zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7975 Commits
183 Branches
291 MiB
Tree: 89cdc4bfd7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '89cdc4bfd7'
${ noResults }
tendermint/state/validation.go

248 lines
7.4 KiB
Raw Normal View History

state: re-order funcs. fix tests
7 years ago
format: add format cmd & goimport repo (#4586) * format: add format cmd & goimport repo - replaced format command - added goimports to format command - ran goimports Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix outliers & undo proto file changes
5 years ago
TMHASH is 32 bytes. Closes #1990 (#2732) * tmhash is fully 32 bytes. closes #1990 * AddressSize * fix tests * fix max sizes
6 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
Reject blocks with committed evidence (#37) * evidence: NewEvidencePool takes evidenceDB * evidence: failing TestStoreCommitDuplicate tendermint/security#35 * GetEvidence -> GetEvidenceInfo * fix TestStoreCommitDuplicate * comment in VerifyEvidence * add check if evidence was already seen - modify EventPool interface (EventStore is not known in ApplyBlock): - add IsCommitted method to iface - add test * update changelog * fix TestStoreMark: - priority in evidence info gets reset to zero after evidence gets committed * review comments: simplify EvidencePool.IsCommitted - delete obsolete EvidenceStore.IsCommitted * add simple test for IsCommitted * update changelog: this is actually breaking (PR number still missing) * fix TestStoreMark: - priority in evidence info gets reset to zero after evidence gets committed * review suggestion: simplify return
6 years ago
Delay validator set changes by 1 block.
7 years ago
state: b -> block
7 years ago
state: re-order funcs. fix tests
7 years ago
Delay validator set changes by 1 block.
7 years ago
ADR-016: Add versions to Block and State (#2644) * types: add Version to Header * abci: add Version to Header * state: add Version to State * node: check software and state protocol versions match * update changelog * docs/spec: update for versions * state: more tests * remove TODOs * remove empty test
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
ADR-016: Add versions to Block and State (#2644) * types: add Version to Header * abci: add Version to Header * state: add Version to State * node: check software and state protocol versions match * update changelog * docs/spec: update for versions * state: more tests * remove TODOs * remove empty test
6 years ago
state: b -> block
7 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
state: b -> block
7 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
Delay validator set changes by 1 block.
7 years ago
state: b -> block
7 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
validate reactor messages (#2711) * validate reactor messages Refs #2683 * validate blockchain messages Refs #2683 * validate evidence messages Refs #2683 * todo * check ProposalPOL and signature sizes * add a changelog entry * check addr is valid when we add it to the addrbook * validate incoming netAddr (not just nil check!) * fixes after Bucky's review * check timestamps * beef up block#ValidateBasic * move some checks into bcBlockResponseMessage * update Gopkg.lock Fix ``` grouped write of manifest, lock and vendor: failed to export github.com/tendermint/go-amino: fatal: failed to unpack tree object 6dcc6ddc143e116455c94b25c1004c99e0d0ca12 ``` by running `dep ensure -update` * bump year since now we check it * generate test/p2p/data on the fly using tendermint testnet * allow sync chains older than 1 year * use full path when creating a testnet * move testnet gen to test/docker/Dockerfile * relax LastCommitRound check Refs #2737 * fix conflicts after merge * add small comment * some ValidateBasic updates * fixes * AppHash length is not fixed
6 years ago
Delay validator set changes by 1 block.
7 years ago
state: b -> block
7 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
state: b -> block
7 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
state: b -> block
7 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
state: b -> block
7 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
Delay validator set changes by 1 block.
7 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
validate reactor messages (#2711) * validate reactor messages Refs #2683 * validate blockchain messages Refs #2683 * validate evidence messages Refs #2683 * todo * check ProposalPOL and signature sizes * add a changelog entry * check addr is valid when we add it to the addrbook * validate incoming netAddr (not just nil check!) * fixes after Bucky's review * check timestamps * beef up block#ValidateBasic * move some checks into bcBlockResponseMessage * update Gopkg.lock Fix ``` grouped write of manifest, lock and vendor: failed to export github.com/tendermint/go-amino: fatal: failed to unpack tree object 6dcc6ddc143e116455c94b25c1004c99e0d0ca12 ``` by running `dep ensure -update` * bump year since now we check it * generate test/p2p/data on the fly using tendermint testnet * allow sync chains older than 1 year * use full path when creating a testnet * move testnet gen to test/docker/Dockerfile * relax LastCommitRound check Refs #2737 * fix conflicts after merge * add small comment * some ValidateBasic updates * fixes * AppHash length is not fixed
6 years ago
Delay validator set changes by 1 block.
7 years ago
state: re-order funcs. fix tests
7 years ago
state: b -> block
7 years ago
types: change `Commit` to consist of just signatures (#4146) * types: change `Commit` to consist of just signatures These are final changes towards removing votes from commit and leaving only signatures (see ADR-25) Fixes #1648 * bring back TestCommitToVoteSetWithVotesForAnotherBlockOrNilBlock + add absent flag to Vote to indicate that it's for another block * encode nil votes as CommitSig with BlockIDFlagAbsent + make Commit#Precommits array of non-pointers because precommit will never be nil * add NewCommitSigAbsent and Absent() funcs * uncomment validation in CommitSig#ValidateBasic * add comments to ValidatorSet funcs * add a changelog entry * break instead of continue continue does not make sense in these cases * types: rename Commit#Precommits to Signatures * swagger: fix /commit response * swagger: change block_id_flag type * fix merge conflicts
5 years ago
state: re-order funcs. fix tests
7 years ago
types: remove extra validation in VerifyCommit plus make sure LastCommit is always non-nil
5 years ago
state: re-order funcs. fix tests
7 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
state: require block.Time of the fist block to be genesis time (#2594) * require block.Time of the fist block to be genesis time Refs #2587: ``` We only start validating block.Time when Height > 1, because there is no commit to compute the median timestamp from for the first block. This means a faulty proposer could make the first block with whatever time they want. Instead, we should require the timestamp of block 1 to match the genesis time. I discovered this while refactoring the ValidateBlock tests to be table-driven while working on tests for #2560. ``` * do not accept blocks with negative height * update changelog and spec * nanos precision for test genesis time * Fix failing test (#2607)
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
state: require block.Time of the fist block to be genesis time (#2594) * require block.Time of the fist block to be genesis time Refs #2587: ``` We only start validating block.Time when Height > 1, because there is no commit to compute the median timestamp from for the first block. This means a faulty proposer could make the first block with whatever time they want. Instead, we should require the timestamp of block 1 to match the genesis time. I discovered this while refactoring the ValidateBlock tests to be table-driven while working on tests for #2560. ``` * do not accept blocks with negative height * update changelog and spec * nanos precision for test genesis time * Fix failing test (#2607)
6 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
types: cap evidence in block validation (#2560) * cap evidence in block validation * state: use table-driven test for ValidateBlockHeader * state: test evidence cap * fixes from review
6 years ago
evidence: cap evidence to an absolute number (#4780) The number of evidence that can be committed in a single block is capped by a new evidence parameter called MaxNum
5 years ago
types: cap evidence in block validation (#2560) * cap evidence in block validation * state: use table-driven test for ValidateBlockHeader * state: test evidence cap * fixes from review
6 years ago
Delay validator set changes by 1 block.
7 years ago
evidence: prevent proposer from proposing duplicate pieces of evidence (#4839) prevent proposer from proposing duplicate pieces of evidence
5 years ago
check it has been committed before verifying
5 years ago
cleaned up tests
5 years ago
create tests for validating evidence
5 years ago
cleaned up tests
5 years ago
check it has been committed before verifying
5 years ago
evidence: handling evidence from light client(s) (#4532) Closes: #4530 This PR contains logic for both submitting an evidence by the light client (lite2 package) and receiving it on the Tendermint side (/broadcast_evidence RPC and/or EvidenceReactor#Receive). Upon receiving the ConflictingHeadersEvidence (introduced by this PR), the Tendermint validates it, then breaks it down into smaller pieces (DuplicateVoteEvidence, LunaticValidatorEvidence, PhantomValidatorEvidence, PotentialAmnesiaEvidence). Afterwards, each piece of evidence is verified against the state of the full node and added to the pool, from which it's reaped upon block creation. * rpc/client: do not pass height param if height ptr is nil * rpc/core: validate incoming evidence! * only accept ConflictingHeadersEvidence if one of the headers is committed from this full node's perspective This simplifies the code. Plus, if there are multiple forks, we'll likely to receive multiple ConflictingHeadersEvidence anyway. * swap CommitSig with Vote in LunaticValidatorEvidence Vote is needed to validate signature * no need to embed client http is a provider and should not be used as a client
5 years ago
types: cap evidence in block validation (#2560) * cap evidence in block validation * state: use table-driven test for ValidateBlockHeader * state: test evidence cap * fixes from review
6 years ago
state: re-order funcs. fix tests
7 years ago
fixes for ProposerAddress - state.MakeBlock takes a proposerAddr - validateBlock only checks that the ProposerAddress is in the validator set - fix raceyness from bad proposer test: - use privValidator to get the proposer address (instead of racy state) - note we had to remove the test that checked the correct proposer was included for higher rounds because we don't have a good way to test this with multiple consensus states and not using the privValidator.Address while calling createProposalBlock was a hack!
6 years ago
types: sort validators by voting power thus enabling faster commit verification assuming non uniform distribution of power. Closes #2478 spec: https://github.com/tendermint/spec/pull/91
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
update Evidence type - requires pubkey and valset to verify and convert to abci.Evidence
7 years ago
evidence: handling evidence from light client(s) (#4532) Closes: #4530 This PR contains logic for both submitting an evidence by the light client (lite2 package) and receiving it on the Tendermint side (/broadcast_evidence RPC and/or EvidenceReactor#Receive). Upon receiving the ConflictingHeadersEvidence (introduced by this PR), the Tendermint validates it, then breaks it down into smaller pieces (DuplicateVoteEvidence, LunaticValidatorEvidence, PhantomValidatorEvidence, PotentialAmnesiaEvidence). Afterwards, each piece of evidence is verified against the state of the full node and added to the pool, from which it's reaped upon block creation. * rpc/client: do not pass height param if height ptr is nil * rpc/core: validate incoming evidence! * only accept ConflictingHeadersEvidence if one of the headers is committed from this full node's perspective This simplifies the code. Plus, if there are multiple forks, we'll likely to receive multiple ConflictingHeadersEvidence anyway. * swap CommitSig with Vote in LunaticValidatorEvidence Vote is needed to validate signature * no need to embed client http is a provider and should not be used as a client
5 years ago
evidence: introduce time.Duration to evidence params (#4254) * evidence: introduce time.Duration to evidence params - add time.duration to evidence - this pr is taking pr #2606 and updating it to use both time and height - closes #2565 Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing and genesis cfg in signer harness * remove debugging fmt * change maxageheight to maxagenumblocks, rename other things to block instead of height * further check of duration * check duration to not send peers outdated evidence * change some lines, onward and upward * refactor evidence package * add a changelog pending entry * make mockbadevidence have time and use it * add what could possibly be called a test case * remove mockbadevidence and mockgoodevidence in favor of mockevidence * add a comment for err that is returned * add a changelog for removal of good & bad evidence * add a test for adding evidence * fix test * add ev to types in testcase * Update evidence/pool_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update evidence/pool_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * fix tests * fix linting Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
5 years ago
state: re-order funcs. fix tests
7 years ago
evidence: both MaxAgeDuration and MaxAgeNumBlocks need to be surpassed (#4667) for evidence to be considered expired. otherwise, a cabal group can manipulate block time to make a particular evidence too old. Refs https://github.com/tendermint/tendermint/issues/2565#issuecomment-432896645 Refs https://github.com/tendermint/tendermint/issues/2653 spec PR: tendermint/spec#87
5 years ago
evidence: introduce time.Duration to evidence params (#4254) * evidence: introduce time.Duration to evidence params - add time.duration to evidence - this pr is taking pr #2606 and updating it to use both time and height - closes #2565 Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing and genesis cfg in signer harness * remove debugging fmt * change maxageheight to maxagenumblocks, rename other things to block instead of height * further check of duration * check duration to not send peers outdated evidence * change some lines, onward and upward * refactor evidence package * add a changelog pending entry * make mockbadevidence have time and use it * add what could possibly be called a test case * remove mockbadevidence and mockgoodevidence in favor of mockevidence * add a comment for err that is returned * add a changelog for removal of good & bad evidence * add a test for adding evidence * fix test * add ev to types in testcase * Update evidence/pool_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update evidence/pool_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * fix tests * fix linting Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
5 years ago
evidence: both MaxAgeDuration and MaxAgeNumBlocks need to be surpassed (#4667) for evidence to be considered expired. otherwise, a cabal group can manipulate block time to make a particular evidence too old. Refs https://github.com/tendermint/tendermint/issues/2565#issuecomment-432896645 Refs https://github.com/tendermint/tendermint/issues/2653 spec PR: tendermint/spec#87
5 years ago
state: re-order funcs. fix tests
7 years ago
evidence: handling evidence from light client(s) (#4532) Closes: #4530 This PR contains logic for both submitting an evidence by the light client (lite2 package) and receiving it on the Tendermint side (/broadcast_evidence RPC and/or EvidenceReactor#Receive). Upon receiving the ConflictingHeadersEvidence (introduced by this PR), the Tendermint validates it, then breaks it down into smaller pieces (DuplicateVoteEvidence, LunaticValidatorEvidence, PhantomValidatorEvidence, PotentialAmnesiaEvidence). Afterwards, each piece of evidence is verified against the state of the full node and added to the pool, from which it's reaped upon block creation. * rpc/client: do not pass height param if height ptr is nil * rpc/core: validate incoming evidence! * only accept ConflictingHeadersEvidence if one of the headers is committed from this full node's perspective This simplifies the code. Plus, if there are multiple forks, we'll likely to receive multiple ConflictingHeadersEvidence anyway. * swap CommitSig with Vote in LunaticValidatorEvidence Vote is needed to validate signature * no need to embed client http is a provider and should not be used as a client
5 years ago
fix EvidencePool and VerifyEvidence
7 years ago
evidence: handling evidence from light client(s) (#4532) Closes: #4530 This PR contains logic for both submitting an evidence by the light client (lite2 package) and receiving it on the Tendermint side (/broadcast_evidence RPC and/or EvidenceReactor#Receive). Upon receiving the ConflictingHeadersEvidence (introduced by this PR), the Tendermint validates it, then breaks it down into smaller pieces (DuplicateVoteEvidence, LunaticValidatorEvidence, PhantomValidatorEvidence, PotentialAmnesiaEvidence). Afterwards, each piece of evidence is verified against the state of the full node and added to the pool, from which it's reaped upon block creation. * rpc/client: do not pass height param if height ptr is nil * rpc/core: validate incoming evidence! * only accept ConflictingHeadersEvidence if one of the headers is committed from this full node's perspective This simplifies the code. Plus, if there are multiple forks, we'll likely to receive multiple ConflictingHeadersEvidence anyway. * swap CommitSig with Vote in LunaticValidatorEvidence Vote is needed to validate signature * no need to embed client http is a provider and should not be used as a client
5 years ago
update Evidence type - requires pubkey and valset to verify and convert to abci.Evidence
7 years ago
fixes from rebase
7 years ago
update Evidence type - requires pubkey and valset to verify and convert to abci.Evidence
7 years ago
state: re-order funcs. fix tests
7 years ago
fix EvidencePool and VerifyEvidence
7 years ago
state: re-order funcs. fix tests
7 years ago
 
  1. package state
  2. 

  3. import (
  4. 	"bytes"
  5. 	"errors"
  6. 	"fmt"
  7. 

  8. 	dbm "github.com/tendermint/tm-db"
  9. 

  10. 	"github.com/tendermint/tendermint/crypto"
  11. 	"github.com/tendermint/tendermint/types"
  12. )
  13. 

  14. //-----------------------------------------------------

  15. // Validate block

  16. 

  17. func validateBlock(evidencePool EvidencePool, stateDB dbm.DB, state State, block *types.Block) error {
  18. 	// Validate internal consistency.

  19. 	if err := block.ValidateBasic(); err != nil {
  20. 		return err
  21. 	}
  22. 

  23. 	// Validate basic info.

  24. 	if block.Version != state.Version.Consensus {
  25. 		return fmt.Errorf("wrong Block.Header.Version. Expected %v, got %v",
  26. 			state.Version.Consensus,
  27. 			block.Version,
  28. 		)
  29. 	}
  30. 	if block.ChainID != state.ChainID {
  31. 		return fmt.Errorf("wrong Block.Header.ChainID. Expected %v, got %v",
  32. 			state.ChainID,
  33. 			block.ChainID,
  34. 		)
  35. 	}
  36. 	if block.Height != state.LastBlockHeight+1 {
  37. 		return fmt.Errorf("wrong Block.Header.Height. Expected %v, got %v",
  38. 			state.LastBlockHeight+1,
  39. 			block.Height,
  40. 		)
  41. 	}
  42. 

  43. 	// Validate prev block info.

  44. 	if !block.LastBlockID.Equals(state.LastBlockID) {
  45. 		return fmt.Errorf("wrong Block.Header.LastBlockID.  Expected %v, got %v",
  46. 			state.LastBlockID,
  47. 			block.LastBlockID,
  48. 		)
  49. 	}
  50. 

  51. 	// Validate app info

  52. 	if !bytes.Equal(block.AppHash, state.AppHash) {
  53. 		return fmt.Errorf("wrong Block.Header.AppHash.  Expected %X, got %v",
  54. 			state.AppHash,
  55. 			block.AppHash,
  56. 		)
  57. 	}
  58. 	if !bytes.Equal(block.ConsensusHash, state.ConsensusParams.Hash()) {
  59. 		return fmt.Errorf("wrong Block.Header.ConsensusHash.  Expected %X, got %v",
  60. 			state.ConsensusParams.Hash(),
  61. 			block.ConsensusHash,
  62. 		)
  63. 	}
  64. 	if !bytes.Equal(block.LastResultsHash, state.LastResultsHash) {
  65. 		return fmt.Errorf("wrong Block.Header.LastResultsHash.  Expected %X, got %v",
  66. 			state.LastResultsHash,
  67. 			block.LastResultsHash,
  68. 		)
  69. 	}
  70. 	if !bytes.Equal(block.ValidatorsHash, state.Validators.Hash()) {
  71. 		return fmt.Errorf("wrong Block.Header.ValidatorsHash.  Expected %X, got %v",
  72. 			state.Validators.Hash(),
  73. 			block.ValidatorsHash,
  74. 		)
  75. 	}
  76. 	if !bytes.Equal(block.NextValidatorsHash, state.NextValidators.Hash()) {
  77. 		return fmt.Errorf("wrong Block.Header.NextValidatorsHash.  Expected %X, got %v",
  78. 			state.NextValidators.Hash(),
  79. 			block.NextValidatorsHash,
  80. 		)
  81. 	}
  82. 

  83. 	// Validate block LastCommit.

  84. 	if block.Height == 1 {
  85. 		if len(block.LastCommit.Signatures) != 0 {
  86. 			return errors.New("block at height 1 can't have LastCommit signatures")
  87. 		}
  88. 	} else {
  89. 		// LastCommit.Signatures length is checked in VerifyCommit.

  90. 		if err := state.LastValidators.VerifyCommit(
  91. 			state.ChainID, state.LastBlockID, block.Height-1, block.LastCommit); err != nil {
  92. 			return err
  93. 		}
  94. 	}
  95. 

  96. 	// Validate block Time

  97. 	if block.Height > 1 {
  98. 		if !block.Time.After(state.LastBlockTime) {
  99. 			return fmt.Errorf("block time %v not greater than last block time %v",
  100. 				block.Time,
  101. 				state.LastBlockTime,
  102. 			)
  103. 		}
  104. 

  105. 		medianTime := MedianTime(block.LastCommit, state.LastValidators)
  106. 		if !block.Time.Equal(medianTime) {
  107. 			return fmt.Errorf("invalid block time. Expected %v, got %v",
  108. 				medianTime,
  109. 				block.Time,
  110. 			)
  111. 		}
  112. 	} else if block.Height == 1 {
  113. 		genesisTime := state.LastBlockTime
  114. 		if !block.Time.Equal(genesisTime) {
  115. 			return fmt.Errorf("block time %v is not equal to genesis time %v",
  116. 				block.Time,
  117. 				genesisTime,
  118. 			)
  119. 		}
  120. 	}
  121. 

  122. 	// Limit the amount of evidence

  123. 	numEvidence := len(block.Evidence.Evidence)
  124. 	// MaxNumEvidence is capped at uint16, so conversion is always safe.

  125. 	if maxEvidence := int(state.ConsensusParams.Evidence.MaxNum); numEvidence > maxEvidence {
  126. 		return types.NewErrEvidenceOverflow(maxEvidence, numEvidence)
  127. 	}
  128. 

  129. 	// Validate all evidence.

  130. 	for idx, ev := range block.Evidence.Evidence {
  131. 		// check that no evidence has been submitted more than once

  132. 		for i := idx + 1; i < len(block.Evidence.Evidence); i++ {
  133. 			if ev.Equal(block.Evidence.Evidence[i]) {
  134. 				return types.NewErrEvidenceInvalid(ev, errors.New("evidence was submitted twice"))
  135. 			}
  136. 		}
  137. 		if evidencePool != nil {
  138. 			if evidencePool.IsCommitted(ev) {
  139. 				return types.NewErrEvidenceInvalid(ev, errors.New("evidence was already committed"))
  140. 			}
  141. 			if evidencePool.IsPending(ev) {
  142. 				continue
  143. 			}
  144. 		}
  145. 		if err := VerifyEvidence(stateDB, state, ev, &block.Header); err != nil {
  146. 			return types.NewErrEvidenceInvalid(ev, err)
  147. 		}
  148. 	}
  149. 

  150. 	// NOTE: We can't actually verify it's the right proposer because we dont

  151. 	// know what round the block was first proposed. So just check that it's

  152. 	// a legit address and a known validator.

  153. 	if len(block.ProposerAddress) != crypto.AddressSize {
  154. 		return fmt.Errorf("expected ProposerAddress size %d, got %d",
  155. 			crypto.AddressSize,
  156. 			len(block.ProposerAddress),
  157. 		)
  158. 	}
  159. 	if !state.Validators.HasAddress(block.ProposerAddress) {
  160. 		return fmt.Errorf("block.Header.ProposerAddress %X is not a validator",
  161. 			block.ProposerAddress,
  162. 		)
  163. 	}
  164. 

  165. 	return nil
  166. }
  167. 

  168. // VerifyEvidence verifies the evidence fully by checking:

  169. // - it is sufficiently recent (MaxAge)

  170. // - it is from a key who was a validator at the given height

  171. // - it is internally consistent

  172. // - it was properly signed by the alleged equivocator

  173. func VerifyEvidence(stateDB dbm.DB, state State, evidence types.Evidence, committedHeader *types.Header) error {
  174. 	var (
  175. 		height         = state.LastBlockHeight
  176. 		evidenceParams = state.ConsensusParams.Evidence
  177. 

  178. 		ageDuration  = state.LastBlockTime.Sub(evidence.Time())
  179. 		ageNumBlocks = height - evidence.Height()
  180. 	)
  181. 

  182. 	if ageDuration > evidenceParams.MaxAgeDuration && ageNumBlocks > evidenceParams.MaxAgeNumBlocks {
  183. 		return fmt.Errorf(
  184. 			"evidence from height %d (created at: %v) is too old; min height is %d and evidence can not be older than %v",
  185. 			evidence.Height(),
  186. 			evidence.Time(),
  187. 			height-evidenceParams.MaxAgeNumBlocks,
  188. 			state.LastBlockTime.Add(evidenceParams.MaxAgeDuration),
  189. 		)
  190. 	}
  191. 

  192. 	if ev, ok := evidence.(*types.LunaticValidatorEvidence); ok {
  193. 		if err := ev.VerifyHeader(committedHeader); err != nil {
  194. 			return err
  195. 		}
  196. 	}
  197. 

  198. 	valset, err := LoadValidators(stateDB, evidence.Height())
  199. 	if err != nil {
  200. 		// TODO: if err is just that we cant find it cuz we pruned, ignore.

  201. 		// TODO: if its actually bad evidence, punish peer

  202. 		return err
  203. 	}
  204. 

  205. 	addr := evidence.Address()
  206. 	var val *types.Validator
  207. 

  208. 	// For PhantomValidatorEvidence, check evidence.Address was not part of the

  209. 	// validator set at height evidence.Height, but was a validator before OR

  210. 	// after.

  211. 	if phve, ok := evidence.(*types.PhantomValidatorEvidence); ok {
  212. 		_, val = valset.GetByAddress(addr)
  213. 		if val != nil {
  214. 			return fmt.Errorf("address %X was a validator at height %d", addr, evidence.Height())
  215. 		}
  216. 

  217. 		// check if last height validator was in the validator set is within

  218. 		// MaxAgeNumBlocks.

  219. 		if ageNumBlocks > 0 && phve.LastHeightValidatorWasInSet <= ageNumBlocks {
  220. 			return fmt.Errorf("last time validator was in the set at height %d, min: %d",
  221. 				phve.LastHeightValidatorWasInSet, ageNumBlocks+1)
  222. 		}
  223. 

  224. 		valset, err := LoadValidators(stateDB, phve.LastHeightValidatorWasInSet)
  225. 		if err != nil {
  226. 			// TODO: if err is just that we cant find it cuz we pruned, ignore.

  227. 			// TODO: if its actually bad evidence, punish peer

  228. 			return err
  229. 		}
  230. 		_, val = valset.GetByAddress(addr)
  231. 		if val == nil {
  232. 			return fmt.Errorf("phantom validator %X not found", addr)
  233. 		}
  234. 	} else {
  235. 		// For all other types, expect evidence.Address to be a validator at height

  236. 		// evidence.Height.

  237. 		_, val = valset.GetByAddress(addr)
  238. 		if val == nil {
  239. 			return fmt.Errorf("address %X was not a validator at height %d", addr, evidence.Height())
  240. 		}
  241. 	}
  242. 

  243. 	if err := evidence.Verify(state.ChainID, val.PubKey); err != nil {
  244. 		return err
  245. 	}
  246. 

  247. 	return nil
  248. }