mirror of
https://github.com/tendermint/tendermint.git
synced 2026-01-07 13:55:17 +00:00
dbe2146d0a
Add package jsontypes that implements a subset of the custom libs/json package. Specifically it handles encoding and decoding of interface types wrapped in "tagged" JSON objects. It omits the deep reflection on arbitrary types, preserving only the handling of type tags wrapper encoding. - Register interface types (Evidence, PubKey, PrivKey) for tagged encoding. - Update the existing implementations to satisfy the type. - Register those types with the jsontypes registry. - Add string tags to 64-bit integer fields where needed. - Add marshalers to structs that export interface-typed fields.
737 lines
25 KiB
Go
737 lines
25 KiB
Go
package types
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/binary"
|
|
"errors"
|
|
"fmt"
|
|
"sort"
|
|
"strings"
|
|
"time"
|
|
|
|
abci "github.com/tendermint/tendermint/abci/types"
|
|
"github.com/tendermint/tendermint/crypto/merkle"
|
|
"github.com/tendermint/tendermint/crypto/tmhash"
|
|
"github.com/tendermint/tendermint/internal/jsontypes"
|
|
tmjson "github.com/tendermint/tendermint/libs/json"
|
|
tmrand "github.com/tendermint/tendermint/libs/rand"
|
|
tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
|
|
)
|
|
|
|
// Evidence represents any provable malicious activity by a validator.
|
|
// Verification logic for each evidence is part of the evidence module.
|
|
type Evidence interface {
|
|
ABCI() []abci.Evidence // forms individual evidence to be sent to the application
|
|
Bytes() []byte // bytes which comprise the evidence
|
|
Hash() []byte // hash of the evidence
|
|
Height() int64 // height of the infraction
|
|
String() string // string format of the evidence
|
|
Time() time.Time // time of the infraction
|
|
ValidateBasic() error // basic consistency check
|
|
|
|
// Implementations must support tagged encoding in JSON.
|
|
jsontypes.Tagged
|
|
}
|
|
|
|
//--------------------------------------------------------------------------------------
|
|
|
|
// DuplicateVoteEvidence contains evidence of a single validator signing two conflicting votes.
|
|
type DuplicateVoteEvidence struct {
|
|
VoteA *Vote `json:"vote_a"`
|
|
VoteB *Vote `json:"vote_b"`
|
|
|
|
// abci specific information
|
|
TotalVotingPower int64 `json:",string"`
|
|
ValidatorPower int64 `json:",string"`
|
|
Timestamp time.Time
|
|
}
|
|
|
|
// TypeTag implements the jsontypes.Tagged interface.
|
|
func (*DuplicateVoteEvidence) TypeTag() string { return "tendermint/DuplicateVoteEvidence" }
|
|
|
|
var _ Evidence = &DuplicateVoteEvidence{}
|
|
|
|
// NewDuplicateVoteEvidence creates DuplicateVoteEvidence with right ordering given
|
|
// two conflicting votes. If either of the votes is nil, the val set is nil or the voter is
|
|
// not in the val set, an error is returned
|
|
func NewDuplicateVoteEvidence(vote1, vote2 *Vote, blockTime time.Time, valSet *ValidatorSet,
|
|
) (*DuplicateVoteEvidence, error) {
|
|
var voteA, voteB *Vote
|
|
if vote1 == nil || vote2 == nil {
|
|
return nil, errors.New("missing vote")
|
|
}
|
|
if valSet == nil {
|
|
return nil, errors.New("missing validator set")
|
|
}
|
|
idx, val := valSet.GetByAddress(vote1.ValidatorAddress)
|
|
if idx == -1 {
|
|
return nil, errors.New("validator not in validator set")
|
|
}
|
|
|
|
if strings.Compare(vote1.BlockID.Key(), vote2.BlockID.Key()) == -1 {
|
|
voteA = vote1
|
|
voteB = vote2
|
|
} else {
|
|
voteA = vote2
|
|
voteB = vote1
|
|
}
|
|
return &DuplicateVoteEvidence{
|
|
VoteA: voteA,
|
|
VoteB: voteB,
|
|
TotalVotingPower: valSet.TotalVotingPower(),
|
|
ValidatorPower: val.VotingPower,
|
|
Timestamp: blockTime,
|
|
}, nil
|
|
}
|
|
|
|
// ABCI returns the application relevant representation of the evidence
|
|
func (dve *DuplicateVoteEvidence) ABCI() []abci.Evidence {
|
|
return []abci.Evidence{{
|
|
Type: abci.EvidenceType_DUPLICATE_VOTE,
|
|
Validator: abci.Validator{
|
|
Address: dve.VoteA.ValidatorAddress,
|
|
Power: dve.ValidatorPower,
|
|
},
|
|
Height: dve.VoteA.Height,
|
|
Time: dve.Timestamp,
|
|
TotalVotingPower: dve.TotalVotingPower,
|
|
}}
|
|
}
|
|
|
|
// Bytes returns the proto-encoded evidence as a byte array.
|
|
func (dve *DuplicateVoteEvidence) Bytes() []byte {
|
|
pbe := dve.ToProto()
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic("marshaling duplicate vote evidence to bytes: " + err.Error())
|
|
}
|
|
|
|
return bz
|
|
}
|
|
|
|
// Hash returns the hash of the evidence.
|
|
func (dve *DuplicateVoteEvidence) Hash() []byte {
|
|
return tmhash.Sum(dve.Bytes())
|
|
}
|
|
|
|
// Height returns the height of the infraction
|
|
func (dve *DuplicateVoteEvidence) Height() int64 {
|
|
return dve.VoteA.Height
|
|
}
|
|
|
|
// String returns a string representation of the evidence.
|
|
func (dve *DuplicateVoteEvidence) String() string {
|
|
return fmt.Sprintf("DuplicateVoteEvidence{VoteA: %v, VoteB: %v}", dve.VoteA, dve.VoteB)
|
|
}
|
|
|
|
// Time returns the time of the infraction
|
|
func (dve *DuplicateVoteEvidence) Time() time.Time {
|
|
return dve.Timestamp
|
|
}
|
|
|
|
// ValidateBasic performs basic validation.
|
|
func (dve *DuplicateVoteEvidence) ValidateBasic() error {
|
|
if dve == nil {
|
|
return errors.New("empty duplicate vote evidence")
|
|
}
|
|
|
|
if dve.VoteA == nil || dve.VoteB == nil {
|
|
return fmt.Errorf("one or both of the votes are empty %v, %v", dve.VoteA, dve.VoteB)
|
|
}
|
|
if err := dve.VoteA.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid VoteA: %w", err)
|
|
}
|
|
if err := dve.VoteB.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid VoteB: %w", err)
|
|
}
|
|
// Enforce Votes are lexicographically sorted on blockID
|
|
if strings.Compare(dve.VoteA.BlockID.Key(), dve.VoteB.BlockID.Key()) >= 0 {
|
|
return errors.New("duplicate votes in invalid order")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ValidateABCI validates the ABCI component of the evidence by checking the
|
|
// timestamp, validator power and total voting power.
|
|
func (dve *DuplicateVoteEvidence) ValidateABCI(
|
|
val *Validator,
|
|
valSet *ValidatorSet,
|
|
evidenceTime time.Time,
|
|
) error {
|
|
|
|
if dve.Timestamp != evidenceTime {
|
|
return fmt.Errorf(
|
|
"evidence has a different time to the block it is associated with (%v != %v)",
|
|
dve.Timestamp, evidenceTime)
|
|
}
|
|
|
|
if val.VotingPower != dve.ValidatorPower {
|
|
return fmt.Errorf("validator power from evidence and our validator set does not match (%d != %d)",
|
|
dve.ValidatorPower, val.VotingPower)
|
|
}
|
|
if valSet.TotalVotingPower() != dve.TotalVotingPower {
|
|
return fmt.Errorf("total voting power from the evidence and our validator set does not match (%d != %d)",
|
|
dve.TotalVotingPower, valSet.TotalVotingPower())
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// GenerateABCI populates the ABCI component of the evidence. This includes the
|
|
// validator power, timestamp and total voting power.
|
|
func (dve *DuplicateVoteEvidence) GenerateABCI(
|
|
val *Validator,
|
|
valSet *ValidatorSet,
|
|
evidenceTime time.Time,
|
|
) {
|
|
dve.ValidatorPower = val.VotingPower
|
|
dve.TotalVotingPower = valSet.TotalVotingPower()
|
|
dve.Timestamp = evidenceTime
|
|
}
|
|
|
|
// ToProto encodes DuplicateVoteEvidence to protobuf
|
|
func (dve *DuplicateVoteEvidence) ToProto() *tmproto.DuplicateVoteEvidence {
|
|
voteB := dve.VoteB.ToProto()
|
|
voteA := dve.VoteA.ToProto()
|
|
tp := tmproto.DuplicateVoteEvidence{
|
|
VoteA: voteA,
|
|
VoteB: voteB,
|
|
TotalVotingPower: dve.TotalVotingPower,
|
|
ValidatorPower: dve.ValidatorPower,
|
|
Timestamp: dve.Timestamp,
|
|
}
|
|
return &tp
|
|
}
|
|
|
|
// DuplicateVoteEvidenceFromProto decodes protobuf into DuplicateVoteEvidence
|
|
func DuplicateVoteEvidenceFromProto(pb *tmproto.DuplicateVoteEvidence) (*DuplicateVoteEvidence, error) {
|
|
if pb == nil {
|
|
return nil, errors.New("nil duplicate vote evidence")
|
|
}
|
|
|
|
vA, err := VoteFromProto(pb.VoteA)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
vB, err := VoteFromProto(pb.VoteB)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dve := &DuplicateVoteEvidence{
|
|
VoteA: vA,
|
|
VoteB: vB,
|
|
TotalVotingPower: pb.TotalVotingPower,
|
|
ValidatorPower: pb.ValidatorPower,
|
|
Timestamp: pb.Timestamp,
|
|
}
|
|
|
|
return dve, dve.ValidateBasic()
|
|
}
|
|
|
|
//------------------------------------ LIGHT EVIDENCE --------------------------------------
|
|
|
|
// LightClientAttackEvidence is a generalized evidence that captures all forms of known attacks on
|
|
// a light client such that a full node can verify, propose and commit the evidence on-chain for
|
|
// punishment of the malicious validators. There are three forms of attacks: Lunatic, Equivocation
|
|
// and Amnesia. These attacks are exhaustive. You can find a more detailed overview of this at
|
|
// tendermint/docs/architecture/adr-047-handling-evidence-from-light-client.md
|
|
//
|
|
// CommonHeight is used to indicate the type of attack. If the height is different to the conflicting block
|
|
// height, then nodes will treat this as of the Lunatic form, else it is of the Equivocation form.
|
|
type LightClientAttackEvidence struct {
|
|
ConflictingBlock *LightBlock
|
|
CommonHeight int64 `json:",string"`
|
|
|
|
// abci specific information
|
|
ByzantineValidators []*Validator // validators in the validator set that misbehaved in creating the conflicting block
|
|
TotalVotingPower int64 `json:",string"` // total voting power of the validator set at the common height
|
|
Timestamp time.Time // timestamp of the block at the common height
|
|
}
|
|
|
|
// TypeTag implements the jsontypes.Tagged interface.
|
|
func (*LightClientAttackEvidence) TypeTag() string { return "tendermint/LightClientAttackEvidence" }
|
|
|
|
var _ Evidence = &LightClientAttackEvidence{}
|
|
|
|
// ABCI forms an array of abci evidence for each byzantine validator
|
|
func (l *LightClientAttackEvidence) ABCI() []abci.Evidence {
|
|
abciEv := make([]abci.Evidence, len(l.ByzantineValidators))
|
|
for idx, val := range l.ByzantineValidators {
|
|
abciEv[idx] = abci.Evidence{
|
|
Type: abci.EvidenceType_LIGHT_CLIENT_ATTACK,
|
|
Validator: TM2PB.Validator(val),
|
|
Height: l.Height(),
|
|
Time: l.Timestamp,
|
|
TotalVotingPower: l.TotalVotingPower,
|
|
}
|
|
}
|
|
return abciEv
|
|
}
|
|
|
|
// Bytes returns the proto-encoded evidence as a byte array
|
|
func (l *LightClientAttackEvidence) Bytes() []byte {
|
|
pbe, err := l.ToProto()
|
|
if err != nil {
|
|
panic("converting light client attack evidence to proto: " + err.Error())
|
|
}
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic("marshaling light client attack evidence to bytes: " + err.Error())
|
|
}
|
|
return bz
|
|
}
|
|
|
|
// GetByzantineValidators finds out what style of attack LightClientAttackEvidence was and then works out who
|
|
// the malicious validators were and returns them. This is used both for forming the ByzantineValidators
|
|
// field and for validating that it is correct. Validators are ordered based on validator power
|
|
func (l *LightClientAttackEvidence) GetByzantineValidators(commonVals *ValidatorSet,
|
|
trusted *SignedHeader) []*Validator {
|
|
var validators []*Validator
|
|
// First check if the header is invalid. This means that it is a lunatic attack and therefore we take the
|
|
// validators who are in the commonVals and voted for the lunatic header
|
|
if l.ConflictingHeaderIsInvalid(trusted.Header) {
|
|
for _, commitSig := range l.ConflictingBlock.Commit.Signatures {
|
|
if !commitSig.ForBlock() {
|
|
continue
|
|
}
|
|
|
|
_, val := commonVals.GetByAddress(commitSig.ValidatorAddress)
|
|
if val == nil {
|
|
// validator wasn't in the common validator set
|
|
continue
|
|
}
|
|
validators = append(validators, val)
|
|
}
|
|
sort.Sort(ValidatorsByVotingPower(validators))
|
|
return validators
|
|
} else if trusted.Commit.Round == l.ConflictingBlock.Commit.Round {
|
|
// This is an equivocation attack as both commits are in the same round. We then find the validators
|
|
// from the conflicting light block validator set that voted in both headers.
|
|
// Validator hashes are the same therefore the indexing order of validators are the same and thus we
|
|
// only need a single loop to find the validators that voted twice.
|
|
for i := 0; i < len(l.ConflictingBlock.Commit.Signatures); i++ {
|
|
sigA := l.ConflictingBlock.Commit.Signatures[i]
|
|
if !sigA.ForBlock() {
|
|
continue
|
|
}
|
|
|
|
sigB := trusted.Commit.Signatures[i]
|
|
if !sigB.ForBlock() {
|
|
continue
|
|
}
|
|
|
|
_, val := l.ConflictingBlock.ValidatorSet.GetByAddress(sigA.ValidatorAddress)
|
|
validators = append(validators, val)
|
|
}
|
|
sort.Sort(ValidatorsByVotingPower(validators))
|
|
return validators
|
|
}
|
|
// if the rounds are different then this is an amnesia attack. Unfortunately, given the nature of the attack,
|
|
// we aren't able yet to deduce which are malicious validators and which are not hence we return an
|
|
// empty validator set.
|
|
return validators
|
|
}
|
|
|
|
// ConflictingHeaderIsInvalid takes a trusted header and matches it againt a conflicting header
|
|
// to determine whether the conflicting header was the product of a valid state transition
|
|
// or not. If it is then all the deterministic fields of the header should be the same.
|
|
// If not, it is an invalid header and constitutes a lunatic attack.
|
|
func (l *LightClientAttackEvidence) ConflictingHeaderIsInvalid(trustedHeader *Header) bool {
|
|
return !bytes.Equal(trustedHeader.ValidatorsHash, l.ConflictingBlock.ValidatorsHash) ||
|
|
!bytes.Equal(trustedHeader.NextValidatorsHash, l.ConflictingBlock.NextValidatorsHash) ||
|
|
!bytes.Equal(trustedHeader.ConsensusHash, l.ConflictingBlock.ConsensusHash) ||
|
|
!bytes.Equal(trustedHeader.AppHash, l.ConflictingBlock.AppHash) ||
|
|
!bytes.Equal(trustedHeader.LastResultsHash, l.ConflictingBlock.LastResultsHash)
|
|
|
|
}
|
|
|
|
// Hash returns the hash of the header and the commonHeight. This is designed to cause hash collisions
|
|
// with evidence that have the same conflicting header and common height but different permutations
|
|
// of validator commit signatures. The reason for this is that we don't want to allow several
|
|
// permutations of the same evidence to be committed on chain. Ideally we commit the header with the
|
|
// most commit signatures (captures the most byzantine validators) but anything greater than 1/3 is
|
|
// sufficient.
|
|
// TODO: We should change the hash to include the commit, header, total voting power, byzantine
|
|
// validators and timestamp
|
|
func (l *LightClientAttackEvidence) Hash() []byte {
|
|
buf := make([]byte, binary.MaxVarintLen64)
|
|
n := binary.PutVarint(buf, l.CommonHeight)
|
|
bz := make([]byte, tmhash.Size+n)
|
|
copy(bz[:tmhash.Size-1], l.ConflictingBlock.Hash().Bytes())
|
|
copy(bz[tmhash.Size:], buf)
|
|
return tmhash.Sum(bz)
|
|
}
|
|
|
|
// Height returns the last height at which the primary provider and witness provider had the same header.
|
|
// We use this as the height of the infraction rather than the actual conflicting header because we know
|
|
// that the malicious validators were bonded at this height which is important for evidence expiry
|
|
func (l *LightClientAttackEvidence) Height() int64 {
|
|
return l.CommonHeight
|
|
}
|
|
|
|
// String returns a string representation of LightClientAttackEvidence
|
|
func (l *LightClientAttackEvidence) String() string {
|
|
return fmt.Sprintf(`LightClientAttackEvidence{
|
|
ConflictingBlock: %v,
|
|
CommonHeight: %d,
|
|
ByzatineValidators: %v,
|
|
TotalVotingPower: %d,
|
|
Timestamp: %v}#%X`,
|
|
l.ConflictingBlock.String(), l.CommonHeight, l.ByzantineValidators,
|
|
l.TotalVotingPower, l.Timestamp, l.Hash())
|
|
}
|
|
|
|
// Time returns the time of the common block where the infraction leveraged off.
|
|
func (l *LightClientAttackEvidence) Time() time.Time {
|
|
return l.Timestamp
|
|
}
|
|
|
|
// ValidateBasic performs basic validation such that the evidence is consistent and can now be used for verification.
|
|
func (l *LightClientAttackEvidence) ValidateBasic() error {
|
|
if l.ConflictingBlock == nil {
|
|
return errors.New("conflicting block is nil")
|
|
}
|
|
|
|
// this check needs to be done before we can run validate basic
|
|
if l.ConflictingBlock.Header == nil {
|
|
return errors.New("conflicting block missing header")
|
|
}
|
|
|
|
if l.TotalVotingPower <= 0 {
|
|
return errors.New("negative or zero total voting power")
|
|
}
|
|
|
|
if l.CommonHeight <= 0 {
|
|
return errors.New("negative or zero common height")
|
|
}
|
|
|
|
// check that common height isn't ahead of the height of the conflicting block. It
|
|
// is possible that they are the same height if the light node witnesses either an
|
|
// amnesia or a equivocation attack.
|
|
if l.CommonHeight > l.ConflictingBlock.Height {
|
|
return fmt.Errorf("common height is ahead of the conflicting block height (%d > %d)",
|
|
l.CommonHeight, l.ConflictingBlock.Height)
|
|
}
|
|
|
|
if err := l.ConflictingBlock.ValidateBasic(l.ConflictingBlock.ChainID); err != nil {
|
|
return fmt.Errorf("invalid conflicting light block: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ValidateABCI validates the ABCI component of the evidence by checking the
|
|
// timestamp, byzantine validators and total voting power all match. ABCI
|
|
// components are validated separately because they can be re generated if
|
|
// invalid.
|
|
func (l *LightClientAttackEvidence) ValidateABCI(
|
|
commonVals *ValidatorSet,
|
|
trustedHeader *SignedHeader,
|
|
evidenceTime time.Time,
|
|
) error {
|
|
|
|
if evTotal, valsTotal := l.TotalVotingPower, commonVals.TotalVotingPower(); evTotal != valsTotal {
|
|
return fmt.Errorf("total voting power from the evidence and our validator set does not match (%d != %d)",
|
|
evTotal, valsTotal)
|
|
}
|
|
|
|
if l.Timestamp != evidenceTime {
|
|
return fmt.Errorf(
|
|
"evidence has a different time to the block it is associated with (%v != %v)",
|
|
l.Timestamp, evidenceTime)
|
|
}
|
|
|
|
// Find out what type of attack this was and thus extract the malicious
|
|
// validators. Note, in the case of an Amnesia attack we don't have any
|
|
// malicious validators.
|
|
validators := l.GetByzantineValidators(commonVals, trustedHeader)
|
|
|
|
// Ensure this matches the validators that are listed in the evidence. They
|
|
// should be ordered based on power.
|
|
if validators == nil && l.ByzantineValidators != nil {
|
|
return fmt.Errorf(
|
|
"expected nil validators from an amnesia light client attack but got %d",
|
|
len(l.ByzantineValidators),
|
|
)
|
|
}
|
|
|
|
if exp, got := len(validators), len(l.ByzantineValidators); exp != got {
|
|
return fmt.Errorf("expected %d byzantine validators from evidence but got %d", exp, got)
|
|
}
|
|
|
|
for idx, val := range validators {
|
|
if !bytes.Equal(l.ByzantineValidators[idx].Address, val.Address) {
|
|
return fmt.Errorf(
|
|
"evidence contained an unexpected byzantine validator address; expected: %v, got: %v",
|
|
val.Address, l.ByzantineValidators[idx].Address,
|
|
)
|
|
}
|
|
|
|
if l.ByzantineValidators[idx].VotingPower != val.VotingPower {
|
|
return fmt.Errorf(
|
|
"evidence contained unexpected byzantine validator power; expected %d, got %d",
|
|
val.VotingPower, l.ByzantineValidators[idx].VotingPower,
|
|
)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// GenerateABCI populates the ABCI component of the evidence: the timestamp,
|
|
// total voting power and byantine validators
|
|
func (l *LightClientAttackEvidence) GenerateABCI(
|
|
commonVals *ValidatorSet,
|
|
trustedHeader *SignedHeader,
|
|
evidenceTime time.Time,
|
|
) {
|
|
l.Timestamp = evidenceTime
|
|
l.TotalVotingPower = commonVals.TotalVotingPower()
|
|
l.ByzantineValidators = l.GetByzantineValidators(commonVals, trustedHeader)
|
|
}
|
|
|
|
// ToProto encodes LightClientAttackEvidence to protobuf
|
|
func (l *LightClientAttackEvidence) ToProto() (*tmproto.LightClientAttackEvidence, error) {
|
|
conflictingBlock, err := l.ConflictingBlock.ToProto()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
byzVals := make([]*tmproto.Validator, len(l.ByzantineValidators))
|
|
for idx, val := range l.ByzantineValidators {
|
|
valpb, err := val.ToProto()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
byzVals[idx] = valpb
|
|
}
|
|
|
|
return &tmproto.LightClientAttackEvidence{
|
|
ConflictingBlock: conflictingBlock,
|
|
CommonHeight: l.CommonHeight,
|
|
ByzantineValidators: byzVals,
|
|
TotalVotingPower: l.TotalVotingPower,
|
|
Timestamp: l.Timestamp,
|
|
}, nil
|
|
}
|
|
|
|
// LightClientAttackEvidenceFromProto decodes protobuf
|
|
func LightClientAttackEvidenceFromProto(lpb *tmproto.LightClientAttackEvidence) (*LightClientAttackEvidence, error) {
|
|
if lpb == nil {
|
|
return nil, errors.New("empty light client attack evidence")
|
|
}
|
|
|
|
conflictingBlock, err := LightBlockFromProto(lpb.ConflictingBlock)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
byzVals := make([]*Validator, len(lpb.ByzantineValidators))
|
|
for idx, valpb := range lpb.ByzantineValidators {
|
|
val, err := ValidatorFromProto(valpb)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
byzVals[idx] = val
|
|
}
|
|
|
|
l := &LightClientAttackEvidence{
|
|
ConflictingBlock: conflictingBlock,
|
|
CommonHeight: lpb.CommonHeight,
|
|
ByzantineValidators: byzVals,
|
|
TotalVotingPower: lpb.TotalVotingPower,
|
|
Timestamp: lpb.Timestamp,
|
|
}
|
|
|
|
return l, l.ValidateBasic()
|
|
}
|
|
|
|
//------------------------------------------------------------------------------------------
|
|
|
|
// EvidenceList is a list of Evidence. Evidences is not a word.
|
|
type EvidenceList []Evidence
|
|
|
|
// Hash returns the simple merkle root hash of the EvidenceList.
|
|
func (evl EvidenceList) Hash() []byte {
|
|
// These allocations are required because Evidence is not of type Bytes, and
|
|
// golang slices can't be typed cast. This shouldn't be a performance problem since
|
|
// the Evidence size is capped.
|
|
evidenceBzs := make([][]byte, len(evl))
|
|
for i := 0; i < len(evl); i++ {
|
|
// TODO: We should change this to the hash. Using bytes contains some unexported data that
|
|
// may cause different hashes
|
|
evidenceBzs[i] = evl[i].Bytes()
|
|
}
|
|
return merkle.HashFromByteSlices(evidenceBzs)
|
|
}
|
|
|
|
func (evl EvidenceList) String() string {
|
|
s := ""
|
|
for _, e := range evl {
|
|
s += fmt.Sprintf("%s\t\t", e)
|
|
}
|
|
return s
|
|
}
|
|
|
|
// Has returns true if the evidence is in the EvidenceList.
|
|
func (evl EvidenceList) Has(evidence Evidence) bool {
|
|
for _, ev := range evl {
|
|
if bytes.Equal(evidence.Hash(), ev.Hash()) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
//------------------------------------------ PROTO --------------------------------------
|
|
|
|
// EvidenceToProto is a generalized function for encoding evidence that conforms to the
|
|
// evidence interface to protobuf
|
|
func EvidenceToProto(evidence Evidence) (*tmproto.Evidence, error) {
|
|
if evidence == nil {
|
|
return nil, errors.New("nil evidence")
|
|
}
|
|
|
|
switch evi := evidence.(type) {
|
|
case *DuplicateVoteEvidence:
|
|
pbev := evi.ToProto()
|
|
return &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_DuplicateVoteEvidence{
|
|
DuplicateVoteEvidence: pbev,
|
|
},
|
|
}, nil
|
|
|
|
case *LightClientAttackEvidence:
|
|
pbev, err := evi.ToProto()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_LightClientAttackEvidence{
|
|
LightClientAttackEvidence: pbev,
|
|
},
|
|
}, nil
|
|
|
|
default:
|
|
return nil, fmt.Errorf("toproto: evidence is not recognized: %T", evi)
|
|
}
|
|
}
|
|
|
|
// EvidenceFromProto is a generalized function for decoding protobuf into the
|
|
// evidence interface
|
|
func EvidenceFromProto(evidence *tmproto.Evidence) (Evidence, error) {
|
|
if evidence == nil {
|
|
return nil, errors.New("nil evidence")
|
|
}
|
|
|
|
switch evi := evidence.Sum.(type) {
|
|
case *tmproto.Evidence_DuplicateVoteEvidence:
|
|
return DuplicateVoteEvidenceFromProto(evi.DuplicateVoteEvidence)
|
|
case *tmproto.Evidence_LightClientAttackEvidence:
|
|
return LightClientAttackEvidenceFromProto(evi.LightClientAttackEvidence)
|
|
default:
|
|
return nil, errors.New("evidence is not recognized")
|
|
}
|
|
}
|
|
|
|
func init() {
|
|
tmjson.RegisterType(&DuplicateVoteEvidence{}, "tendermint/DuplicateVoteEvidence")
|
|
tmjson.RegisterType(&LightClientAttackEvidence{}, "tendermint/LightClientAttackEvidence")
|
|
|
|
jsontypes.MustRegister((*DuplicateVoteEvidence)(nil))
|
|
jsontypes.MustRegister((*LightClientAttackEvidence)(nil))
|
|
}
|
|
|
|
//-------------------------------------------- ERRORS --------------------------------------
|
|
|
|
// ErrInvalidEvidence wraps a piece of evidence and the error denoting how or why it is invalid.
|
|
type ErrInvalidEvidence struct {
|
|
Evidence Evidence
|
|
Reason error
|
|
}
|
|
|
|
// NewErrInvalidEvidence returns a new EvidenceInvalid with the given err.
|
|
func NewErrInvalidEvidence(ev Evidence, err error) *ErrInvalidEvidence {
|
|
return &ErrInvalidEvidence{ev, err}
|
|
}
|
|
|
|
// Error returns a string representation of the error.
|
|
func (err *ErrInvalidEvidence) Error() string {
|
|
return fmt.Sprintf("Invalid evidence: %v. Evidence: %v", err.Reason, err.Evidence)
|
|
}
|
|
|
|
// ErrEvidenceOverflow is for when there the amount of evidence exceeds the max bytes.
|
|
type ErrEvidenceOverflow struct {
|
|
Max int64
|
|
Got int64
|
|
}
|
|
|
|
// NewErrEvidenceOverflow returns a new ErrEvidenceOverflow where got > max.
|
|
func NewErrEvidenceOverflow(max, got int64) *ErrEvidenceOverflow {
|
|
return &ErrEvidenceOverflow{max, got}
|
|
}
|
|
|
|
// Error returns a string representation of the error.
|
|
func (err *ErrEvidenceOverflow) Error() string {
|
|
return fmt.Sprintf("Too much evidence: Max %d, got %d", err.Max, err.Got)
|
|
}
|
|
|
|
//-------------------------------------------- MOCKING --------------------------------------
|
|
|
|
// unstable - use only for testing
|
|
|
|
// assumes the round to be 0 and the validator index to be 0
|
|
func NewMockDuplicateVoteEvidence(ctx context.Context, height int64, time time.Time, chainID string) (*DuplicateVoteEvidence, error) {
|
|
val := NewMockPV()
|
|
return NewMockDuplicateVoteEvidenceWithValidator(ctx, height, time, val, chainID)
|
|
}
|
|
|
|
// assumes voting power to be 10 and validator to be the only one in the set
|
|
func NewMockDuplicateVoteEvidenceWithValidator(ctx context.Context, height int64, time time.Time, pv PrivValidator, chainID string) (*DuplicateVoteEvidence, error) {
|
|
pubKey, err := pv.GetPubKey(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
val := NewValidator(pubKey, 10)
|
|
voteA := makeMockVote(height, 0, 0, pubKey.Address(), randBlockID(), time)
|
|
vA := voteA.ToProto()
|
|
_ = pv.SignVote(ctx, chainID, vA)
|
|
voteA.Signature = vA.Signature
|
|
voteB := makeMockVote(height, 0, 0, pubKey.Address(), randBlockID(), time)
|
|
vB := voteB.ToProto()
|
|
_ = pv.SignVote(ctx, chainID, vB)
|
|
voteB.Signature = vB.Signature
|
|
ev, err := NewDuplicateVoteEvidence(voteA, voteB, time, NewValidatorSet([]*Validator{val}))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("constructing mock duplicate vote evidence: %w", err)
|
|
}
|
|
return ev, nil
|
|
}
|
|
|
|
func makeMockVote(height int64, round, index int32, addr Address,
|
|
blockID BlockID, time time.Time) *Vote {
|
|
return &Vote{
|
|
Type: tmproto.SignedMsgType(2),
|
|
Height: height,
|
|
Round: round,
|
|
BlockID: blockID,
|
|
Timestamp: time,
|
|
ValidatorAddress: addr,
|
|
ValidatorIndex: index,
|
|
}
|
|
}
|
|
|
|
func randBlockID() BlockID {
|
|
return BlockID{
|
|
Hash: tmrand.Bytes(tmhash.Size),
|
|
PartSetHeader: PartSetHeader{
|
|
Total: 1,
|
|
Hash: tmrand.Bytes(tmhash.Size),
|
|
},
|
|
}
|
|
}
|