	pool, err = evidence.NewPool(dbm.NewMemDB(), stateStore, blockStore)
+	require.NoError(t, err)
+	assert.Error(t, pool.CheckEvidence(evList))

 	// If evidence is submitted with an altered timestamp it should return an error
 	ev.Timestamp = defaultEvidenceTime.Add(1 * time.Minute)
-	err = pool.CheckEvidence(evList)
-	assert.Error(t, err)
+	pool, err = evidence.NewPool(dbm.NewMemDB(), stateStore, blockStore)
+	require.NoError(t, err)
+	assert.Error(t, pool.AddEvidence(ev))
+	ev.Timestamp = defaultEvidenceTime

-	evList = types.EvidenceList{forwardLunaticEv}
-	err = pool.CheckEvidence(evList)
-	assert.NoError(t, err)
+	// Evidence submitted with a different validator power should fail
+	ev.TotalVotingPower = 1
+	pool, err = evidence.NewPool(dbm.NewMemDB(), stateStore, blockStore)
+	require.NoError(t, err)
+	assert.Error(t, pool.AddEvidence(ev))
+	ev.TotalVotingPower = common.ValidatorSet.TotalVotingPower()
+}
+
+func TestVerify_ForwardLunaticAttack(t *testing.T) {
+	const (
+		nodeHeight   int64 = 8
+		attackHeight int64 = 10
+		commonHeight int64 = 4
+		totalVals          = 10
+		byzVals            = 5
+	)
+	attackTime := defaultEvidenceTime.Add(1 * time.Hour)
+
+	// create a forward lunatic attack
+	ev, trusted, common := makeLunaticEvidence(
+		t, attackHeight, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
+
+	// now we try to test verification against state
+	state := sm.State{
+		LastBlockTime:   defaultEvidenceTime.Add(2 * time.Hour),
+		LastBlockHeight: nodeHeight,
+		ConsensusParams: *types.DefaultConsensusParams(),
+	}
+
+	// modify trusted light block so that it is of a height less than the conflicting one
+	trusted.Header.Height = state.LastBlockHeight
+	trusted.Header.Time = state.LastBlockTime
+
+	stateStore := &smmocks.Store{}
+	stateStore.On("LoadValidators", commonHeight).Return(common.ValidatorSet, nil)
+	stateStore.On("Load").Return(state, nil)
+	blockStore := &mocks.BlockStore{}
+	blockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
+	blockStore.On("LoadBlockMeta", nodeHeight).Return(&types.BlockMeta{Header: *trusted.Header})
+	blockStore.On("LoadBlockMeta", attackHeight).Return(nil)
+	blockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
+	blockStore.On("LoadBlockCommit", nodeHeight).Return(trusted.Commit)
+	blockStore.On("Height").Return(nodeHeight)
+	pool, err := evidence.NewPool(dbm.NewMemDB(), stateStore, blockStore)
+	require.NoError(t, err)
+
+	// check that the evidence pool correctly verifies the evidence
+	assert.NoError(t, pool.CheckEvidence(types.EvidenceList{ev}))
+
+	// now we use a time which isn't able to contradict the FLA - thus we can't verify the evidence
+	oldBlockStore := &mocks.BlockStore{}
+	oldHeader := trusted.Header
+	oldHeader.Time = defaultEvidenceTime
+	oldBlockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
+	oldBlockStore.On("LoadBlockMeta", nodeHeight).Return(&types.BlockMeta{Header: *oldHeader})
+	oldBlockStore.On("LoadBlockMeta", attackHeight).Return(nil)
+	oldBlockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
+	oldBlockStore.On("LoadBlockCommit", nodeHeight).Return(trusted.Commit)
+	oldBlockStore.On("Height").Return(nodeHeight)
+	require.Equal(t, defaultEvidenceTime, oldBlockStore.LoadBlockMeta(nodeHeight).Header.Time)
+
+	pool, err = evidence.NewPool(dbm.NewMemDB(), stateStore, oldBlockStore)
+	require.NoError(t, err)
+	assert.Error(t, pool.CheckEvidence(types.EvidenceList{ev}))
 }

 func TestVerifyLightClientAttack_Equivocation(t *testing.T) {
@@ -417,6 +449,84 @@ func TestVerifyDuplicateVoteEvidence(t *testing.T) {
 	assert.Error(t, err)
 }

+func makeLunaticEvidence(
+	t *testing.T,
+	height, commonHeight int64,
+	totalVals, byzVals, phantomVals int,
+	commonTime, attackTime time.Time,
+) (ev *types.LightClientAttackEvidence, trusted *types.LightBlock, common *types.LightBlock) {
+	commonValSet, commonPrivVals := types.RandValidatorSet(totalVals, defaultVotingPower)
+
+	require.Greater(t, totalVals, byzVals)
+
+	// extract out the subset of byzantine validators in the common validator set
+	byzValSet, byzPrivVals := commonValSet.Validators[:byzVals], commonPrivVals[:byzVals]
+
+	phantomValSet, phantomPrivVals := types.RandValidatorSet(phantomVals, defaultVotingPower)
+
+	conflictingVals := phantomValSet.Copy()
+	require.NoError(t, conflictingVals.UpdateWithChangeSet(byzValSet))
+	conflictingPrivVals := append(phantomPrivVals, byzPrivVals...)
+
+	conflictingPrivVals = orderPrivValsByValSet(t, conflictingVals, conflictingPrivVals)
+
+	commonHeader := makeHeaderRandom(commonHeight)
+	commonHeader.Time = commonTime
+	trustedHeader := makeHeaderRandom(height)
+
+	conflictingHeader := makeHeaderRandom(height)
+	conflictingHeader.Time = attackTime
+	conflictingHeader.ValidatorsHash = conflictingVals.Hash()
+
+	blockID := makeBlockID(conflictingHeader.Hash(), 1000, []byte("partshash"))
+	voteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), conflictingVals)
+	commit, err := types.MakeCommit(blockID, height, 1, voteSet, conflictingPrivVals, defaultEvidenceTime)
+	require.NoError(t, err)
+	ev = &types.LightClientAttackEvidence{
+		ConflictingBlock: &types.LightBlock{
+			SignedHeader: &types.SignedHeader{
+				Header: conflictingHeader,
+				Commit: commit,
+			},
+			ValidatorSet: conflictingVals,
+		},
+		CommonHeight:        commonHeight,
+		TotalVotingPower:    commonValSet.TotalVotingPower(),
+		ByzantineValidators: byzValSet,
+		Timestamp:           commonTime,
+	}
+
+	common = &types.LightBlock{
+		SignedHeader: &types.SignedHeader{
+			Header: commonHeader,
+			// we can leave this empty because we shouldn't be checking this
+			Commit: &types.Commit{},
+		},
+		ValidatorSet: commonValSet,
+	}
+	trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash"))
+	trustedVals, privVals := types.RandValidatorSet(totalVals, defaultVotingPower)
+	trustedVoteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), trustedVals)
+	trustedCommit, err := types.MakeCommit(trustedBlockID, height, 1, trustedVoteSet, privVals, defaultEvidenceTime)
+	require.NoError(t, err)
+	trusted = &types.LightBlock{
+		SignedHeader: &types.SignedHeader{
+			Header: trustedHeader,
+			Commit: trustedCommit,
+		},
+		ValidatorSet: trustedVals,
+	}
+	return ev, trusted, common
+}
+
+// func makeEquivocationEvidence() *types.LightClientAttackEvidence {
+
+// }
+
+// func makeAmnesiaEvidence() *types.LightClientAttackEvidence {
+
+// }
+
 func makeVote(
 	t *testing.T, val types.PrivValidator, chainID string, valIndex int32, height int64,
 	round int32, step int, blockID types.BlockID, time time.Time) *types.Vote {
@@ -475,3 +585,20 @@ func makeBlockID(hash []byte, partSetSize uint32, partSetHash []byte) types.Bloc
 		},
 	}
 }
+
+func orderPrivValsByValSet(
+	t *testing.T, vals *types.ValidatorSet, privVals []types.PrivValidator) []types.PrivValidator {
+	output := make([]types.PrivValidator, len(privVals))
+	for idx, v := range vals.Validators {
+		for _, p := range privVals {
+			pubKey, err := p.GetPubKey()
+			require.NoError(t, err)
+			if bytes.Equal(v.Address, pubKey.Address()) {
+				output[idx] = p
+				break
+			}
+		}
+		require.NotEmpty(t, output[idx])
+	}
+	return output
+}