mirror of
https://github.com/tendermint/tendermint.git
synced 2026-02-11 22:31:09 +00:00
06b1812094
* Add protos for ExtendedCommit Cherry-pick from e73f0178b72a16ee81f8e856aadf651f2c62ec6e just the changes to the .proto files, since we have deleted the .intermediate files. Signed-off-by: Thane Thomson <connect@thanethomson.com> * make proto-gen Signed-off-by: Thane Thomson <connect@thanethomson.com> * BlockStore holds extended commit Cherry-pick 8d504d4b50ec6afbdffe2df7ababbef30e15053d and fix conflicts. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Reshuffle ExtendedCommit and ExtendedCommitSig Separate the data structures and functions from their Commit-oriented counterparts to adhere to the current coding style. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix exit condition in blocksync * Add note to remove TxResult proto As Sergio pointed out in 3e31aa6f583cdc71e208ed03a82f1d804ec0de49, this proto message can probably be removed. We should do this in a separate PR. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Lift termination condition into for loop Signed-off-by: Thane Thomson <connect@thanethomson.com> * Enforce vote extension signature requirement Signed-off-by: Thane Thomson <connect@thanethomson.com> * Expand on comment for PeekTwoBlocks for posterity Signed-off-by: Thane Thomson <connect@thanethomson.com> * Isolate TODO more clearly Signed-off-by: Thane Thomson <connect@thanethomson.com> * make mockery Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix comment Signed-off-by: Thane Thomson <connect@thanethomson.com> * Make panic output from BlockStore.SaveBlock more readable Signed-off-by: Thane Thomson <connect@thanethomson.com> * Add helper methods to ExtendedCommitSig and ExtendedCommit Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix most tests except TestHandshake* Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix store prefix collision Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix TestBlockFetchAtHeight Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove global state from store tests Signed-off-by: Thane Thomson <connect@thanethomson.com> * Apply suggestions from code review Co-authored-by: M. J. Fromberger <fromberger@interchain.io> Co-authored-by: Sergio Mena <sergio@informal.systems> * blocksync: Just return error Signed-off-by: Thane Thomson <connect@thanethomson.com> * make format Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Remove unused/commented-out code Signed-off-by: Thane Thomson <connect@thanethomson.com> * blocksync: Change pool AddBlock function signature to return errors Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Improve legibility of switch statements Signed-off-by: Thane Thomson <connect@thanethomson.com> * blocksync: Expand on extended commit requirement in AddBlock description Signed-off-by: Thane Thomson <connect@thanethomson.com> * blocksync: Return error without also logging it Signed-off-by: Thane Thomson <connect@thanethomson.com> * consensus: Rename short-lived local variable Signed-off-by: Thane Thomson <connect@thanethomson.com> * consensus: Allocate TODO to Sergio Signed-off-by: Thane Thomson <connect@thanethomson.com> * evidence/pool_test: Inline slice construction Signed-off-by: Thane Thomson <connect@thanethomson.com> * state: Rename LoadBlockExtCommit to LoadBlockExtendedCommit Signed-off-by: Thane Thomson <connect@thanethomson.com> * proto: Remove TODO on TxResult Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Minor format Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Reformat ExtendedCommitSig.BlockID Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Remove NewExtendedCommit constructor Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Remove NewCommit constructor Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Shorten receiver names for ExtendedCommit Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Convert ExtendedCommit.Copy to a deep clone Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Assign TODO to Sergio Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Fix legibility nits Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Improve legibility Signed-off-by: Thane Thomson <connect@thanethomson.com> * store/state: Add TODO to move prefixes to common package Signed-off-by: Thane Thomson <connect@thanethomson.com> * Propagate validator info to PrepareProposal In order to propagate validator voting power through to PrepareProposal, we need to load the validator set info from the height corresponding to the extended commit that we're passing through to PrepareProposal as the "LocalLastCommit". Signed-off-by: Thane Thomson <connect@thanethomson.com> * Rename local var for clarity Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix TestMaxProposalBlockSize Signed-off-by: Thane Thomson <connect@thanethomson.com> * Rename local var for clarity Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove debug log Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove CommigSig.ForBlock helper Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove CommigSig.Absent helper Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove ExtendedCommitSig.ForBlock helper Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove ExtendedCommitSig.Absent helper Signed-off-by: Thane Thomson <connect@thanethomson.com> * There are no extended commits below the initial height Signed-off-by: Thane Thomson <connect@thanethomson.com> * Fix comment grammar Signed-off-by: Thane Thomson <connect@thanethomson.com> * Remove JSON encoding from ExtendedCommit Signed-off-by: Thane Thomson <connect@thanethomson.com> * Embed CommitSig into ExtendedCommitSig instead of duplicating fields Signed-off-by: Thane Thomson <connect@thanethomson.com> * Rename ExtendedCommit vote_extension field to extension for consistency with domain types Signed-off-by: Thane Thomson <connect@thanethomson.com> * blocksync: Panic if we peek a block without an extended commit Signed-off-by: Thane Thomson <connect@thanethomson.com> * Apply suggestions from code review Co-authored-by: M. J. Fromberger <fromberger@interchain.io> * Remove Sergio from TODO Signed-off-by: Thane Thomson <connect@thanethomson.com> * Increase hard-coded vote extension max size to 1MB Signed-off-by: Thane Thomson <connect@thanethomson.com> * state: Remove unnecessary comment Signed-off-by: Thane Thomson <connect@thanethomson.com> * state: Ensure no of commit sigs equals validator set length Signed-off-by: Thane Thomson <connect@thanethomson.com> * make format Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Minor legibility improvements Signed-off-by: Thane Thomson <connect@thanethomson.com> * Improve legibility Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Remove unused GetVotes function on VoteSet Signed-off-by: Thane Thomson <connect@thanethomson.com> * Refactor TestMaxProposalBlockSize to construct more realistic extended commit Signed-off-by: Thane Thomson <connect@thanethomson.com> * Refactor buildExtendedCommitInfo to resemble buildLastCommitInfo Signed-off-by: Thane Thomson <connect@thanethomson.com> * Apply suggestions from code review Co-authored-by: M. J. Fromberger <fromberger@interchain.io> * abci++: Disable VerifyVoteExtension call on nil precommits (#8491) Signed-off-by: Thane Thomson <connect@thanethomson.com> * types: Require vote extensions on non-nil precommits and not otherwise Signed-off-by: Thane Thomson <connect@thanethomson.com> * Disable lint Signed-off-by: Thane Thomson <connect@thanethomson.com> * Increase timeout for TestReactorVotingPowerChange to counter flakiness Signed-off-by: Thane Thomson <connect@thanethomson.com> * Only sign and verify vote extensions in non-nil precommits Signed-off-by: Thane Thomson <connect@thanethomson.com> * Revert "Disable lint" This reverts commit6fffbf9402. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Add missing non-nil check uncovered non-deterministically in TestHandshakeReplayAll Signed-off-by: Thane Thomson <connect@thanethomson.com> * Expand error message for accuracy Signed-off-by: Thane Thomson <connect@thanethomson.com> * Only call ExtendVote when we make non-nil precommits Signed-off-by: Thane Thomson <connect@thanethomson.com> * Revert "Increase timeout for TestReactorVotingPowerChange to counter flakiness" This reverts commitaf514939db. Signed-off-by: Thane Thomson <connect@thanethomson.com> * Refactor ValidateBasic for ExtendedCommitSig for legibility Signed-off-by: Thane Thomson <connect@thanethomson.com> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: M. J. Fromberger <fromberger@interchain.io>
655 lines
25 KiB
Go
655 lines
25 KiB
Go
package evidence_test
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
dbm "github.com/tendermint/tm-db"
|
|
|
|
"github.com/tendermint/tendermint/crypto"
|
|
"github.com/tendermint/tendermint/internal/eventbus"
|
|
"github.com/tendermint/tendermint/internal/evidence"
|
|
"github.com/tendermint/tendermint/internal/evidence/mocks"
|
|
sm "github.com/tendermint/tendermint/internal/state"
|
|
smmocks "github.com/tendermint/tendermint/internal/state/mocks"
|
|
"github.com/tendermint/tendermint/internal/test/factory"
|
|
"github.com/tendermint/tendermint/libs/log"
|
|
tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
|
|
"github.com/tendermint/tendermint/types"
|
|
)
|
|
|
|
const (
|
|
defaultVotingPower = 10
|
|
)
|
|
|
|
func TestVerifyLightClientAttack_Lunatic(t *testing.T) {
|
|
const (
|
|
height int64 = 10
|
|
commonHeight int64 = 4
|
|
totalVals = 10
|
|
byzVals = 4
|
|
)
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
attackTime := defaultEvidenceTime.Add(1 * time.Hour)
|
|
// create valid lunatic evidence
|
|
ev, trusted, common := makeLunaticEvidence(ctx,
|
|
t, height, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
|
|
require.NoError(t, ev.ValidateBasic())
|
|
|
|
// good pass -> no error
|
|
err := evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
|
|
defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
|
|
assert.NoError(t, err)
|
|
|
|
// trusted and conflicting hashes are the same -> an error should be returned
|
|
err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, ev.ConflictingBlock.SignedHeader, common.ValidatorSet,
|
|
defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
|
|
assert.Error(t, err)
|
|
|
|
// evidence with different total validator power should fail
|
|
ev.TotalVotingPower = 1 * defaultVotingPower
|
|
err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
|
|
defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
|
|
assert.NoError(t, err)
|
|
assert.Error(t, ev.ValidateABCI(common.ValidatorSet, trusted.SignedHeader, defaultEvidenceTime))
|
|
|
|
// evidence without enough malicious votes should fail
|
|
ev, trusted, common = makeLunaticEvidence(ctx,
|
|
t, height, commonHeight, totalVals, byzVals-1, totalVals-byzVals, defaultEvidenceTime, attackTime)
|
|
err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
|
|
defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
|
|
assert.Error(t, err)
|
|
}
|
|
|
|
func TestVerify_LunaticAttackAgainstState(t *testing.T) {
|
|
const (
|
|
height int64 = 10
|
|
commonHeight int64 = 4
|
|
totalVals = 10
|
|
byzVals = 4
|
|
)
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
logger := log.NewNopLogger()
|
|
|
|
attackTime := defaultEvidenceTime.Add(1 * time.Hour)
|
|
// create valid lunatic evidence
|
|
ev, trusted, common := makeLunaticEvidence(ctx,
|
|
t, height, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
|
|
|
|
// now we try to test verification against state
|
|
state := sm.State{
|
|
LastBlockTime: defaultEvidenceTime.Add(2 * time.Hour),
|
|
LastBlockHeight: height + 1,
|
|
ConsensusParams: *types.DefaultConsensusParams(),
|
|
}
|
|
stateStore := &smmocks.Store{}
|
|
stateStore.On("LoadValidators", commonHeight).Return(common.ValidatorSet, nil)
|
|
stateStore.On("Load").Return(state, nil)
|
|
blockStore := &mocks.BlockStore{}
|
|
blockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
|
|
blockStore.On("LoadBlockMeta", height).Return(&types.BlockMeta{Header: *trusted.Header})
|
|
blockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
|
|
blockStore.On("LoadBlockCommit", height).Return(trusted.Commit)
|
|
pool := evidence.NewPool(log.NewNopLogger(), dbm.NewMemDB(), stateStore, blockStore, evidence.NopMetrics(), nil)
|
|
|
|
evList := types.EvidenceList{ev}
|
|
// check that the evidence pool correctly verifies the evidence
|
|
assert.NoError(t, pool.CheckEvidence(ctx, evList))
|
|
|
|
// as it was not originally in the pending bucket, it should now have been added
|
|
pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
|
|
assert.Equal(t, 1, len(pendingEvs))
|
|
assert.Equal(t, ev, pendingEvs[0])
|
|
|
|
// if we submit evidence only against a single byzantine validator when we see there are more validators then this
|
|
// should return an error
|
|
ev.ByzantineValidators = ev.ByzantineValidators[:1]
|
|
assert.Error(t, pool.CheckEvidence(ctx, evList))
|
|
// restore original byz vals
|
|
ev.ByzantineValidators = ev.GetByzantineValidators(common.ValidatorSet, trusted.SignedHeader)
|
|
|
|
// duplicate evidence should be rejected
|
|
evList = types.EvidenceList{ev, ev}
|
|
pool = evidence.NewPool(logger, dbm.NewMemDB(), stateStore, blockStore, evidence.NopMetrics(), nil)
|
|
assert.Error(t, pool.CheckEvidence(ctx, evList))
|
|
|
|
// If evidence is submitted with an altered timestamp it should return an error
|
|
eventBus := eventbus.NewDefault(logger)
|
|
require.NoError(t, eventBus.Start(ctx))
|
|
|
|
ev.Timestamp = defaultEvidenceTime.Add(1 * time.Minute)
|
|
pool = evidence.NewPool(logger, dbm.NewMemDB(), stateStore, blockStore, evidence.NopMetrics(), eventBus)
|
|
|
|
err := pool.AddEvidence(ctx, ev)
|
|
assert.Error(t, err)
|
|
ev.Timestamp = defaultEvidenceTime
|
|
|
|
// Evidence submitted with a different validator power should fail
|
|
ev.TotalVotingPower = 1
|
|
pool = evidence.NewPool(logger, dbm.NewMemDB(), stateStore, blockStore, evidence.NopMetrics(), nil)
|
|
err = pool.AddEvidence(ctx, ev)
|
|
assert.Error(t, err)
|
|
ev.TotalVotingPower = common.ValidatorSet.TotalVotingPower()
|
|
}
|
|
|
|
func TestVerify_ForwardLunaticAttack(t *testing.T) {
|
|
const (
|
|
nodeHeight int64 = 8
|
|
attackHeight int64 = 10
|
|
commonHeight int64 = 4
|
|
totalVals = 10
|
|
byzVals = 5
|
|
)
|
|
attackTime := defaultEvidenceTime.Add(1 * time.Hour)
|
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
logger := log.NewNopLogger()
|
|
|
|
// create a forward lunatic attack
|
|
ev, trusted, common := makeLunaticEvidence(ctx,
|
|
t, attackHeight, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
|
|
|
|
// now we try to test verification against state
|
|
state := sm.State{
|
|
LastBlockTime: defaultEvidenceTime.Add(2 * time.Hour),
|
|
LastBlockHeight: nodeHeight,
|
|
ConsensusParams: *types.DefaultConsensusParams(),
|
|
}
|
|
|
|
// modify trusted light block so that it is of a height less than the conflicting one
|
|
trusted.Header.Height = state.LastBlockHeight
|
|
trusted.Header.Time = state.LastBlockTime
|
|
|
|
stateStore := &smmocks.Store{}
|
|
stateStore.On("LoadValidators", commonHeight).Return(common.ValidatorSet, nil)
|
|
stateStore.On("Load").Return(state, nil)
|
|
blockStore := &mocks.BlockStore{}
|
|
blockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
|
|
blockStore.On("LoadBlockMeta", nodeHeight).Return(&types.BlockMeta{Header: *trusted.Header})
|
|
blockStore.On("LoadBlockMeta", attackHeight).Return(nil)
|
|
blockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
|
|
blockStore.On("LoadBlockCommit", nodeHeight).Return(trusted.Commit)
|
|
blockStore.On("Height").Return(nodeHeight)
|
|
|
|
eventBus := eventbus.NewDefault(logger)
|
|
require.NoError(t, eventBus.Start(ctx))
|
|
|
|
pool := evidence.NewPool(logger, dbm.NewMemDB(), stateStore, blockStore, evidence.NopMetrics(), eventBus)
|
|
|
|
// check that the evidence pool correctly verifies the evidence
|
|
assert.NoError(t, pool.CheckEvidence(ctx, types.EvidenceList{ev}))
|
|
|
|
// now we use a time which isn't able to contradict the FLA - thus we can't verify the evidence
|
|
oldBlockStore := &mocks.BlockStore{}
|
|
oldHeader := trusted.Header
|
|
oldHeader.Time = defaultEvidenceTime
|
|
oldBlockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
|
|
oldBlockStore.On("LoadBlockMeta", nodeHeight).Return(&types.BlockMeta{Header: *oldHeader})
|
|
oldBlockStore.On("LoadBlockMeta", attackHeight).Return(nil)
|
|
oldBlockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
|
|
oldBlockStore.On("LoadBlockCommit", nodeHeight).Return(trusted.Commit)
|
|
oldBlockStore.On("Height").Return(nodeHeight)
|
|
require.Equal(t, defaultEvidenceTime, oldBlockStore.LoadBlockMeta(nodeHeight).Header.Time)
|
|
|
|
pool = evidence.NewPool(logger, dbm.NewMemDB(), stateStore, oldBlockStore, evidence.NopMetrics(), nil)
|
|
assert.Error(t, pool.CheckEvidence(ctx, types.EvidenceList{ev}))
|
|
}
|
|
|
|
func TestVerifyLightClientAttack_Equivocation(t *testing.T) {
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
logger := log.NewNopLogger()
|
|
|
|
conflictingVals, conflictingPrivVals := factory.ValidatorSet(ctx, t, 5, 10)
|
|
|
|
conflictingHeader := factory.MakeHeader(t, &types.Header{
|
|
ChainID: evidenceChainID,
|
|
Height: 10,
|
|
Time: defaultEvidenceTime,
|
|
ValidatorsHash: conflictingVals.Hash(),
|
|
})
|
|
|
|
trustedHeader := factory.MakeHeader(t, &types.Header{
|
|
ChainID: evidenceChainID,
|
|
Height: 10,
|
|
Time: defaultEvidenceTime,
|
|
ValidatorsHash: conflictingHeader.ValidatorsHash,
|
|
NextValidatorsHash: conflictingHeader.NextValidatorsHash,
|
|
ConsensusHash: conflictingHeader.ConsensusHash,
|
|
AppHash: conflictingHeader.AppHash,
|
|
LastResultsHash: conflictingHeader.LastResultsHash,
|
|
})
|
|
|
|
// we are simulating a duplicate vote attack where all the validators in the conflictingVals set
|
|
// except the last validator vote twice
|
|
blockID := factory.MakeBlockIDWithHash(conflictingHeader.Hash())
|
|
voteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals)
|
|
extCommit, err := factory.MakeExtendedCommit(ctx, blockID, 10, 1, voteSet, conflictingPrivVals[:4], defaultEvidenceTime)
|
|
require.NoError(t, err)
|
|
commit := extCommit.StripExtensions()
|
|
|
|
ev := &types.LightClientAttackEvidence{
|
|
ConflictingBlock: &types.LightBlock{
|
|
SignedHeader: &types.SignedHeader{
|
|
Header: conflictingHeader,
|
|
Commit: commit,
|
|
},
|
|
ValidatorSet: conflictingVals,
|
|
},
|
|
CommonHeight: 10,
|
|
ByzantineValidators: conflictingVals.Validators[:4],
|
|
TotalVotingPower: 50,
|
|
Timestamp: defaultEvidenceTime,
|
|
}
|
|
|
|
trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash"))
|
|
trustedVoteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals)
|
|
trustedExtCommit, err := factory.MakeExtendedCommit(ctx, trustedBlockID, 10, 1,
|
|
trustedVoteSet, conflictingPrivVals, defaultEvidenceTime)
|
|
require.NoError(t, err)
|
|
trustedCommit := trustedExtCommit.StripExtensions()
|
|
|
|
trustedSignedHeader := &types.SignedHeader{
|
|
Header: trustedHeader,
|
|
Commit: trustedCommit,
|
|
}
|
|
|
|
// good pass -> no error
|
|
require.NoError(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, conflictingVals,
|
|
defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
|
|
|
|
// trusted and conflicting hashes are the same -> an error should be returned
|
|
assert.Error(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, ev.ConflictingBlock.SignedHeader, conflictingVals,
|
|
defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
|
|
|
|
// conflicting header has different next validators hash which should have been correctly derived from
|
|
// the previous round
|
|
ev.ConflictingBlock.Header.NextValidatorsHash = crypto.CRandBytes(crypto.HashSize)
|
|
assert.Error(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, nil,
|
|
defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
|
|
|
|
// revert next validators hash
|
|
ev.ConflictingBlock.Header.NextValidatorsHash = trustedHeader.NextValidatorsHash
|
|
|
|
state := sm.State{
|
|
LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute),
|
|
LastBlockHeight: 11,
|
|
ConsensusParams: *types.DefaultConsensusParams(),
|
|
}
|
|
stateStore := &smmocks.Store{}
|
|
stateStore.On("LoadValidators", int64(10)).Return(conflictingVals, nil)
|
|
stateStore.On("Load").Return(state, nil)
|
|
blockStore := &mocks.BlockStore{}
|
|
blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: *trustedHeader})
|
|
blockStore.On("LoadBlockCommit", int64(10)).Return(trustedCommit)
|
|
|
|
eventBus := eventbus.NewDefault(logger)
|
|
require.NoError(t, eventBus.Start(ctx))
|
|
|
|
pool := evidence.NewPool(logger, dbm.NewMemDB(), stateStore, blockStore, evidence.NopMetrics(), eventBus)
|
|
|
|
evList := types.EvidenceList{ev}
|
|
err = pool.CheckEvidence(ctx, evList)
|
|
assert.NoError(t, err)
|
|
|
|
pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
|
|
assert.Equal(t, 1, len(pendingEvs))
|
|
}
|
|
|
|
func TestVerifyLightClientAttack_Amnesia(t *testing.T) {
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
logger := log.NewNopLogger()
|
|
|
|
var height int64 = 10
|
|
conflictingVals, conflictingPrivVals := factory.ValidatorSet(ctx, t, 5, 10)
|
|
|
|
conflictingHeader := factory.MakeHeader(t, &types.Header{
|
|
ChainID: evidenceChainID,
|
|
Height: height,
|
|
Time: defaultEvidenceTime,
|
|
ValidatorsHash: conflictingVals.Hash(),
|
|
})
|
|
|
|
trustedHeader := factory.MakeHeader(t, &types.Header{
|
|
ChainID: evidenceChainID,
|
|
Height: height,
|
|
Time: defaultEvidenceTime,
|
|
ValidatorsHash: conflictingHeader.ValidatorsHash,
|
|
NextValidatorsHash: conflictingHeader.NextValidatorsHash,
|
|
ConsensusHash: conflictingHeader.ConsensusHash,
|
|
AppHash: conflictingHeader.AppHash,
|
|
LastResultsHash: conflictingHeader.LastResultsHash,
|
|
})
|
|
|
|
// we are simulating an amnesia attack where all the validators in the conflictingVals set
|
|
// except the last validator vote twice. However this time the commits are of different rounds.
|
|
blockID := makeBlockID(conflictingHeader.Hash(), 1000, []byte("partshash"))
|
|
voteSet := types.NewVoteSet(evidenceChainID, height, 0, tmproto.SignedMsgType(2), conflictingVals)
|
|
extCommit, err := factory.MakeExtendedCommit(ctx, blockID, height, 0, voteSet, conflictingPrivVals, defaultEvidenceTime)
|
|
require.NoError(t, err)
|
|
commit := extCommit.StripExtensions()
|
|
|
|
ev := &types.LightClientAttackEvidence{
|
|
ConflictingBlock: &types.LightBlock{
|
|
SignedHeader: &types.SignedHeader{
|
|
Header: conflictingHeader,
|
|
Commit: commit,
|
|
},
|
|
ValidatorSet: conflictingVals,
|
|
},
|
|
CommonHeight: height,
|
|
ByzantineValidators: nil, // with amnesia evidence no validators are submitted as abci evidence
|
|
TotalVotingPower: 50,
|
|
Timestamp: defaultEvidenceTime,
|
|
}
|
|
|
|
trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash"))
|
|
trustedVoteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), conflictingVals)
|
|
trustedExtCommit, err := factory.MakeExtendedCommit(ctx, trustedBlockID, height, 1,
|
|
trustedVoteSet, conflictingPrivVals, defaultEvidenceTime)
|
|
require.NoError(t, err)
|
|
trustedCommit := trustedExtCommit.StripExtensions()
|
|
|
|
trustedSignedHeader := &types.SignedHeader{
|
|
Header: trustedHeader,
|
|
Commit: trustedCommit,
|
|
}
|
|
|
|
// good pass -> no error
|
|
require.NoError(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, conflictingVals,
|
|
defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
|
|
|
|
// trusted and conflicting hashes are the same -> an error should be returned
|
|
assert.Error(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, ev.ConflictingBlock.SignedHeader, conflictingVals,
|
|
defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
|
|
|
|
state := sm.State{
|
|
LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute),
|
|
LastBlockHeight: 11,
|
|
ConsensusParams: *types.DefaultConsensusParams(),
|
|
}
|
|
stateStore := &smmocks.Store{}
|
|
stateStore.On("LoadValidators", int64(10)).Return(conflictingVals, nil)
|
|
stateStore.On("Load").Return(state, nil)
|
|
blockStore := &mocks.BlockStore{}
|
|
blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: *trustedHeader})
|
|
blockStore.On("LoadBlockCommit", int64(10)).Return(trustedCommit)
|
|
|
|
eventBus := eventbus.NewDefault(logger)
|
|
require.NoError(t, eventBus.Start(ctx))
|
|
|
|
pool := evidence.NewPool(logger, dbm.NewMemDB(), stateStore, blockStore, evidence.NopMetrics(), eventBus)
|
|
|
|
evList := types.EvidenceList{ev}
|
|
err = pool.CheckEvidence(ctx, evList)
|
|
assert.NoError(t, err)
|
|
|
|
pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
|
|
assert.Equal(t, 1, len(pendingEvs))
|
|
}
|
|
|
|
type voteData struct {
|
|
vote1 *types.Vote
|
|
vote2 *types.Vote
|
|
valid bool
|
|
}
|
|
|
|
func TestVerifyDuplicateVoteEvidence(t *testing.T) {
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
defer cancel()
|
|
|
|
logger := log.NewNopLogger()
|
|
val := types.NewMockPV()
|
|
val2 := types.NewMockPV()
|
|
valSet := types.NewValidatorSet([]*types.Validator{val.ExtractIntoValidator(ctx, 1)})
|
|
|
|
blockID := makeBlockID([]byte("blockhash"), 1000, []byte("partshash"))
|
|
blockID2 := makeBlockID([]byte("blockhash2"), 1000, []byte("partshash"))
|
|
blockID3 := makeBlockID([]byte("blockhash"), 10000, []byte("partshash"))
|
|
blockID4 := makeBlockID([]byte("blockhash"), 10000, []byte("partshash2"))
|
|
|
|
const chainID = "mychain"
|
|
|
|
vote1 := makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime)
|
|
v1 := vote1.ToProto()
|
|
err := val.SignVote(ctx, chainID, v1)
|
|
require.NoError(t, err)
|
|
badVote := makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime)
|
|
bv := badVote.ToProto()
|
|
err = val2.SignVote(ctx, chainID, bv)
|
|
require.NoError(t, err)
|
|
|
|
vote1.Signature = v1.Signature
|
|
badVote.Signature = bv.Signature
|
|
|
|
cases := []voteData{
|
|
{vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID2, defaultEvidenceTime), true}, // different block ids
|
|
{vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID3, defaultEvidenceTime), true},
|
|
{vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID4, defaultEvidenceTime), true},
|
|
{vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime), false}, // wrong block id
|
|
{vote1, makeVote(ctx, t, val, "mychain2", 0, 10, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong chain id
|
|
{vote1, makeVote(ctx, t, val, chainID, 0, 11, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong height
|
|
{vote1, makeVote(ctx, t, val, chainID, 0, 10, 3, 1, blockID2, defaultEvidenceTime), false}, // wrong round
|
|
{vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 2, blockID2, defaultEvidenceTime), false}, // wrong step
|
|
{vote1, makeVote(ctx, t, val2, chainID, 0, 10, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong validator
|
|
// a different vote time doesn't matter
|
|
{vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID2, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)), true},
|
|
{vote1, badVote, false}, // signed by wrong key
|
|
}
|
|
|
|
require.NoError(t, err)
|
|
for _, c := range cases {
|
|
ev := &types.DuplicateVoteEvidence{
|
|
VoteA: c.vote1,
|
|
VoteB: c.vote2,
|
|
ValidatorPower: 1,
|
|
TotalVotingPower: 1,
|
|
Timestamp: defaultEvidenceTime,
|
|
}
|
|
if c.valid {
|
|
assert.Nil(t, evidence.VerifyDuplicateVote(ev, chainID, valSet), "evidence should be valid")
|
|
} else {
|
|
assert.NotNil(t, evidence.VerifyDuplicateVote(ev, chainID, valSet), "evidence should be invalid")
|
|
}
|
|
}
|
|
|
|
// create good evidence and correct validator power
|
|
goodEv, err := types.NewMockDuplicateVoteEvidenceWithValidator(ctx, 10, defaultEvidenceTime, val, chainID)
|
|
require.NoError(t, err)
|
|
goodEv.ValidatorPower = 1
|
|
goodEv.TotalVotingPower = 1
|
|
badEv, err := types.NewMockDuplicateVoteEvidenceWithValidator(ctx, 10, defaultEvidenceTime, val, chainID)
|
|
require.NoError(t, err)
|
|
badTimeEv, err := types.NewMockDuplicateVoteEvidenceWithValidator(ctx, 10, defaultEvidenceTime.Add(1*time.Minute), val, chainID)
|
|
require.NoError(t, err)
|
|
badTimeEv.ValidatorPower = 1
|
|
badTimeEv.TotalVotingPower = 1
|
|
state := sm.State{
|
|
ChainID: chainID,
|
|
LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute),
|
|
LastBlockHeight: 11,
|
|
ConsensusParams: *types.DefaultConsensusParams(),
|
|
}
|
|
stateStore := &smmocks.Store{}
|
|
stateStore.On("LoadValidators", int64(10)).Return(valSet, nil)
|
|
stateStore.On("Load").Return(state, nil)
|
|
blockStore := &mocks.BlockStore{}
|
|
blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: types.Header{Time: defaultEvidenceTime}})
|
|
|
|
eventBus := eventbus.NewDefault(logger)
|
|
require.NoError(t, eventBus.Start(ctx))
|
|
|
|
pool := evidence.NewPool(logger, dbm.NewMemDB(), stateStore, blockStore, evidence.NopMetrics(), eventBus)
|
|
startPool(t, pool, stateStore)
|
|
|
|
evList := types.EvidenceList{goodEv}
|
|
err = pool.CheckEvidence(ctx, evList)
|
|
assert.NoError(t, err)
|
|
|
|
// evidence with a different validator power should fail
|
|
evList = types.EvidenceList{badEv}
|
|
err = pool.CheckEvidence(ctx, evList)
|
|
assert.Error(t, err)
|
|
|
|
// evidence with a different timestamp should fail
|
|
evList = types.EvidenceList{badTimeEv}
|
|
err = pool.CheckEvidence(ctx, evList)
|
|
assert.Error(t, err)
|
|
}
|
|
|
|
func makeLunaticEvidence(
|
|
ctx context.Context,
|
|
t *testing.T,
|
|
height, commonHeight int64,
|
|
totalVals, byzVals, phantomVals int,
|
|
commonTime, attackTime time.Time,
|
|
) (ev *types.LightClientAttackEvidence, trusted *types.LightBlock, common *types.LightBlock) {
|
|
t.Helper()
|
|
|
|
commonValSet, commonPrivVals := factory.ValidatorSet(ctx, t, totalVals, defaultVotingPower)
|
|
|
|
require.Greater(t, totalVals, byzVals)
|
|
|
|
// extract out the subset of byzantine validators in the common validator set
|
|
byzValSet, byzPrivVals := commonValSet.Validators[:byzVals], commonPrivVals[:byzVals]
|
|
|
|
phantomValSet, phantomPrivVals := factory.ValidatorSet(ctx, t, phantomVals, defaultVotingPower)
|
|
|
|
conflictingVals := phantomValSet.Copy()
|
|
require.NoError(t, conflictingVals.UpdateWithChangeSet(byzValSet))
|
|
conflictingPrivVals := append(phantomPrivVals, byzPrivVals...)
|
|
|
|
conflictingPrivVals = orderPrivValsByValSet(ctx, t, conflictingVals, conflictingPrivVals)
|
|
|
|
commonHeader := factory.MakeHeader(t, &types.Header{
|
|
ChainID: evidenceChainID,
|
|
Height: commonHeight,
|
|
Time: commonTime,
|
|
})
|
|
|
|
trustedHeader := factory.MakeHeader(t, &types.Header{
|
|
ChainID: evidenceChainID,
|
|
Height: height,
|
|
Time: defaultEvidenceTime,
|
|
})
|
|
|
|
conflictingHeader := factory.MakeHeader(t, &types.Header{
|
|
ChainID: evidenceChainID,
|
|
Height: height,
|
|
Time: attackTime,
|
|
ValidatorsHash: conflictingVals.Hash(),
|
|
})
|
|
|
|
blockID := factory.MakeBlockIDWithHash(conflictingHeader.Hash())
|
|
voteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), conflictingVals)
|
|
extCommit, err := factory.MakeExtendedCommit(ctx, blockID, height, 1, voteSet, conflictingPrivVals, defaultEvidenceTime)
|
|
require.NoError(t, err)
|
|
commit := extCommit.StripExtensions()
|
|
|
|
ev = &types.LightClientAttackEvidence{
|
|
ConflictingBlock: &types.LightBlock{
|
|
SignedHeader: &types.SignedHeader{
|
|
Header: conflictingHeader,
|
|
Commit: commit,
|
|
},
|
|
ValidatorSet: conflictingVals,
|
|
},
|
|
CommonHeight: commonHeight,
|
|
TotalVotingPower: commonValSet.TotalVotingPower(),
|
|
ByzantineValidators: byzValSet,
|
|
Timestamp: commonTime,
|
|
}
|
|
|
|
common = &types.LightBlock{
|
|
SignedHeader: &types.SignedHeader{
|
|
Header: commonHeader,
|
|
// we can leave this empty because we shouldn't be checking this
|
|
Commit: &types.Commit{},
|
|
},
|
|
ValidatorSet: commonValSet,
|
|
}
|
|
trustedBlockID := factory.MakeBlockIDWithHash(trustedHeader.Hash())
|
|
trustedVals, privVals := factory.ValidatorSet(ctx, t, totalVals, defaultVotingPower)
|
|
trustedVoteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), trustedVals)
|
|
trustedExtCommit, err := factory.MakeExtendedCommit(ctx, trustedBlockID, height, 1, trustedVoteSet, privVals, defaultEvidenceTime)
|
|
require.NoError(t, err)
|
|
trustedCommit := trustedExtCommit.StripExtensions()
|
|
|
|
trusted = &types.LightBlock{
|
|
SignedHeader: &types.SignedHeader{
|
|
Header: trustedHeader,
|
|
Commit: trustedCommit,
|
|
},
|
|
ValidatorSet: trustedVals,
|
|
}
|
|
return ev, trusted, common
|
|
}
|
|
|
|
func makeVote(
|
|
ctx context.Context,
|
|
t *testing.T, val types.PrivValidator, chainID string, valIndex int32, height int64,
|
|
round int32, step int, blockID types.BlockID, time time.Time,
|
|
) *types.Vote {
|
|
pubKey, err := val.GetPubKey(ctx)
|
|
require.NoError(t, err)
|
|
v := &types.Vote{
|
|
ValidatorAddress: pubKey.Address(),
|
|
ValidatorIndex: valIndex,
|
|
Height: height,
|
|
Round: round,
|
|
Type: tmproto.SignedMsgType(step),
|
|
BlockID: blockID,
|
|
Timestamp: time,
|
|
}
|
|
|
|
vpb := v.ToProto()
|
|
err = val.SignVote(ctx, chainID, vpb)
|
|
require.NoError(t, err)
|
|
v.Signature = vpb.Signature
|
|
return v
|
|
}
|
|
|
|
func makeBlockID(hash []byte, partSetSize uint32, partSetHash []byte) types.BlockID {
|
|
var (
|
|
h = make([]byte, crypto.HashSize)
|
|
psH = make([]byte, crypto.HashSize)
|
|
)
|
|
copy(h, hash)
|
|
copy(psH, partSetHash)
|
|
return types.BlockID{
|
|
Hash: h,
|
|
PartSetHeader: types.PartSetHeader{
|
|
Total: partSetSize,
|
|
Hash: psH,
|
|
},
|
|
}
|
|
}
|
|
|
|
func orderPrivValsByValSet(ctx context.Context, t *testing.T, vals *types.ValidatorSet, privVals []types.PrivValidator) []types.PrivValidator {
|
|
output := make([]types.PrivValidator, len(privVals))
|
|
for idx, v := range vals.Validators {
|
|
for _, p := range privVals {
|
|
pubKey, err := p.GetPubKey(ctx)
|
|
require.NoError(t, err)
|
|
if bytes.Equal(v.Address, pubKey.Address()) {
|
|
output[idx] = p
|
|
break
|
|
}
|
|
}
|
|
require.NotEmpty(t, output[idx])
|
|
}
|
|
return output
|
|
}
|