zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8170 Commits
183 Branches
291 MiB
Tree: cc247c091b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cc247c091b'
${ noResults }
tendermint/state/validation.go

267 lines
8.4 KiB
Raw Normal View History

state: re-order funcs. fix tests
7 years ago
format: add format cmd & goimport repo (#4586) * format: add format cmd & goimport repo - replaced format command - added goimports to format command - ran goimports Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix outliers & undo proto file changes
4 years ago
TMHASH is 32 bytes. Closes #1990 (#2732) * tmhash is fully 32 bytes. closes #1990 * AddressSize * fix tests * fix max sizes
6 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
Reject blocks with committed evidence (#37) * evidence: NewEvidencePool takes evidenceDB * evidence: failing TestStoreCommitDuplicate tendermint/security#35 * GetEvidence -> GetEvidenceInfo * fix TestStoreCommitDuplicate * comment in VerifyEvidence * add check if evidence was already seen - modify EventPool interface (EventStore is not known in ApplyBlock): - add IsCommitted method to iface - add test * update changelog * fix TestStoreMark: - priority in evidence info gets reset to zero after evidence gets committed * review comments: simplify EvidencePool.IsCommitted - delete obsolete EvidenceStore.IsCommitted * add simple test for IsCommitted * update changelog: this is actually breaking (PR number still missing) * fix TestStoreMark: - priority in evidence info gets reset to zero after evidence gets committed * review suggestion: simplify return
5 years ago
Delay validator set changes by 1 block.
6 years ago
state: b -> block
6 years ago
state: re-order funcs. fix tests
7 years ago
Delay validator set changes by 1 block.
6 years ago
state: proto migration (#4951)
4 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
ADR-016: Add versions to Block and State (#2644) * types: add Version to Header * abci: add Version to Header * state: add Version to State * node: check software and state protocol versions match * update changelog * docs/spec: update for versions * state: more tests * remove TODOs * remove empty test
6 years ago
state: b -> block
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
genesis: add support for arbitrary initial height (#5191) Adds a genesis parameter `initial_height` which specifies the initial block height, as well as ABCI `RequestInitChain.InitialHeight` to pass it to the ABCI application, and `State.InitialHeight` to keep track of the initial height throughout the code. Fixes #2543, based on [RFC-002](https://github.com/tendermint/spec/pull/119). Spec changes in https://github.com/tendermint/spec/pull/135.
4 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
Delay validator set changes by 1 block.
6 years ago
state: b -> block
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
validate reactor messages (#2711) * validate reactor messages Refs #2683 * validate blockchain messages Refs #2683 * validate evidence messages Refs #2683 * todo * check ProposalPOL and signature sizes * add a changelog entry * check addr is valid when we add it to the addrbook * validate incoming netAddr (not just nil check!) * fixes after Bucky's review * check timestamps * beef up block#ValidateBasic * move some checks into bcBlockResponseMessage * update Gopkg.lock Fix ``` grouped write of manifest, lock and vendor: failed to export github.com/tendermint/go-amino: fatal: failed to unpack tree object 6dcc6ddc143e116455c94b25c1004c99e0d0ca12 ``` by running `dep ensure -update` * bump year since now we check it * generate test/p2p/data on the fly using tendermint testnet * allow sync chains older than 1 year * use full path when creating a testnet * move testnet gen to test/docker/Dockerfile * relax LastCommitRound check Refs #2737 * fix conflicts after merge * add small comment * some ValidateBasic updates * fixes * AppHash length is not fixed
6 years ago
Delay validator set changes by 1 block.
6 years ago
state: b -> block
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
types: migrate params to protobuf (#4962)
4 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
types: migrate params to protobuf (#4962)
4 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
state: b -> block
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
state: b -> block
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
add proposer address to block's Header Refs #1134 Validation: - ignored in block.ValidateBasic since it's stateful information - checked in blockExec.ValidateBlock
6 years ago
state: re-order funcs. fix tests
7 years ago
Delay validator set changes by 1 block.
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
validate reactor messages (#2711) * validate reactor messages Refs #2683 * validate blockchain messages Refs #2683 * validate evidence messages Refs #2683 * todo * check ProposalPOL and signature sizes * add a changelog entry * check addr is valid when we add it to the addrbook * validate incoming netAddr (not just nil check!) * fixes after Bucky's review * check timestamps * beef up block#ValidateBasic * move some checks into bcBlockResponseMessage * update Gopkg.lock Fix ``` grouped write of manifest, lock and vendor: failed to export github.com/tendermint/go-amino: fatal: failed to unpack tree object 6dcc6ddc143e116455c94b25c1004c99e0d0ca12 ``` by running `dep ensure -update` * bump year since now we check it * generate test/p2p/data on the fly using tendermint testnet * allow sync chains older than 1 year * use full path when creating a testnet * move testnet gen to test/docker/Dockerfile * relax LastCommitRound check Refs #2737 * fix conflicts after merge * add small comment * some ValidateBasic updates * fixes * AppHash length is not fixed
6 years ago
Delay validator set changes by 1 block.
6 years ago
state: re-order funcs. fix tests
7 years ago
genesis: add support for arbitrary initial height (#5191) Adds a genesis parameter `initial_height` which specifies the initial block height, as well as ABCI `RequestInitChain.InitialHeight` to pass it to the ABCI application, and `State.InitialHeight` to keep track of the initial height throughout the code. Fixes #2543, based on [RFC-002](https://github.com/tendermint/spec/pull/119). Spec changes in https://github.com/tendermint/spec/pull/135.
4 years ago
types: change `Commit` to consist of just signatures (#4146) * types: change `Commit` to consist of just signatures These are final changes towards removing votes from commit and leaving only signatures (see ADR-25) Fixes #1648 * bring back TestCommitToVoteSetWithVotesForAnotherBlockOrNilBlock + add absent flag to Vote to indicate that it's for another block * encode nil votes as CommitSig with BlockIDFlagAbsent + make Commit#Precommits array of non-pointers because precommit will never be nil * add NewCommitSigAbsent and Absent() funcs * uncomment validation in CommitSig#ValidateBasic * add comments to ValidatorSet funcs * add a changelog entry * break instead of continue continue does not make sense in these cases * types: rename Commit#Precommits to Signatures * swagger: fix /commit response * swagger: change block_id_flag type * fix merge conflicts
5 years ago
genesis: add support for arbitrary initial height (#5191) Adds a genesis parameter `initial_height` which specifies the initial block height, as well as ABCI `RequestInitChain.InitialHeight` to pass it to the ABCI application, and `State.InitialHeight` to keep track of the initial height throughout the code. Fixes #2543, based on [RFC-002](https://github.com/tendermint/spec/pull/119). Spec changes in https://github.com/tendermint/spec/pull/135.
4 years ago
state: re-order funcs. fix tests
7 years ago
types: remove extra validation in VerifyCommit plus make sure LastCommit is always non-nil
4 years ago
state: re-order funcs. fix tests
7 years ago
evidence: change evidence time to block time (#5219) adds blockstore interface to evidence and adds fix to byzantine test
4 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
genesis: add support for arbitrary initial height (#5191) Adds a genesis parameter `initial_height` which specifies the initial block height, as well as ABCI `RequestInitChain.InitialHeight` to pass it to the ABCI application, and `State.InitialHeight` to keep track of the initial height throughout the code. Fixes #2543, based on [RFC-002](https://github.com/tendermint/spec/pull/119). Spec changes in https://github.com/tendermint/spec/pull/135.
4 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
genesis: add support for arbitrary initial height (#5191) Adds a genesis parameter `initial_height` which specifies the initial block height, as well as ABCI `RequestInitChain.InitialHeight` to pass it to the ABCI application, and `State.InitialHeight` to keep track of the initial height throughout the code. Fixes #2543, based on [RFC-002](https://github.com/tendermint/spec/pull/119). Spec changes in https://github.com/tendermint/spec/pull/135.
4 years ago
state: require block.Time of the fist block to be genesis time (#2594) * require block.Time of the fist block to be genesis time Refs #2587: ``` We only start validating block.Time when Height > 1, because there is no commit to compute the median timestamp from for the first block. This means a faulty proposer could make the first block with whatever time they want. Instead, we should require the timestamp of block 1 to match the genesis time. I discovered this while refactoring the ValidateBlock tests to be table-driven while working on tests for #2560. ``` * do not accept blocks with negative height * update changelog and spec * nanos precision for test genesis time * Fix failing test (#2607)
6 years ago
linters: enable stylecheck (#4153) Refs #3262
5 years ago
state: require block.Time of the fist block to be genesis time (#2594) * require block.Time of the fist block to be genesis time Refs #2587: ``` We only start validating block.Time when Height > 1, because there is no commit to compute the median timestamp from for the first block. This means a faulty proposer could make the first block with whatever time they want. Instead, we should require the timestamp of block 1 to match the genesis time. I discovered this while refactoring the ValidateBlock tests to be table-driven while working on tests for #2560. ``` * do not accept blocks with negative height * update changelog and spec * nanos precision for test genesis time * Fix failing test (#2607)
6 years ago
genesis: add support for arbitrary initial height (#5191) Adds a genesis parameter `initial_height` which specifies the initial block height, as well as ABCI `RequestInitChain.InitialHeight` to pass it to the ABCI application, and `State.InitialHeight` to keep track of the initial height throughout the code. Fixes #2543, based on [RFC-002](https://github.com/tendermint/spec/pull/119). Spec changes in https://github.com/tendermint/spec/pull/135.
4 years ago
Implement BFT time (#2203) * Implement BFT time * set LastValidators when creating state in state helper for heights >= 2
6 years ago
types: cap evidence in block validation (#2560) * cap evidence in block validation * state: use table-driven test for ValidateBlockHeader * state: test evidence cap * fixes from review
6 years ago
evidence: cap evidence to an absolute number (#4780) The number of evidence that can be committed in a single block is capped by a new evidence parameter called MaxNum
4 years ago
types: cap evidence in block validation (#2560) * cap evidence in block validation * state: use table-driven test for ValidateBlockHeader * state: test evidence cap * fixes from review
6 years ago
Delay validator set changes by 1 block.
6 years ago
evidence: prevent proposer from proposing duplicate pieces of evidence (#4839) prevent proposer from proposing duplicate pieces of evidence
4 years ago
check it has been committed before verifying
4 years ago
cleaned up tests
4 years ago
create tests for validating evidence
4 years ago
cleaned up tests
4 years ago
check it has been committed before verifying
4 years ago
evidence: improve amnesia evidence handling (#5003) fix bug so that PotentialAmnesiaEvidence is being gossiped handle inbound amnesia evidence correctly add method to check if potential amnesia evidence is on trial fix a bug with the height when we upgrade to amnesia evidence change evidence to using just pointers. More logging in the evidence module Co-authored-by: Marko <marbar3778@yahoo.com>
4 years ago
evidence: adr56 form amnesia evidence (#4821) Creates Amnesia Evidence which is formed from Potential Amnesia Evidence with either a matching proof or after a period of time denoted as the Amnesia Trial Period. This also adds the code necessary so that Amnesia Evidence can be validated and committed on a block
4 years ago
evidence: improve amnesia evidence handling (#5003) fix bug so that PotentialAmnesiaEvidence is being gossiped handle inbound amnesia evidence correctly add method to check if potential amnesia evidence is on trial fix a bug with the height when we upgrade to amnesia evidence change evidence to using just pointers. More logging in the evidence module Co-authored-by: Marko <marbar3778@yahoo.com>
4 years ago
evidence: adr56 form amnesia evidence (#4821) Creates Amnesia Evidence which is formed from Potential Amnesia Evidence with either a matching proof or after a period of time denoted as the Amnesia Trial Period. This also adds the code necessary so that Amnesia Evidence can be validated and committed on a block
4 years ago
evidence: improve amnesia evidence handling (#5003) fix bug so that PotentialAmnesiaEvidence is being gossiped handle inbound amnesia evidence correctly add method to check if potential amnesia evidence is on trial fix a bug with the height when we upgrade to amnesia evidence change evidence to using just pointers. More logging in the evidence module Co-authored-by: Marko <marbar3778@yahoo.com>
4 years ago
evidence: adr56 form amnesia evidence (#4821) Creates Amnesia Evidence which is formed from Potential Amnesia Evidence with either a matching proof or after a period of time denoted as the Amnesia Trial Period. This also adds the code necessary so that Amnesia Evidence can be validated and committed on a block
4 years ago
evidence: improve amnesia evidence handling (#5003) fix bug so that PotentialAmnesiaEvidence is being gossiped handle inbound amnesia evidence correctly add method to check if potential amnesia evidence is on trial fix a bug with the height when we upgrade to amnesia evidence change evidence to using just pointers. More logging in the evidence module Co-authored-by: Marko <marbar3778@yahoo.com>
4 years ago
evidence: adr56 form amnesia evidence (#4821) Creates Amnesia Evidence which is formed from Potential Amnesia Evidence with either a matching proof or after a period of time denoted as the Amnesia Trial Period. This also adds the code necessary so that Amnesia Evidence can be validated and committed on a block
4 years ago
evidence: retrieve header at height of evidence for validation (#4870) validation of lunatic evidence requires that the node retrieve the header at the height of the infringement from the block store for comparison
4 years ago
evidence: change evidence time to block time (#5219) adds blockstore interface to evidence and adds fix to byzantine test
4 years ago
evidence: retrieve header at height of evidence for validation (#4870) validation of lunatic evidence requires that the node retrieve the header at the height of the infringement from the block store for comparison
4 years ago
types: cap evidence in block validation (#2560) * cap evidence in block validation * state: use table-driven test for ValidateBlockHeader * state: test evidence cap * fixes from review
6 years ago
state: re-order funcs. fix tests
7 years ago
evidence: adr56 form amnesia evidence (#4821) Creates Amnesia Evidence which is formed from Potential Amnesia Evidence with either a matching proof or after a period of time denoted as the Amnesia Trial Period. This also adds the code necessary so that Amnesia Evidence can be validated and committed on a block
4 years ago
state: re-order funcs. fix tests
7 years ago
update Evidence type - requires pubkey and valset to verify and convert to abci.Evidence
6 years ago
evidence: handling evidence from light client(s) (#4532) Closes: #4530 This PR contains logic for both submitting an evidence by the light client (lite2 package) and receiving it on the Tendermint side (/broadcast_evidence RPC and/or EvidenceReactor#Receive). Upon receiving the ConflictingHeadersEvidence (introduced by this PR), the Tendermint validates it, then breaks it down into smaller pieces (DuplicateVoteEvidence, LunaticValidatorEvidence, PhantomValidatorEvidence, PotentialAmnesiaEvidence). Afterwards, each piece of evidence is verified against the state of the full node and added to the pool, from which it's reaped upon block creation. * rpc/client: do not pass height param if height ptr is nil * rpc/core: validate incoming evidence! * only accept ConflictingHeadersEvidence if one of the headers is committed from this full node's perspective This simplifies the code. Plus, if there are multiple forks, we'll likely to receive multiple ConflictingHeadersEvidence anyway. * swap CommitSig with Vote in LunaticValidatorEvidence Vote is needed to validate signature * no need to embed client http is a provider and should not be used as a client
4 years ago
evidence: introduce time.Duration to evidence params (#4254) * evidence: introduce time.Duration to evidence params - add time.duration to evidence - this pr is taking pr #2606 and updating it to use both time and height - closes #2565 Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing and genesis cfg in signer harness * remove debugging fmt * change maxageheight to maxagenumblocks, rename other things to block instead of height * further check of duration * check duration to not send peers outdated evidence * change some lines, onward and upward * refactor evidence package * add a changelog pending entry * make mockbadevidence have time and use it * add what could possibly be called a test case * remove mockbadevidence and mockgoodevidence in favor of mockevidence * add a comment for err that is returned * add a changelog for removal of good & bad evidence * add a test for adding evidence * fix test * add ev to types in testcase * Update evidence/pool_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update evidence/pool_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * fix tests * fix linting Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
state: re-order funcs. fix tests
7 years ago
evidence: both MaxAgeDuration and MaxAgeNumBlocks need to be surpassed (#4667) for evidence to be considered expired. otherwise, a cabal group can manipulate block time to make a particular evidence too old. Refs https://github.com/tendermint/tendermint/issues/2565#issuecomment-432896645 Refs https://github.com/tendermint/tendermint/issues/2653 spec PR: tendermint/spec#87
4 years ago
evidence: introduce time.Duration to evidence params (#4254) * evidence: introduce time.Duration to evidence params - add time.duration to evidence - this pr is taking pr #2606 and updating it to use both time and height - closes #2565 Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing and genesis cfg in signer harness * remove debugging fmt * change maxageheight to maxagenumblocks, rename other things to block instead of height * further check of duration * check duration to not send peers outdated evidence * change some lines, onward and upward * refactor evidence package * add a changelog pending entry * make mockbadevidence have time and use it * add what could possibly be called a test case * remove mockbadevidence and mockgoodevidence in favor of mockevidence * add a comment for err that is returned * add a changelog for removal of good & bad evidence * add a test for adding evidence * fix test * add ev to types in testcase * Update evidence/pool_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update evidence/pool_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * fix tests * fix linting Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
evidence: change evidence time to block time (#5219) adds blockstore interface to evidence and adds fix to byzantine test
4 years ago
evidence: both MaxAgeDuration and MaxAgeNumBlocks need to be surpassed (#4667) for evidence to be considered expired. otherwise, a cabal group can manipulate block time to make a particular evidence too old. Refs https://github.com/tendermint/tendermint/issues/2565#issuecomment-432896645 Refs https://github.com/tendermint/tendermint/issues/2653 spec PR: tendermint/spec#87
4 years ago
state: re-order funcs. fix tests
7 years ago
evidence: improve amnesia evidence handling (#5003) fix bug so that PotentialAmnesiaEvidence is being gossiped handle inbound amnesia evidence correctly add method to check if potential amnesia evidence is on trial fix a bug with the height when we upgrade to amnesia evidence change evidence to using just pointers. More logging in the evidence module Co-authored-by: Marko <marbar3778@yahoo.com>
4 years ago
evidence: handling evidence from light client(s) (#4532) Closes: #4530 This PR contains logic for both submitting an evidence by the light client (lite2 package) and receiving it on the Tendermint side (/broadcast_evidence RPC and/or EvidenceReactor#Receive). Upon receiving the ConflictingHeadersEvidence (introduced by this PR), the Tendermint validates it, then breaks it down into smaller pieces (DuplicateVoteEvidence, LunaticValidatorEvidence, PhantomValidatorEvidence, PotentialAmnesiaEvidence). Afterwards, each piece of evidence is verified against the state of the full node and added to the pool, from which it's reaped upon block creation. * rpc/client: do not pass height param if height ptr is nil * rpc/core: validate incoming evidence! * only accept ConflictingHeadersEvidence if one of the headers is committed from this full node's perspective This simplifies the code. Plus, if there are multiple forks, we'll likely to receive multiple ConflictingHeadersEvidence anyway. * swap CommitSig with Vote in LunaticValidatorEvidence Vote is needed to validate signature * no need to embed client http is a provider and should not be used as a client
4 years ago
fix EvidencePool and VerifyEvidence
7 years ago
evidence: handling evidence from light client(s) (#4532) Closes: #4530 This PR contains logic for both submitting an evidence by the light client (lite2 package) and receiving it on the Tendermint side (/broadcast_evidence RPC and/or EvidenceReactor#Receive). Upon receiving the ConflictingHeadersEvidence (introduced by this PR), the Tendermint validates it, then breaks it down into smaller pieces (DuplicateVoteEvidence, LunaticValidatorEvidence, PhantomValidatorEvidence, PotentialAmnesiaEvidence). Afterwards, each piece of evidence is verified against the state of the full node and added to the pool, from which it's reaped upon block creation. * rpc/client: do not pass height param if height ptr is nil * rpc/core: validate incoming evidence! * only accept ConflictingHeadersEvidence if one of the headers is committed from this full node's perspective This simplifies the code. Plus, if there are multiple forks, we'll likely to receive multiple ConflictingHeadersEvidence anyway. * swap CommitSig with Vote in LunaticValidatorEvidence Vote is needed to validate signature * no need to embed client http is a provider and should not be used as a client
4 years ago
evidence: remove phantom validator evidence (#5181)
4 years ago
evidence: adr56 form amnesia evidence (#4821) Creates Amnesia Evidence which is formed from Potential Amnesia Evidence with either a matching proof or after a period of time denoted as the Amnesia Trial Period. This also adds the code necessary so that Amnesia Evidence can be validated and committed on a block
4 years ago
evidence: remove phantom validator evidence (#5181)
4 years ago
evidence: adr56 form amnesia evidence (#4821) Creates Amnesia Evidence which is formed from Potential Amnesia Evidence with either a matching proof or after a period of time denoted as the Amnesia Trial Period. This also adds the code necessary so that Amnesia Evidence can be validated and committed on a block
4 years ago
evidence: remove phantom validator evidence (#5181)
4 years ago
update Evidence type - requires pubkey and valset to verify and convert to abci.Evidence
6 years ago
fixes from rebase
6 years ago
update Evidence type - requires pubkey and valset to verify and convert to abci.Evidence
6 years ago
state: re-order funcs. fix tests
7 years ago
fix EvidencePool and VerifyEvidence
7 years ago
state: re-order funcs. fix tests
7 years ago
 
  1. package state
  2. 

  3. import (
  4. 	"bytes"
  5. 	"errors"
  6. 	"fmt"
  7. 

  8. 	dbm "github.com/tendermint/tm-db"
  9. 

  10. 	"github.com/tendermint/tendermint/crypto"
  11. 	"github.com/tendermint/tendermint/types"
  12. )
  13. 

  14. //-----------------------------------------------------

  15. // Validate block

  16. 

  17. func validateBlock(evidencePool EvidencePool, stateDB dbm.DB, state State, block *types.Block) error {
  18. 	// Validate internal consistency.

  19. 	if err := block.ValidateBasic(); err != nil {
  20. 		return err
  21. 	}
  22. 

  23. 	// Validate basic info.

  24. 	if block.Version.App != state.Version.Consensus.App ||
  25. 		block.Version.Block != state.Version.Consensus.Block {
  26. 		return fmt.Errorf("wrong Block.Header.Version. Expected %v, got %v",
  27. 			state.Version.Consensus,
  28. 			block.Version,
  29. 		)
  30. 	}
  31. 	if block.ChainID != state.ChainID {
  32. 		return fmt.Errorf("wrong Block.Header.ChainID. Expected %v, got %v",
  33. 			state.ChainID,
  34. 			block.ChainID,
  35. 		)
  36. 	}
  37. 	if state.LastBlockHeight == 0 && block.Height != state.InitialHeight {
  38. 		return fmt.Errorf("wrong Block.Header.Height. Expected %v for initial block, got %v",
  39. 			block.Height, state.InitialHeight)
  40. 	}
  41. 	if state.LastBlockHeight > 0 && block.Height != state.LastBlockHeight+1 {
  42. 		return fmt.Errorf("wrong Block.Header.Height. Expected %v, got %v",
  43. 			state.LastBlockHeight+1,
  44. 			block.Height,
  45. 		)
  46. 	}
  47. 	// Validate prev block info.

  48. 	if !block.LastBlockID.Equals(state.LastBlockID) {
  49. 		return fmt.Errorf("wrong Block.Header.LastBlockID.  Expected %v, got %v",
  50. 			state.LastBlockID,
  51. 			block.LastBlockID,
  52. 		)
  53. 	}
  54. 

  55. 	// Validate app info

  56. 	if !bytes.Equal(block.AppHash, state.AppHash) {
  57. 		return fmt.Errorf("wrong Block.Header.AppHash.  Expected %X, got %v",
  58. 			state.AppHash,
  59. 			block.AppHash,
  60. 		)
  61. 	}
  62. 	hashCP := types.HashConsensusParams(state.ConsensusParams)
  63. 	if !bytes.Equal(block.ConsensusHash, hashCP) {
  64. 		return fmt.Errorf("wrong Block.Header.ConsensusHash.  Expected %X, got %v",
  65. 			hashCP,
  66. 			block.ConsensusHash,
  67. 		)
  68. 	}
  69. 	if !bytes.Equal(block.LastResultsHash, state.LastResultsHash) {
  70. 		return fmt.Errorf("wrong Block.Header.LastResultsHash.  Expected %X, got %v",
  71. 			state.LastResultsHash,
  72. 			block.LastResultsHash,
  73. 		)
  74. 	}
  75. 	if !bytes.Equal(block.ValidatorsHash, state.Validators.Hash()) {
  76. 		return fmt.Errorf("wrong Block.Header.ValidatorsHash.  Expected %X, got %v",
  77. 			state.Validators.Hash(),
  78. 			block.ValidatorsHash,
  79. 		)
  80. 	}
  81. 	if !bytes.Equal(block.NextValidatorsHash, state.NextValidators.Hash()) {
  82. 		return fmt.Errorf("wrong Block.Header.NextValidatorsHash.  Expected %X, got %v",
  83. 			state.NextValidators.Hash(),
  84. 			block.NextValidatorsHash,
  85. 		)
  86. 	}
  87. 

  88. 	// Validate block LastCommit.

  89. 	if block.Height == state.InitialHeight {
  90. 		if len(block.LastCommit.Signatures) != 0 {
  91. 			return errors.New("initial block can't have LastCommit signatures")
  92. 		}
  93. 	} else {
  94. 		// LastCommit.Signatures length is checked in VerifyCommit.

  95. 		if err := state.LastValidators.VerifyCommit(
  96. 			state.ChainID, state.LastBlockID, block.Height-1, block.LastCommit); err != nil {
  97. 			return err
  98. 		}
  99. 	}
  100. 

  101. 	// NOTE: We can't actually verify it's the right proposer because we dont

  102. 	// know what round the block was first proposed. So just check that it's

  103. 	// a legit address and a known validator.

  104. 	if len(block.ProposerAddress) != crypto.AddressSize {
  105. 		return fmt.Errorf("expected ProposerAddress size %d, got %d",
  106. 			crypto.AddressSize,
  107. 			len(block.ProposerAddress),
  108. 		)
  109. 	}
  110. 	if !state.Validators.HasAddress(block.ProposerAddress) {
  111. 		return fmt.Errorf("block.Header.ProposerAddress %X is not a validator",
  112. 			block.ProposerAddress,
  113. 		)
  114. 	}
  115. 

  116. 	// Validate block Time

  117. 	switch {
  118. 	case block.Height > state.InitialHeight:
  119. 		if !block.Time.After(state.LastBlockTime) {
  120. 			return fmt.Errorf("block time %v not greater than last block time %v",
  121. 				block.Time,
  122. 				state.LastBlockTime,
  123. 			)
  124. 		}
  125. 		medianTime := MedianTime(block.LastCommit, state.LastValidators)
  126. 		if !block.Time.Equal(medianTime) {
  127. 			return fmt.Errorf("invalid block time. Expected %v, got %v",
  128. 				medianTime,
  129. 				block.Time,
  130. 			)
  131. 		}
  132. 

  133. 	case block.Height == state.InitialHeight:
  134. 		genesisTime := state.LastBlockTime
  135. 		if !block.Time.Equal(genesisTime) {
  136. 			return fmt.Errorf("block time %v is not equal to genesis time %v",
  137. 				block.Time,
  138. 				genesisTime,
  139. 			)
  140. 		}
  141. 

  142. 	default:
  143. 		return fmt.Errorf("block height %v lower than initial height %v",
  144. 			block.Height, state.InitialHeight)
  145. 	}
  146. 

  147. 	// Limit the amount of evidence

  148. 	numEvidence := len(block.Evidence.Evidence)
  149. 	// MaxNumEvidence is capped at uint16, so conversion is always safe.

  150. 	if maxEvidence := int(state.ConsensusParams.Evidence.MaxNum); numEvidence > maxEvidence {
  151. 		return types.NewErrEvidenceOverflow(maxEvidence, numEvidence)
  152. 	}
  153. 

  154. 	// Validate all evidence.

  155. 	for idx, ev := range block.Evidence.Evidence {
  156. 		// check that no evidence has been submitted more than once

  157. 		for i := idx + 1; i < len(block.Evidence.Evidence); i++ {
  158. 			if ev.Equal(block.Evidence.Evidence[i]) {
  159. 				return types.NewErrEvidenceInvalid(ev, errors.New("evidence was submitted twice"))
  160. 			}
  161. 		}
  162. 		if evidencePool != nil {
  163. 			if evidencePool.IsCommitted(ev) {
  164. 				return types.NewErrEvidenceInvalid(ev, errors.New("evidence was already committed"))
  165. 			}
  166. 			if evidencePool.IsPending(ev) {
  167. 				continue
  168. 			}
  169. 		}
  170. 		// if we don't already have amnesia evidence we need to add it to start our own trial period unless

  171. 		// a) a valid polc has already been attached

  172. 		// b) the accused node voted back on an earlier round

  173. 		if ae, ok := ev.(*types.AmnesiaEvidence); ok && ae.Polc.IsAbsent() && ae.PotentialAmnesiaEvidence.VoteA.Round <
  174. 			ae.PotentialAmnesiaEvidence.VoteB.Round {
  175. 			if err := evidencePool.AddEvidence(ae.PotentialAmnesiaEvidence); err != nil {
  176. 				return types.NewErrEvidenceInvalid(ev,
  177. 					fmt.Errorf("unknown amnesia evidence, trying to add to evidence pool, err: %w", err))
  178. 			}
  179. 			return types.NewErrEvidenceInvalid(ev, errors.New("amnesia evidence is new and hasn't undergone trial period yet"))
  180. 		}
  181. 

  182. 		// A header needs to be fetched. For lunatic evidence this is so we can verify

  183. 		// that some of the fields are different to the ones we have. For all evidence it

  184. 		// it so we can verify that the time of the evidence is correct

  185. 		header := evidencePool.Header(ev.Height())
  186. 		if header == nil {
  187. 			return fmt.Errorf("don't have block meta at height #%d", ev.Height())
  188. 		}
  189. 

  190. 		if err := VerifyEvidence(stateDB, state, ev, header); err != nil {
  191. 			return types.NewErrEvidenceInvalid(ev, err)
  192. 		}
  193. 

  194. 	}
  195. 

  196. 	return nil
  197. }
  198. 

  199. // VerifyEvidence verifies the evidence fully by checking:

  200. // - it is sufficiently recent (MaxAge)

  201. // - it is from a key who was a validator at the given height

  202. // - it is internally consistent

  203. // - it was properly signed by the alleged equivocator

  204. func VerifyEvidence(stateDB dbm.DB, state State, evidence types.Evidence, committedHeader *types.Header) error {
  205. 	var (
  206. 		height         = state.LastBlockHeight
  207. 		evidenceParams = state.ConsensusParams.Evidence
  208. 

  209. 		ageDuration  = state.LastBlockTime.Sub(evidence.Time())
  210. 		ageNumBlocks = height - evidence.Height()
  211. 	)
  212. 

  213. 	if committedHeader.Time != evidence.Time() {
  214. 		return fmt.Errorf("evidence time (%v) is different to the time of the header we have for the same height (%v)",
  215. 			evidence.Time(),
  216. 			committedHeader.Time,
  217. 		)
  218. 	}
  219. 

  220. 	if ageDuration > evidenceParams.MaxAgeDuration && ageNumBlocks > evidenceParams.MaxAgeNumBlocks {
  221. 		return fmt.Errorf(
  222. 			"evidence from height %d (created at: %v) is too old; min height is %d and evidence can not be older than %v",
  223. 			evidence.Height(),
  224. 			evidence.Time(),
  225. 			height-evidenceParams.MaxAgeNumBlocks,
  226. 			state.LastBlockTime.Add(evidenceParams.MaxAgeDuration),
  227. 		)
  228. 	}
  229. 	if ev, ok := evidence.(*types.LunaticValidatorEvidence); ok {
  230. 		if err := ev.VerifyHeader(committedHeader); err != nil {
  231. 			return err
  232. 		}
  233. 	}
  234. 

  235. 	valset, err := LoadValidators(stateDB, evidence.Height())
  236. 	if err != nil {
  237. 		// TODO: if err is just that we cant find it cuz we pruned, ignore.

  238. 		// TODO: if its actually bad evidence, punish peer

  239. 		return err
  240. 	}
  241. 

  242. 	addr := evidence.Address()
  243. 	var val *types.Validator
  244. 

  245. 	if ae, ok := evidence.(*types.AmnesiaEvidence); ok {
  246. 		// check the validator set against the polc to make sure that a majority of valid votes was reached

  247. 		if !ae.Polc.IsAbsent() {
  248. 			err = ae.Polc.ValidateVotes(valset, state.ChainID)
  249. 			if err != nil {
  250. 				return fmt.Errorf("amnesia evidence contains invalid polc, err: %w", err)
  251. 			}
  252. 		}
  253. 	}
  254. 

  255. 	// For all other types, expect evidence.Address to be a validator at height

  256. 	// evidence.Height.

  257. 	_, val = valset.GetByAddress(addr)
  258. 	if val == nil {
  259. 		return fmt.Errorf("address %X was not a validator at height %d", addr, evidence.Height())
  260. 	}
  261. 

  262. 	if err := evidence.Verify(state.ChainID, val.PubKey); err != nil {
  263. 		return err
  264. 	}
  265. 

  266. 	return nil
  267. }