tendermint/state/validation.go

package state

import (
	"bytes"
	"errors"
	"fmt"

	dbm "github.com/tendermint/tm-db"

	"github.com/tendermint/tendermint/crypto"
	"github.com/tendermint/tendermint/types"
)

//-----------------------------------------------------
// Validate block

func validateBlock(evidencePool EvidencePool, stateDB dbm.DB, state State, block *types.Block) error {
	// Validate internal consistency.
	if err := block.ValidateBasic(); err != nil {
		return err
	}

	// Validate basic info.
	if block.Version.App != state.Version.Consensus.App ||
		block.Version.Block != state.Version.Consensus.Block {
		return fmt.Errorf("wrong Block.Header.Version. Expected %v, got %v",
			state.Version.Consensus,
			block.Version,
		)
	}
	if block.ChainID != state.ChainID {
		return fmt.Errorf("wrong Block.Header.ChainID. Expected %v, got %v",
			state.ChainID,
			block.ChainID,
		)
	}
	if block.Height != state.LastBlockHeight+1 {
		return fmt.Errorf("wrong Block.Header.Height. Expected %v, got %v",
			state.LastBlockHeight+1,
			block.Height,
		)
	}
	// Validate prev block info.
	if !block.LastBlockID.Equals(state.LastBlockID) {
		return fmt.Errorf("wrong Block.Header.LastBlockID.  Expected %v, got %v",
			state.LastBlockID,
			block.LastBlockID,
		)
	}

	// Validate app info
	if !bytes.Equal(block.AppHash, state.AppHash) {
		return fmt.Errorf("wrong Block.Header.AppHash.  Expected %X, got %v",
			state.AppHash,
			block.AppHash,
		)
	}
	hashCP := types.HashConsensusParams(state.ConsensusParams)
	if !bytes.Equal(block.ConsensusHash, hashCP) {
		return fmt.Errorf("wrong Block.Header.ConsensusHash.  Expected %X, got %v",
			hashCP,
			block.ConsensusHash,
		)
	}
	if !bytes.Equal(block.LastResultsHash, state.LastResultsHash) {
		return fmt.Errorf("wrong Block.Header.LastResultsHash.  Expected %X, got %v",
			state.LastResultsHash,
			block.LastResultsHash,
		)
	}
	if !bytes.Equal(block.ValidatorsHash, state.Validators.Hash()) {
		return fmt.Errorf("wrong Block.Header.ValidatorsHash.  Expected %X, got %v",
			state.Validators.Hash(),
			block.ValidatorsHash,
		)
	}
	if !bytes.Equal(block.NextValidatorsHash, state.NextValidators.Hash()) {
		return fmt.Errorf("wrong Block.Header.NextValidatorsHash.  Expected %X, got %v",
			state.NextValidators.Hash(),
			block.NextValidatorsHash,
		)
	}

	// Validate block LastCommit.
	if block.Height == 1 {
		if len(block.LastCommit.Signatures) != 0 {
			return errors.New("block at height 1 can't have LastCommit signatures")
		}
	} else {
		// LastCommit.Signatures length is checked in VerifyCommit.
		if err := state.LastValidators.VerifyCommit(
			state.ChainID, state.LastBlockID, block.Height-1, block.LastCommit); err != nil {
			return err
		}
	}

	// Validate block Time
	if block.Height > 1 {
		if !block.Time.After(state.LastBlockTime) {
			return fmt.Errorf("block time %v not greater than last block time %v",
				block.Time,
				state.LastBlockTime,
			)
		}
		medianTime := MedianTime(block.LastCommit, state.LastValidators)
		if !block.Time.Equal(medianTime) {
			return fmt.Errorf("invalid block time. Expected %v, got %v",
				medianTime,
				block.Time,
			)
		}
	} else if block.Height == 1 {
		genesisTime := state.LastBlockTime
		if !block.Time.Equal(genesisTime) {
			return fmt.Errorf("block time %v is not equal to genesis time %v",
				block.Time,
				genesisTime,
			)
		}
	}

	// Limit the amount of evidence
	numEvidence := len(block.Evidence.Evidence)
	// MaxNumEvidence is capped at uint16, so conversion is always safe.
	if maxEvidence := int(state.ConsensusParams.Evidence.MaxNum); numEvidence > maxEvidence {
		return types.NewErrEvidenceOverflow(maxEvidence, numEvidence)
	}

	// Validate all evidence.
	for idx, ev := range block.Evidence.Evidence {
		// check that no evidence has been submitted more than once
		for i := idx + 1; i < len(block.Evidence.Evidence); i++ {
			if ev.Equal(block.Evidence.Evidence[i]) {
				return types.NewErrEvidenceInvalid(ev, errors.New("evidence was submitted twice"))
			}
		}
		if evidencePool != nil {
			if evidencePool.IsCommitted(ev) {
				return types.NewErrEvidenceInvalid(ev, errors.New("evidence was already committed"))
			}
			if evidencePool.IsPending(ev) {
				continue
			}
		}
		// if we don't already have amnesia evidence we need to add it to start our own trial period unless
		// a) a valid polc has already been attached
		// b) the accused node voted back on an earlier round
		if ae, ok := ev.(*types.AmnesiaEvidence); ok && ae.Polc.IsAbsent() && ae.PotentialAmnesiaEvidence.VoteA.Round <
			ae.PotentialAmnesiaEvidence.VoteB.Round {
			if err := evidencePool.AddEvidence(ae.PotentialAmnesiaEvidence); err != nil {
				return types.NewErrEvidenceInvalid(ev,
					fmt.Errorf("unknown amnesia evidence, trying to add to evidence pool, err: %w", err))
			}
			return types.NewErrEvidenceInvalid(ev, errors.New("amnesia evidence is new and hasn't undergone trial period yet"))
		}

		var header *types.Header
		if _, ok := ev.(*types.LunaticValidatorEvidence); ok {
			header = evidencePool.Header(ev.Height())
			if header == nil {
				return fmt.Errorf("don't have block meta at height #%d", ev.Height())
			}
		}

		if err := VerifyEvidence(stateDB, state, ev, header); err != nil {
			return types.NewErrEvidenceInvalid(ev, err)
		}

	}

	// NOTE: We can't actually verify it's the right proposer because we dont
	// know what round the block was first proposed. So just check that it's
	// a legit address and a known validator.
	if len(block.ProposerAddress) != crypto.AddressSize {
		return fmt.Errorf("expected ProposerAddress size %d, got %d",
			crypto.AddressSize,
			len(block.ProposerAddress),
		)
	}
	if !state.Validators.HasAddress(block.ProposerAddress) {
		return fmt.Errorf("block.Header.ProposerAddress %X is not a validator",
			block.ProposerAddress,
		)
	}

	return nil
}

// VerifyEvidence verifies the evidence fully by checking:
// - it is sufficiently recent (MaxAge)
// - it is from a key who was a validator at the given height
// - it is internally consistent
// - it was properly signed by the alleged equivocator
func VerifyEvidence(stateDB dbm.DB, state State, evidence types.Evidence, committedHeader *types.Header) error {
	var (
		height         = state.LastBlockHeight
		evidenceParams = state.ConsensusParams.Evidence

		ageDuration  = state.LastBlockTime.Sub(evidence.Time())
		ageNumBlocks = height - evidence.Height()
	)

	if ageDuration > evidenceParams.MaxAgeDuration && ageNumBlocks > evidenceParams.MaxAgeNumBlocks {
		return fmt.Errorf(
			"evidence from height %d (created at: %v) is too old; min height is %d and evidence can not be older than %v",
			evidence.Height(),
			evidence.Time(),
			height-evidenceParams.MaxAgeNumBlocks,
			state.LastBlockTime.Add(evidenceParams.MaxAgeDuration),
		)
	}
	if ev, ok := evidence.(*types.LunaticValidatorEvidence); ok {
		if err := ev.VerifyHeader(committedHeader); err != nil {
			return err
		}
	}

	valset, err := LoadValidators(stateDB, evidence.Height())
	if err != nil {
		// TODO: if err is just that we cant find it cuz we pruned, ignore.
		// TODO: if its actually bad evidence, punish peer
		return err
	}

	addr := evidence.Address()
	var val *types.Validator

	// For PhantomValidatorEvidence, check evidence.Address was not part of the
	// validator set at height evidence.Height, but was a validator before OR
	// after.
	if phve, ok := evidence.(*types.PhantomValidatorEvidence); ok {
		// confirm that it hasn't been forged

		_, val = valset.GetByAddress(addr)
		if val != nil {
			return fmt.Errorf("address %X was a validator at height %d", addr, evidence.Height())
		}

		// check if last height validator was in the validator set is within
		// MaxAgeNumBlocks.
		if height-phve.LastHeightValidatorWasInSet > evidenceParams.MaxAgeNumBlocks {
			return fmt.Errorf("last time validator was in the set at height %d, min: %d",
				phve.LastHeightValidatorWasInSet, height-phve.LastHeightValidatorWasInSet)
		}

		valset, err := LoadValidators(stateDB, phve.LastHeightValidatorWasInSet)
		if err != nil {
			// TODO: if err is just that we cant find it cuz we pruned, ignore.
			// TODO: if its actually bad evidence, punish peer
			return err
		}
		_, val = valset.GetByAddress(addr)
		if val == nil {
			return fmt.Errorf("phantom validator %X not found", addr)
		}
	} else {
		if ae, ok := evidence.(*types.AmnesiaEvidence); ok {
			// check the validator set against the polc to make sure that a majority of valid votes was reached
			if !ae.Polc.IsAbsent() {
				err = ae.Polc.ValidateVotes(valset, state.ChainID)
				if err != nil {
					return fmt.Errorf("amnesia evidence contains invalid polc, err: %w", err)
				}
			}
		}

		// For all other types, expect evidence.Address to be a validator at height
		// evidence.Height.
		_, val = valset.GetByAddress(addr)
		if val == nil {
			return fmt.Errorf("address %X was not a validator at height %d", addr, evidence.Height())
		}
	}

	if err := evidence.Verify(state.ChainID, val.PubKey); err != nil {
		return err
	}

	return nil
}