You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

320 lines
12 KiB

  1. package evidence
  2. import (
  3. "bytes"
  4. "errors"
  5. "fmt"
  6. "time"
  7. "github.com/tendermint/tendermint/light"
  8. "github.com/tendermint/tendermint/types"
  9. )
  10. // verify verifies the evidence fully by checking:
  11. // - It has not already been committed
  12. // - it is sufficiently recent (MaxAge)
  13. // - it is from a key who was a validator at the given height
  14. // - it is internally consistent with state
  15. // - it was properly signed by the alleged equivocator and meets the individual evidence verification requirements
  16. //
  17. // NOTE: Evidence may be provided that we do not have the block or validator
  18. // set for. In these cases, we do not return a ErrInvalidEvidence as not to have
  19. // the sending peer disconnect. All other errors are treated as invalid evidence
  20. // (i.e. ErrInvalidEvidence).
  21. func (evpool *Pool) verify(evidence types.Evidence) error {
  22. var (
  23. state = evpool.State()
  24. height = state.LastBlockHeight
  25. evidenceParams = state.ConsensusParams.Evidence
  26. ageNumBlocks = height - evidence.Height()
  27. )
  28. // ensure we have the block for the evidence height
  29. //
  30. // NOTE: It is currently possible for a peer to send us evidence we're not
  31. // able to process because we're too far behind (e.g. syncing), so we DO NOT
  32. // return an invalid evidence error because we do not want the peer to
  33. // disconnect or signal an error in this particular case.
  34. blockMeta := evpool.blockStore.LoadBlockMeta(evidence.Height())
  35. if blockMeta == nil {
  36. return fmt.Errorf("failed to verify evidence; missing block for height %d", evidence.Height())
  37. }
  38. // verify the time of the evidence
  39. evTime := blockMeta.Header.Time
  40. if evidence.Time() != evTime {
  41. return types.NewErrInvalidEvidence(
  42. evidence,
  43. fmt.Errorf(
  44. "evidence has a different time to the block it is associated with (%v != %v)",
  45. evidence.Time(), evTime,
  46. ),
  47. )
  48. }
  49. ageDuration := state.LastBlockTime.Sub(evTime)
  50. // check that the evidence hasn't expired
  51. if ageDuration > evidenceParams.MaxAgeDuration && ageNumBlocks > evidenceParams.MaxAgeNumBlocks {
  52. return types.NewErrInvalidEvidence(
  53. evidence,
  54. fmt.Errorf(
  55. "evidence from height %d (created at: %v) is too old; min height is %d and evidence can not be older than %v",
  56. evidence.Height(),
  57. evTime,
  58. height-evidenceParams.MaxAgeNumBlocks,
  59. state.LastBlockTime.Add(evidenceParams.MaxAgeDuration),
  60. ),
  61. )
  62. }
  63. // apply the evidence-specific verification logic
  64. switch ev := evidence.(type) {
  65. case *types.DuplicateVoteEvidence:
  66. valSet, err := evpool.stateDB.LoadValidators(evidence.Height())
  67. if err != nil {
  68. return err
  69. }
  70. if err := VerifyDuplicateVote(ev, state.ChainID, valSet); err != nil {
  71. return types.NewErrInvalidEvidence(evidence, err)
  72. }
  73. return nil
  74. case *types.LightClientAttackEvidence:
  75. commonHeader, err := getSignedHeader(evpool.blockStore, evidence.Height())
  76. if err != nil {
  77. return err
  78. }
  79. commonVals, err := evpool.stateDB.LoadValidators(evidence.Height())
  80. if err != nil {
  81. return err
  82. }
  83. trustedHeader := commonHeader
  84. // in the case of lunatic the trusted header is different to the common header
  85. if evidence.Height() != ev.ConflictingBlock.Height {
  86. trustedHeader, err = getSignedHeader(evpool.blockStore, ev.ConflictingBlock.Height)
  87. if err != nil {
  88. // FIXME: This multi step process is a bit unergonomic. We may want to consider a more efficient process
  89. // that doesn't require as much io and is atomic.
  90. // If the node doesn't have a block at the height of the conflicting block, then this could be
  91. // a forward lunatic attack. Thus the node must get the latest height it has
  92. latestHeight := evpool.blockStore.Height()
  93. trustedHeader, err = getSignedHeader(evpool.blockStore, latestHeight)
  94. if err != nil {
  95. return err
  96. }
  97. if trustedHeader.Time.Before(ev.ConflictingBlock.Time) {
  98. return fmt.Errorf("latest block time (%v) is before conflicting block time (%v)",
  99. trustedHeader.Time, ev.ConflictingBlock.Time,
  100. )
  101. }
  102. }
  103. }
  104. err = VerifyLightClientAttack(
  105. ev,
  106. commonHeader,
  107. trustedHeader,
  108. commonVals,
  109. state.LastBlockTime,
  110. state.ConsensusParams.Evidence.MaxAgeDuration,
  111. )
  112. if err != nil {
  113. return types.NewErrInvalidEvidence(evidence, err)
  114. }
  115. return nil
  116. default:
  117. return types.NewErrInvalidEvidence(evidence, fmt.Errorf("unrecognized evidence type: %T", evidence))
  118. }
  119. }
  120. // VerifyLightClientAttack verifies LightClientAttackEvidence against the state of the full node. This involves
  121. // the following checks:
  122. // - the common header from the full node has at least 1/3 voting power which is also present in
  123. // the conflicting header's commit
  124. // - 2/3+ of the conflicting validator set correctly signed the conflicting block
  125. // - the nodes trusted header at the same height as the conflicting header has a different hash
  126. //
  127. // CONTRACT: must run ValidateBasic() on the evidence before verifying
  128. // must check that the evidence has not expired (i.e. is outside the maximum age threshold)
  129. func VerifyLightClientAttack(e *types.LightClientAttackEvidence, commonHeader, trustedHeader *types.SignedHeader,
  130. commonVals *types.ValidatorSet, now time.Time, trustPeriod time.Duration) error {
  131. // In the case of lunatic attack there will be a different commonHeader height. Therefore the node perform a single
  132. // verification jump between the common header and the conflicting one
  133. if commonHeader.Height != e.ConflictingBlock.Height {
  134. err := commonVals.VerifyCommitLightTrusting(trustedHeader.ChainID, e.ConflictingBlock.Commit, light.DefaultTrustLevel)
  135. if err != nil {
  136. return fmt.Errorf("skipping verification of conflicting block failed: %w", err)
  137. }
  138. // In the case of equivocation and amnesia we expect all header hashes to be correctly derived
  139. } else if e.ConflictingHeaderIsInvalid(trustedHeader.Header) {
  140. return errors.New("common height is the same as conflicting block height so expected the conflicting" +
  141. " block to be correctly derived yet it wasn't")
  142. }
  143. // Verify that the 2/3+ commits from the conflicting validator set were for the conflicting header
  144. if err := e.ConflictingBlock.ValidatorSet.VerifyCommitLight(trustedHeader.ChainID, e.ConflictingBlock.Commit.BlockID,
  145. e.ConflictingBlock.Height, e.ConflictingBlock.Commit); err != nil {
  146. return fmt.Errorf("invalid commit from conflicting block: %w", err)
  147. }
  148. // Assert the correct amount of voting power of the validator set
  149. if evTotal, valsTotal := e.TotalVotingPower, commonVals.TotalVotingPower(); evTotal != valsTotal {
  150. return fmt.Errorf("total voting power from the evidence and our validator set does not match (%d != %d)",
  151. evTotal, valsTotal)
  152. }
  153. // check in the case of a forward lunatic attack that monotonically increasing time has been violated
  154. if e.ConflictingBlock.Height > trustedHeader.Height && e.ConflictingBlock.Time.After(trustedHeader.Time) {
  155. return fmt.Errorf("conflicting block doesn't violate monotonically increasing time (%v is after %v)",
  156. e.ConflictingBlock.Time, trustedHeader.Time,
  157. )
  158. // In all other cases check that the hashes of the conflicting header and the trusted header are different
  159. } else if bytes.Equal(trustedHeader.Hash(), e.ConflictingBlock.Hash()) {
  160. return fmt.Errorf("trusted header hash matches the evidence's conflicting header hash: %X",
  161. trustedHeader.Hash())
  162. }
  163. return validateABCIEvidence(e, commonVals, trustedHeader)
  164. }
  165. // VerifyDuplicateVote verifies DuplicateVoteEvidence against the state of full node. This involves the
  166. // following checks:
  167. // - the validator is in the validator set at the height of the evidence
  168. // - the height, round, type and validator address of the votes must be the same
  169. // - the block ID's must be different
  170. // - The signatures must both be valid
  171. func VerifyDuplicateVote(e *types.DuplicateVoteEvidence, chainID string, valSet *types.ValidatorSet) error {
  172. _, val := valSet.GetByAddress(e.VoteA.ValidatorAddress)
  173. if val == nil {
  174. return fmt.Errorf("address %X was not a validator at height %d", e.VoteA.ValidatorAddress, e.Height())
  175. }
  176. pubKey := val.PubKey
  177. // H/R/S must be the same
  178. if e.VoteA.Height != e.VoteB.Height ||
  179. e.VoteA.Round != e.VoteB.Round ||
  180. e.VoteA.Type != e.VoteB.Type {
  181. return fmt.Errorf("h/r/s does not match: %d/%d/%v vs %d/%d/%v",
  182. e.VoteA.Height, e.VoteA.Round, e.VoteA.Type,
  183. e.VoteB.Height, e.VoteB.Round, e.VoteB.Type)
  184. }
  185. // Address must be the same
  186. if !bytes.Equal(e.VoteA.ValidatorAddress, e.VoteB.ValidatorAddress) {
  187. return fmt.Errorf("validator addresses do not match: %X vs %X",
  188. e.VoteA.ValidatorAddress,
  189. e.VoteB.ValidatorAddress,
  190. )
  191. }
  192. // BlockIDs must be different
  193. if e.VoteA.BlockID.Equals(e.VoteB.BlockID) {
  194. return fmt.Errorf(
  195. "block IDs are the same (%v) - not a real duplicate vote",
  196. e.VoteA.BlockID,
  197. )
  198. }
  199. // pubkey must match address (this should already be true, sanity check)
  200. addr := e.VoteA.ValidatorAddress
  201. if !bytes.Equal(pubKey.Address(), addr) {
  202. return fmt.Errorf("address (%X) doesn't match pubkey (%v - %X)",
  203. addr, pubKey, pubKey.Address())
  204. }
  205. // validator voting power and total voting power must match
  206. if val.VotingPower != e.ValidatorPower {
  207. return fmt.Errorf("validator power from evidence and our validator set does not match (%d != %d)",
  208. e.ValidatorPower, val.VotingPower)
  209. }
  210. if valSet.TotalVotingPower() != e.TotalVotingPower {
  211. return fmt.Errorf("total voting power from the evidence and our validator set does not match (%d != %d)",
  212. e.TotalVotingPower, valSet.TotalVotingPower())
  213. }
  214. va := e.VoteA.ToProto()
  215. vb := e.VoteB.ToProto()
  216. // Signatures must be valid
  217. if !pubKey.VerifySignature(types.VoteSignBytes(chainID, va), e.VoteA.Signature) {
  218. return fmt.Errorf("verifying VoteA: %w", types.ErrVoteInvalidSignature)
  219. }
  220. if !pubKey.VerifySignature(types.VoteSignBytes(chainID, vb), e.VoteB.Signature) {
  221. return fmt.Errorf("verifying VoteB: %w", types.ErrVoteInvalidSignature)
  222. }
  223. return nil
  224. }
  225. // validateABCIEvidence validates the ABCI component of the light client attack
  226. // evidence i.e voting power and byzantine validators
  227. func validateABCIEvidence(
  228. ev *types.LightClientAttackEvidence,
  229. commonVals *types.ValidatorSet,
  230. trustedHeader *types.SignedHeader,
  231. ) error {
  232. if evTotal, valsTotal := ev.TotalVotingPower, commonVals.TotalVotingPower(); evTotal != valsTotal {
  233. return fmt.Errorf("total voting power from the evidence and our validator set does not match (%d != %d)",
  234. evTotal, valsTotal)
  235. }
  236. // Find out what type of attack this was and thus extract the malicious
  237. // validators. Note, in the case of an Amnesia attack we don't have any
  238. // malicious validators.
  239. validators := ev.GetByzantineValidators(commonVals, trustedHeader)
  240. // Ensure this matches the validators that are listed in the evidence. They
  241. // should be ordered based on power.
  242. if validators == nil && ev.ByzantineValidators != nil {
  243. return fmt.Errorf(
  244. "expected nil validators from an amnesia light client attack but got %d",
  245. len(ev.ByzantineValidators),
  246. )
  247. }
  248. if exp, got := len(validators), len(ev.ByzantineValidators); exp != got {
  249. return fmt.Errorf("expected %d byzantine validators from evidence but got %d", exp, got)
  250. }
  251. for idx, val := range validators {
  252. if !bytes.Equal(ev.ByzantineValidators[idx].Address, val.Address) {
  253. return fmt.Errorf(
  254. "evidence contained an unexpected byzantine validator address; expected: %v, got: %v",
  255. val.Address, ev.ByzantineValidators[idx].Address,
  256. )
  257. }
  258. if ev.ByzantineValidators[idx].VotingPower != val.VotingPower {
  259. return fmt.Errorf(
  260. "evidence contained unexpected byzantine validator power; expected %d, got %d",
  261. val.VotingPower, ev.ByzantineValidators[idx].VotingPower,
  262. )
  263. }
  264. }
  265. return nil
  266. }
  267. func getSignedHeader(blockStore BlockStore, height int64) (*types.SignedHeader, error) {
  268. blockMeta := blockStore.LoadBlockMeta(height)
  269. if blockMeta == nil {
  270. return nil, fmt.Errorf("don't have header at height #%d", height)
  271. }
  272. commit := blockStore.LoadBlockCommit(height)
  273. if commit == nil {
  274. return nil, fmt.Errorf("don't have commit at height #%d", height)
  275. }
  276. return &types.SignedHeader{
  277. Header: &blockMeta.Header,
  278. Commit: commit,
  279. }, nil
  280. }