You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

280 lines
8.8 KiB

  1. package state
  2. import (
  3. "bytes"
  4. "errors"
  5. "fmt"
  6. dbm "github.com/tendermint/tm-db"
  7. "github.com/tendermint/tendermint/crypto"
  8. "github.com/tendermint/tendermint/types"
  9. )
  10. //-----------------------------------------------------
  11. // Validate block
  12. func validateBlock(evidencePool EvidencePool, stateDB dbm.DB, state State, block *types.Block) error {
  13. // Validate internal consistency.
  14. if err := block.ValidateBasic(); err != nil {
  15. return err
  16. }
  17. // Validate basic info.
  18. if block.Version.App != state.Version.Consensus.App ||
  19. block.Version.Block != state.Version.Consensus.Block {
  20. return fmt.Errorf("wrong Block.Header.Version. Expected %v, got %v",
  21. state.Version.Consensus,
  22. block.Version,
  23. )
  24. }
  25. if block.ChainID != state.ChainID {
  26. return fmt.Errorf("wrong Block.Header.ChainID. Expected %v, got %v",
  27. state.ChainID,
  28. block.ChainID,
  29. )
  30. }
  31. if block.Height != state.LastBlockHeight+1 {
  32. return fmt.Errorf("wrong Block.Header.Height. Expected %v, got %v",
  33. state.LastBlockHeight+1,
  34. block.Height,
  35. )
  36. }
  37. // Validate prev block info.
  38. if !block.LastBlockID.Equals(state.LastBlockID) {
  39. return fmt.Errorf("wrong Block.Header.LastBlockID. Expected %v, got %v",
  40. state.LastBlockID,
  41. block.LastBlockID,
  42. )
  43. }
  44. // Validate app info
  45. if !bytes.Equal(block.AppHash, state.AppHash) {
  46. return fmt.Errorf("wrong Block.Header.AppHash. Expected %X, got %v",
  47. state.AppHash,
  48. block.AppHash,
  49. )
  50. }
  51. hashCP := types.HashConsensusParams(state.ConsensusParams)
  52. if !bytes.Equal(block.ConsensusHash, hashCP) {
  53. return fmt.Errorf("wrong Block.Header.ConsensusHash. Expected %X, got %v",
  54. hashCP,
  55. block.ConsensusHash,
  56. )
  57. }
  58. if !bytes.Equal(block.LastResultsHash, state.LastResultsHash) {
  59. return fmt.Errorf("wrong Block.Header.LastResultsHash. Expected %X, got %v",
  60. state.LastResultsHash,
  61. block.LastResultsHash,
  62. )
  63. }
  64. if !bytes.Equal(block.ValidatorsHash, state.Validators.Hash()) {
  65. return fmt.Errorf("wrong Block.Header.ValidatorsHash. Expected %X, got %v",
  66. state.Validators.Hash(),
  67. block.ValidatorsHash,
  68. )
  69. }
  70. if !bytes.Equal(block.NextValidatorsHash, state.NextValidators.Hash()) {
  71. return fmt.Errorf("wrong Block.Header.NextValidatorsHash. Expected %X, got %v",
  72. state.NextValidators.Hash(),
  73. block.NextValidatorsHash,
  74. )
  75. }
  76. // Validate block LastCommit.
  77. if block.Height == 1 {
  78. if len(block.LastCommit.Signatures) != 0 {
  79. return errors.New("block at height 1 can't have LastCommit signatures")
  80. }
  81. } else {
  82. // LastCommit.Signatures length is checked in VerifyCommit.
  83. if err := state.LastValidators.VerifyCommit(
  84. state.ChainID, state.LastBlockID, block.Height-1, block.LastCommit); err != nil {
  85. return err
  86. }
  87. }
  88. // Validate block Time
  89. if block.Height > 1 {
  90. if !block.Time.After(state.LastBlockTime) {
  91. return fmt.Errorf("block time %v not greater than last block time %v",
  92. block.Time,
  93. state.LastBlockTime,
  94. )
  95. }
  96. medianTime := MedianTime(block.LastCommit, state.LastValidators)
  97. if !block.Time.Equal(medianTime) {
  98. return fmt.Errorf("invalid block time. Expected %v, got %v",
  99. medianTime,
  100. block.Time,
  101. )
  102. }
  103. } else if block.Height == 1 {
  104. genesisTime := state.LastBlockTime
  105. if !block.Time.Equal(genesisTime) {
  106. return fmt.Errorf("block time %v is not equal to genesis time %v",
  107. block.Time,
  108. genesisTime,
  109. )
  110. }
  111. }
  112. // Limit the amount of evidence
  113. numEvidence := len(block.Evidence.Evidence)
  114. // MaxNumEvidence is capped at uint16, so conversion is always safe.
  115. if maxEvidence := int(state.ConsensusParams.Evidence.MaxNum); numEvidence > maxEvidence {
  116. return types.NewErrEvidenceOverflow(maxEvidence, numEvidence)
  117. }
  118. // Validate all evidence.
  119. for idx, ev := range block.Evidence.Evidence {
  120. // check that no evidence has been submitted more than once
  121. for i := idx + 1; i < len(block.Evidence.Evidence); i++ {
  122. if ev.Equal(block.Evidence.Evidence[i]) {
  123. return types.NewErrEvidenceInvalid(ev, errors.New("evidence was submitted twice"))
  124. }
  125. }
  126. if evidencePool != nil {
  127. if evidencePool.IsCommitted(ev) {
  128. return types.NewErrEvidenceInvalid(ev, errors.New("evidence was already committed"))
  129. }
  130. if evidencePool.IsPending(ev) {
  131. continue
  132. }
  133. }
  134. // if we don't already have amnesia evidence we need to add it to start our own trial period unless
  135. // a) a valid polc has already been attached
  136. // b) the accused node voted back on an earlier round
  137. if ae, ok := ev.(*types.AmnesiaEvidence); ok && ae.Polc.IsAbsent() && ae.PotentialAmnesiaEvidence.VoteA.Round <
  138. ae.PotentialAmnesiaEvidence.VoteB.Round {
  139. if err := evidencePool.AddEvidence(ae.PotentialAmnesiaEvidence); err != nil {
  140. return types.NewErrEvidenceInvalid(ev,
  141. fmt.Errorf("unknown amnesia evidence, trying to add to evidence pool, err: %w", err))
  142. }
  143. return types.NewErrEvidenceInvalid(ev, errors.New("amnesia evidence is new and hasn't undergone trial period yet"))
  144. }
  145. var header *types.Header
  146. if _, ok := ev.(*types.LunaticValidatorEvidence); ok {
  147. header = evidencePool.Header(ev.Height())
  148. if header == nil {
  149. return fmt.Errorf("don't have block meta at height #%d", ev.Height())
  150. }
  151. }
  152. if err := VerifyEvidence(stateDB, state, ev, header); err != nil {
  153. return types.NewErrEvidenceInvalid(ev, err)
  154. }
  155. }
  156. // NOTE: We can't actually verify it's the right proposer because we dont
  157. // know what round the block was first proposed. So just check that it's
  158. // a legit address and a known validator.
  159. if len(block.ProposerAddress) != crypto.AddressSize {
  160. return fmt.Errorf("expected ProposerAddress size %d, got %d",
  161. crypto.AddressSize,
  162. len(block.ProposerAddress),
  163. )
  164. }
  165. if !state.Validators.HasAddress(block.ProposerAddress) {
  166. return fmt.Errorf("block.Header.ProposerAddress %X is not a validator",
  167. block.ProposerAddress,
  168. )
  169. }
  170. return nil
  171. }
  172. // VerifyEvidence verifies the evidence fully by checking:
  173. // - it is sufficiently recent (MaxAge)
  174. // - it is from a key who was a validator at the given height
  175. // - it is internally consistent
  176. // - it was properly signed by the alleged equivocator
  177. func VerifyEvidence(stateDB dbm.DB, state State, evidence types.Evidence, committedHeader *types.Header) error {
  178. var (
  179. height = state.LastBlockHeight
  180. evidenceParams = state.ConsensusParams.Evidence
  181. ageDuration = state.LastBlockTime.Sub(evidence.Time())
  182. ageNumBlocks = height - evidence.Height()
  183. )
  184. if ageDuration > evidenceParams.MaxAgeDuration && ageNumBlocks > evidenceParams.MaxAgeNumBlocks {
  185. return fmt.Errorf(
  186. "evidence from height %d (created at: %v) is too old; min height is %d and evidence can not be older than %v",
  187. evidence.Height(),
  188. evidence.Time(),
  189. height-evidenceParams.MaxAgeNumBlocks,
  190. state.LastBlockTime.Add(evidenceParams.MaxAgeDuration),
  191. )
  192. }
  193. if ev, ok := evidence.(*types.LunaticValidatorEvidence); ok {
  194. if err := ev.VerifyHeader(committedHeader); err != nil {
  195. return err
  196. }
  197. }
  198. valset, err := LoadValidators(stateDB, evidence.Height())
  199. if err != nil {
  200. // TODO: if err is just that we cant find it cuz we pruned, ignore.
  201. // TODO: if its actually bad evidence, punish peer
  202. return err
  203. }
  204. addr := evidence.Address()
  205. var val *types.Validator
  206. // For PhantomValidatorEvidence, check evidence.Address was not part of the
  207. // validator set at height evidence.Height, but was a validator before OR
  208. // after.
  209. if phve, ok := evidence.(*types.PhantomValidatorEvidence); ok {
  210. // confirm that it hasn't been forged
  211. _, val = valset.GetByAddress(addr)
  212. if val != nil {
  213. return fmt.Errorf("address %X was a validator at height %d", addr, evidence.Height())
  214. }
  215. // check if last height validator was in the validator set is within
  216. // MaxAgeNumBlocks.
  217. if height-phve.LastHeightValidatorWasInSet > evidenceParams.MaxAgeNumBlocks {
  218. return fmt.Errorf("last time validator was in the set at height %d, min: %d",
  219. phve.LastHeightValidatorWasInSet, height-phve.LastHeightValidatorWasInSet)
  220. }
  221. valset, err := LoadValidators(stateDB, phve.LastHeightValidatorWasInSet)
  222. if err != nil {
  223. // TODO: if err is just that we cant find it cuz we pruned, ignore.
  224. // TODO: if its actually bad evidence, punish peer
  225. return err
  226. }
  227. _, val = valset.GetByAddress(addr)
  228. if val == nil {
  229. return fmt.Errorf("phantom validator %X not found", addr)
  230. }
  231. } else {
  232. if ae, ok := evidence.(*types.AmnesiaEvidence); ok {
  233. // check the validator set against the polc to make sure that a majority of valid votes was reached
  234. if !ae.Polc.IsAbsent() {
  235. err = ae.Polc.ValidateVotes(valset, state.ChainID)
  236. if err != nil {
  237. return fmt.Errorf("amnesia evidence contains invalid polc, err: %w", err)
  238. }
  239. }
  240. }
  241. // For all other types, expect evidence.Address to be a validator at height
  242. // evidence.Height.
  243. _, val = valset.GetByAddress(addr)
  244. if val == nil {
  245. return fmt.Errorf("address %X was not a validator at height %d", addr, evidence.Height())
  246. }
  247. }
  248. if err := evidence.Verify(state.ChainID, val.PubKey); err != nil {
  249. return err
  250. }
  251. return nil
  252. }