You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

257 lines
7.6 KiB

  1. package state
  2. import (
  3. "bytes"
  4. "errors"
  5. "fmt"
  6. dbm "github.com/tendermint/tm-db"
  7. "github.com/tendermint/tendermint/crypto"
  8. "github.com/tendermint/tendermint/types"
  9. )
  10. //-----------------------------------------------------
  11. // Validate block
  12. func validateBlock(evidencePool EvidencePool, stateDB dbm.DB, state State, block *types.Block) error {
  13. // Validate internal consistency.
  14. if err := block.ValidateBasic(); err != nil {
  15. return err
  16. }
  17. // Validate basic info.
  18. if block.Version != state.Version.Consensus {
  19. return fmt.Errorf("wrong Block.Header.Version. Expected %v, got %v",
  20. state.Version.Consensus,
  21. block.Version,
  22. )
  23. }
  24. if block.ChainID != state.ChainID {
  25. return fmt.Errorf("wrong Block.Header.ChainID. Expected %v, got %v",
  26. state.ChainID,
  27. block.ChainID,
  28. )
  29. }
  30. if block.Height != state.LastBlockHeight+1 {
  31. return fmt.Errorf("wrong Block.Header.Height. Expected %v, got %v",
  32. state.LastBlockHeight+1,
  33. block.Height,
  34. )
  35. }
  36. // Validate prev block info.
  37. if !block.LastBlockID.Equals(state.LastBlockID) {
  38. return fmt.Errorf("wrong Block.Header.LastBlockID. Expected %v, got %v",
  39. state.LastBlockID,
  40. block.LastBlockID,
  41. )
  42. }
  43. // Validate app info
  44. if !bytes.Equal(block.AppHash, state.AppHash) {
  45. return fmt.Errorf("wrong Block.Header.AppHash. Expected %X, got %v",
  46. state.AppHash,
  47. block.AppHash,
  48. )
  49. }
  50. if !bytes.Equal(block.ConsensusHash, state.ConsensusParams.Hash()) {
  51. return fmt.Errorf("wrong Block.Header.ConsensusHash. Expected %X, got %v",
  52. state.ConsensusParams.Hash(),
  53. block.ConsensusHash,
  54. )
  55. }
  56. if !bytes.Equal(block.LastResultsHash, state.LastResultsHash) {
  57. return fmt.Errorf("wrong Block.Header.LastResultsHash. Expected %X, got %v",
  58. state.LastResultsHash,
  59. block.LastResultsHash,
  60. )
  61. }
  62. if !bytes.Equal(block.ValidatorsHash, state.Validators.Hash()) {
  63. return fmt.Errorf("wrong Block.Header.ValidatorsHash. Expected %X, got %v",
  64. state.Validators.Hash(),
  65. block.ValidatorsHash,
  66. )
  67. }
  68. if !bytes.Equal(block.NextValidatorsHash, state.NextValidators.Hash()) {
  69. return fmt.Errorf("wrong Block.Header.NextValidatorsHash. Expected %X, got %v",
  70. state.NextValidators.Hash(),
  71. block.NextValidatorsHash,
  72. )
  73. }
  74. // Validate block LastCommit.
  75. if block.Height == 1 {
  76. if len(block.LastCommit.Signatures) != 0 {
  77. return errors.New("block at height 1 can't have LastCommit signatures")
  78. }
  79. } else {
  80. // LastCommit.Signatures length is checked in VerifyCommit.
  81. if err := state.LastValidators.VerifyCommit(
  82. state.ChainID, state.LastBlockID, block.Height-1, block.LastCommit); err != nil {
  83. return err
  84. }
  85. }
  86. // Validate block Time
  87. if block.Height > 1 {
  88. if !block.Time.After(state.LastBlockTime) {
  89. return fmt.Errorf("block time %v not greater than last block time %v",
  90. block.Time,
  91. state.LastBlockTime,
  92. )
  93. }
  94. medianTime := MedianTime(block.LastCommit, state.LastValidators)
  95. if !block.Time.Equal(medianTime) {
  96. return fmt.Errorf("invalid block time. Expected %v, got %v",
  97. medianTime,
  98. block.Time,
  99. )
  100. }
  101. } else if block.Height == 1 {
  102. genesisTime := state.LastBlockTime
  103. if !block.Time.Equal(genesisTime) {
  104. return fmt.Errorf("block time %v is not equal to genesis time %v",
  105. block.Time,
  106. genesisTime,
  107. )
  108. }
  109. }
  110. // Limit the amount of evidence
  111. numEvidence := len(block.Evidence.Evidence)
  112. // MaxNumEvidence is capped at uint16, so conversion is always safe.
  113. if maxEvidence := int(state.ConsensusParams.Evidence.MaxNum); numEvidence > maxEvidence {
  114. return types.NewErrEvidenceOverflow(maxEvidence, numEvidence)
  115. }
  116. // Validate all evidence.
  117. for idx, ev := range block.Evidence.Evidence {
  118. // check that no evidence has been submitted more than once
  119. for i := idx + 1; i < len(block.Evidence.Evidence); i++ {
  120. if ev.Equal(block.Evidence.Evidence[i]) {
  121. return types.NewErrEvidenceInvalid(ev, errors.New("evidence was submitted twice"))
  122. }
  123. }
  124. if evidencePool != nil {
  125. if evidencePool.IsCommitted(ev) {
  126. return types.NewErrEvidenceInvalid(ev, errors.New("evidence was already committed"))
  127. }
  128. if evidencePool.IsPending(ev) {
  129. continue
  130. }
  131. }
  132. var header *types.Header
  133. if _, ok := ev.(*types.LunaticValidatorEvidence); ok {
  134. header = evidencePool.Header(ev.Height())
  135. if header == nil {
  136. return fmt.Errorf("don't have block meta at height #%d", ev.Height())
  137. }
  138. }
  139. if err := VerifyEvidence(stateDB, state, ev, header); err != nil {
  140. return types.NewErrEvidenceInvalid(ev, err)
  141. }
  142. }
  143. // NOTE: We can't actually verify it's the right proposer because we dont
  144. // know what round the block was first proposed. So just check that it's
  145. // a legit address and a known validator.
  146. if len(block.ProposerAddress) != crypto.AddressSize {
  147. return fmt.Errorf("expected ProposerAddress size %d, got %d",
  148. crypto.AddressSize,
  149. len(block.ProposerAddress),
  150. )
  151. }
  152. if !state.Validators.HasAddress(block.ProposerAddress) {
  153. return fmt.Errorf("block.Header.ProposerAddress %X is not a validator",
  154. block.ProposerAddress,
  155. )
  156. }
  157. return nil
  158. }
  159. // VerifyEvidence verifies the evidence fully by checking:
  160. // - it is sufficiently recent (MaxAge)
  161. // - it is from a key who was a validator at the given height
  162. // - it is internally consistent
  163. // - it was properly signed by the alleged equivocator
  164. func VerifyEvidence(stateDB dbm.DB, state State, evidence types.Evidence, committedHeader *types.Header) error {
  165. var (
  166. height = state.LastBlockHeight
  167. evidenceParams = state.ConsensusParams.Evidence
  168. ageDuration = state.LastBlockTime.Sub(evidence.Time())
  169. ageNumBlocks = height - evidence.Height()
  170. )
  171. if ageDuration > evidenceParams.MaxAgeDuration && ageNumBlocks > evidenceParams.MaxAgeNumBlocks {
  172. return fmt.Errorf(
  173. "evidence from height %d (created at: %v) is too old; min height is %d and evidence can not be older than %v",
  174. evidence.Height(),
  175. evidence.Time(),
  176. height-evidenceParams.MaxAgeNumBlocks,
  177. state.LastBlockTime.Add(evidenceParams.MaxAgeDuration),
  178. )
  179. }
  180. if ev, ok := evidence.(*types.LunaticValidatorEvidence); ok {
  181. if err := ev.VerifyHeader(committedHeader); err != nil {
  182. return err
  183. }
  184. }
  185. valset, err := LoadValidators(stateDB, evidence.Height())
  186. if err != nil {
  187. // TODO: if err is just that we cant find it cuz we pruned, ignore.
  188. // TODO: if its actually bad evidence, punish peer
  189. return err
  190. }
  191. addr := evidence.Address()
  192. var val *types.Validator
  193. // For PhantomValidatorEvidence, check evidence.Address was not part of the
  194. // validator set at height evidence.Height, but was a validator before OR
  195. // after.
  196. if phve, ok := evidence.(*types.PhantomValidatorEvidence); ok {
  197. _, val = valset.GetByAddress(addr)
  198. if val != nil {
  199. return fmt.Errorf("address %X was a validator at height %d", addr, evidence.Height())
  200. }
  201. // check if last height validator was in the validator set is within
  202. // MaxAgeNumBlocks.
  203. if ageNumBlocks > 0 && phve.LastHeightValidatorWasInSet <= ageNumBlocks {
  204. return fmt.Errorf("last time validator was in the set at height %d, min: %d",
  205. phve.LastHeightValidatorWasInSet, ageNumBlocks+1)
  206. }
  207. valset, err := LoadValidators(stateDB, phve.LastHeightValidatorWasInSet)
  208. if err != nil {
  209. // TODO: if err is just that we cant find it cuz we pruned, ignore.
  210. // TODO: if its actually bad evidence, punish peer
  211. return err
  212. }
  213. _, val = valset.GetByAddress(addr)
  214. if val == nil {
  215. return fmt.Errorf("phantom validator %X not found", addr)
  216. }
  217. } else {
  218. // For all other types, expect evidence.Address to be a validator at height
  219. // evidence.Height.
  220. _, val = valset.GetByAddress(addr)
  221. if val == nil {
  222. return fmt.Errorf("address %X was not a validator at height %d", addr, evidence.Height())
  223. }
  224. }
  225. if err := evidence.Verify(state.ChainID, val.PubKey); err != nil {
  226. return err
  227. }
  228. return nil
  229. }