You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

628 lines
24 KiB

  1. package evidence_test
  2. import (
  3. "bytes"
  4. "context"
  5. "testing"
  6. "time"
  7. "github.com/stretchr/testify/assert"
  8. "github.com/stretchr/testify/require"
  9. dbm "github.com/tendermint/tm-db"
  10. "github.com/tendermint/tendermint/crypto"
  11. "github.com/tendermint/tendermint/crypto/tmhash"
  12. "github.com/tendermint/tendermint/internal/evidence"
  13. "github.com/tendermint/tendermint/internal/evidence/mocks"
  14. sm "github.com/tendermint/tendermint/internal/state"
  15. smmocks "github.com/tendermint/tendermint/internal/state/mocks"
  16. "github.com/tendermint/tendermint/internal/test/factory"
  17. "github.com/tendermint/tendermint/libs/log"
  18. tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
  19. "github.com/tendermint/tendermint/types"
  20. )
  21. const (
  22. defaultVotingPower = 10
  23. )
  24. func TestVerifyLightClientAttack_Lunatic(t *testing.T) {
  25. const (
  26. height int64 = 10
  27. commonHeight int64 = 4
  28. totalVals = 10
  29. byzVals = 4
  30. )
  31. ctx, cancel := context.WithCancel(context.Background())
  32. defer cancel()
  33. attackTime := defaultEvidenceTime.Add(1 * time.Hour)
  34. // create valid lunatic evidence
  35. ev, trusted, common := makeLunaticEvidence(ctx,
  36. t, height, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
  37. require.NoError(t, ev.ValidateBasic())
  38. // good pass -> no error
  39. err := evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
  40. defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
  41. assert.NoError(t, err)
  42. // trusted and conflicting hashes are the same -> an error should be returned
  43. err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, ev.ConflictingBlock.SignedHeader, common.ValidatorSet,
  44. defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
  45. assert.Error(t, err)
  46. // evidence with different total validator power should fail
  47. ev.TotalVotingPower = 1 * defaultVotingPower
  48. err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
  49. defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
  50. assert.NoError(t, err)
  51. assert.Error(t, ev.ValidateABCI(common.ValidatorSet, trusted.SignedHeader, defaultEvidenceTime))
  52. // evidence without enough malicious votes should fail
  53. ev, trusted, common = makeLunaticEvidence(ctx,
  54. t, height, commonHeight, totalVals, byzVals-1, totalVals-byzVals, defaultEvidenceTime, attackTime)
  55. err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader, common.ValidatorSet,
  56. defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour)
  57. assert.Error(t, err)
  58. }
  59. func TestVerify_LunaticAttackAgainstState(t *testing.T) {
  60. const (
  61. height int64 = 10
  62. commonHeight int64 = 4
  63. totalVals = 10
  64. byzVals = 4
  65. )
  66. ctx, cancel := context.WithCancel(context.Background())
  67. defer cancel()
  68. attackTime := defaultEvidenceTime.Add(1 * time.Hour)
  69. // create valid lunatic evidence
  70. ev, trusted, common := makeLunaticEvidence(ctx,
  71. t, height, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
  72. // now we try to test verification against state
  73. state := sm.State{
  74. LastBlockTime: defaultEvidenceTime.Add(2 * time.Hour),
  75. LastBlockHeight: height + 1,
  76. ConsensusParams: *types.DefaultConsensusParams(),
  77. }
  78. stateStore := &smmocks.Store{}
  79. stateStore.On("LoadValidators", commonHeight).Return(common.ValidatorSet, nil)
  80. stateStore.On("Load").Return(state, nil)
  81. blockStore := &mocks.BlockStore{}
  82. blockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
  83. blockStore.On("LoadBlockMeta", height).Return(&types.BlockMeta{Header: *trusted.Header})
  84. blockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
  85. blockStore.On("LoadBlockCommit", height).Return(trusted.Commit)
  86. pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore)
  87. require.NoError(t, err)
  88. evList := types.EvidenceList{ev}
  89. // check that the evidence pool correctly verifies the evidence
  90. assert.NoError(t, pool.CheckEvidence(evList))
  91. // as it was not originally in the pending bucket, it should now have been added
  92. pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
  93. assert.Equal(t, 1, len(pendingEvs))
  94. assert.Equal(t, ev, pendingEvs[0])
  95. // if we submit evidence only against a single byzantine validator when we see there are more validators then this
  96. // should return an error
  97. ev.ByzantineValidators = ev.ByzantineValidators[:1]
  98. t.Log(evList)
  99. assert.Error(t, pool.CheckEvidence(evList))
  100. // restore original byz vals
  101. ev.ByzantineValidators = ev.GetByzantineValidators(common.ValidatorSet, trusted.SignedHeader)
  102. // duplicate evidence should be rejected
  103. evList = types.EvidenceList{ev, ev}
  104. pool, err = evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore)
  105. require.NoError(t, err)
  106. assert.Error(t, pool.CheckEvidence(evList))
  107. // If evidence is submitted with an altered timestamp it should return an error
  108. ev.Timestamp = defaultEvidenceTime.Add(1 * time.Minute)
  109. pool, err = evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore)
  110. require.NoError(t, err)
  111. assert.Error(t, pool.AddEvidence(ev))
  112. ev.Timestamp = defaultEvidenceTime
  113. // Evidence submitted with a different validator power should fail
  114. ev.TotalVotingPower = 1
  115. pool, err = evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore)
  116. require.NoError(t, err)
  117. assert.Error(t, pool.AddEvidence(ev))
  118. ev.TotalVotingPower = common.ValidatorSet.TotalVotingPower()
  119. }
  120. func TestVerify_ForwardLunaticAttack(t *testing.T) {
  121. const (
  122. nodeHeight int64 = 8
  123. attackHeight int64 = 10
  124. commonHeight int64 = 4
  125. totalVals = 10
  126. byzVals = 5
  127. )
  128. attackTime := defaultEvidenceTime.Add(1 * time.Hour)
  129. ctx, cancel := context.WithCancel(context.Background())
  130. defer cancel()
  131. // create a forward lunatic attack
  132. ev, trusted, common := makeLunaticEvidence(ctx,
  133. t, attackHeight, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
  134. // now we try to test verification against state
  135. state := sm.State{
  136. LastBlockTime: defaultEvidenceTime.Add(2 * time.Hour),
  137. LastBlockHeight: nodeHeight,
  138. ConsensusParams: *types.DefaultConsensusParams(),
  139. }
  140. // modify trusted light block so that it is of a height less than the conflicting one
  141. trusted.Header.Height = state.LastBlockHeight
  142. trusted.Header.Time = state.LastBlockTime
  143. stateStore := &smmocks.Store{}
  144. stateStore.On("LoadValidators", commonHeight).Return(common.ValidatorSet, nil)
  145. stateStore.On("Load").Return(state, nil)
  146. blockStore := &mocks.BlockStore{}
  147. blockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
  148. blockStore.On("LoadBlockMeta", nodeHeight).Return(&types.BlockMeta{Header: *trusted.Header})
  149. blockStore.On("LoadBlockMeta", attackHeight).Return(nil)
  150. blockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
  151. blockStore.On("LoadBlockCommit", nodeHeight).Return(trusted.Commit)
  152. blockStore.On("Height").Return(nodeHeight)
  153. pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore)
  154. require.NoError(t, err)
  155. // check that the evidence pool correctly verifies the evidence
  156. assert.NoError(t, pool.CheckEvidence(types.EvidenceList{ev}))
  157. // now we use a time which isn't able to contradict the FLA - thus we can't verify the evidence
  158. oldBlockStore := &mocks.BlockStore{}
  159. oldHeader := trusted.Header
  160. oldHeader.Time = defaultEvidenceTime
  161. oldBlockStore.On("LoadBlockMeta", commonHeight).Return(&types.BlockMeta{Header: *common.Header})
  162. oldBlockStore.On("LoadBlockMeta", nodeHeight).Return(&types.BlockMeta{Header: *oldHeader})
  163. oldBlockStore.On("LoadBlockMeta", attackHeight).Return(nil)
  164. oldBlockStore.On("LoadBlockCommit", commonHeight).Return(common.Commit)
  165. oldBlockStore.On("LoadBlockCommit", nodeHeight).Return(trusted.Commit)
  166. oldBlockStore.On("Height").Return(nodeHeight)
  167. require.Equal(t, defaultEvidenceTime, oldBlockStore.LoadBlockMeta(nodeHeight).Header.Time)
  168. pool, err = evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, oldBlockStore)
  169. require.NoError(t, err)
  170. assert.Error(t, pool.CheckEvidence(types.EvidenceList{ev}))
  171. }
  172. func TestVerifyLightClientAttack_Equivocation(t *testing.T) {
  173. ctx, cancel := context.WithCancel(context.Background())
  174. defer cancel()
  175. conflictingVals, conflictingPrivVals := factory.ValidatorSet(ctx, t, 5, 10)
  176. conflictingHeader := factory.MakeHeader(t, &types.Header{
  177. ChainID: evidenceChainID,
  178. Height: 10,
  179. Time: defaultEvidenceTime,
  180. ValidatorsHash: conflictingVals.Hash(),
  181. })
  182. trustedHeader := factory.MakeHeader(t, &types.Header{
  183. ChainID: evidenceChainID,
  184. Height: 10,
  185. Time: defaultEvidenceTime,
  186. ValidatorsHash: conflictingHeader.ValidatorsHash,
  187. NextValidatorsHash: conflictingHeader.NextValidatorsHash,
  188. ConsensusHash: conflictingHeader.ConsensusHash,
  189. AppHash: conflictingHeader.AppHash,
  190. LastResultsHash: conflictingHeader.LastResultsHash,
  191. })
  192. // we are simulating a duplicate vote attack where all the validators in the conflictingVals set
  193. // except the last validator vote twice
  194. blockID := factory.MakeBlockIDWithHash(conflictingHeader.Hash())
  195. voteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals)
  196. commit, err := factory.MakeCommit(ctx, blockID, 10, 1, voteSet, conflictingPrivVals[:4], defaultEvidenceTime)
  197. require.NoError(t, err)
  198. ev := &types.LightClientAttackEvidence{
  199. ConflictingBlock: &types.LightBlock{
  200. SignedHeader: &types.SignedHeader{
  201. Header: conflictingHeader,
  202. Commit: commit,
  203. },
  204. ValidatorSet: conflictingVals,
  205. },
  206. CommonHeight: 10,
  207. ByzantineValidators: conflictingVals.Validators[:4],
  208. TotalVotingPower: 50,
  209. Timestamp: defaultEvidenceTime,
  210. }
  211. trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash"))
  212. trustedVoteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals)
  213. trustedCommit, err := factory.MakeCommit(ctx, trustedBlockID, 10, 1,
  214. trustedVoteSet, conflictingPrivVals, defaultEvidenceTime)
  215. require.NoError(t, err)
  216. trustedSignedHeader := &types.SignedHeader{
  217. Header: trustedHeader,
  218. Commit: trustedCommit,
  219. }
  220. // good pass -> no error
  221. require.NoError(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, conflictingVals,
  222. defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
  223. // trusted and conflicting hashes are the same -> an error should be returned
  224. assert.Error(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, ev.ConflictingBlock.SignedHeader, conflictingVals,
  225. defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
  226. // conflicting header has different next validators hash which should have been correctly derived from
  227. // the previous round
  228. ev.ConflictingBlock.Header.NextValidatorsHash = crypto.CRandBytes(tmhash.Size)
  229. assert.Error(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, nil,
  230. defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
  231. // revert next validators hash
  232. ev.ConflictingBlock.Header.NextValidatorsHash = trustedHeader.NextValidatorsHash
  233. state := sm.State{
  234. LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute),
  235. LastBlockHeight: 11,
  236. ConsensusParams: *types.DefaultConsensusParams(),
  237. }
  238. stateStore := &smmocks.Store{}
  239. stateStore.On("LoadValidators", int64(10)).Return(conflictingVals, nil)
  240. stateStore.On("Load").Return(state, nil)
  241. blockStore := &mocks.BlockStore{}
  242. blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: *trustedHeader})
  243. blockStore.On("LoadBlockCommit", int64(10)).Return(trustedCommit)
  244. pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore)
  245. require.NoError(t, err)
  246. evList := types.EvidenceList{ev}
  247. err = pool.CheckEvidence(evList)
  248. assert.NoError(t, err)
  249. pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
  250. assert.Equal(t, 1, len(pendingEvs))
  251. }
  252. func TestVerifyLightClientAttack_Amnesia(t *testing.T) {
  253. ctx, cancel := context.WithCancel(context.Background())
  254. defer cancel()
  255. var height int64 = 10
  256. conflictingVals, conflictingPrivVals := factory.ValidatorSet(ctx, t, 5, 10)
  257. conflictingHeader := factory.MakeHeader(t, &types.Header{
  258. ChainID: evidenceChainID,
  259. Height: height,
  260. Time: defaultEvidenceTime,
  261. ValidatorsHash: conflictingVals.Hash(),
  262. })
  263. trustedHeader := factory.MakeHeader(t, &types.Header{
  264. ChainID: evidenceChainID,
  265. Height: height,
  266. Time: defaultEvidenceTime,
  267. ValidatorsHash: conflictingHeader.ValidatorsHash,
  268. NextValidatorsHash: conflictingHeader.NextValidatorsHash,
  269. ConsensusHash: conflictingHeader.ConsensusHash,
  270. AppHash: conflictingHeader.AppHash,
  271. LastResultsHash: conflictingHeader.LastResultsHash,
  272. })
  273. // we are simulating an amnesia attack where all the validators in the conflictingVals set
  274. // except the last validator vote twice. However this time the commits are of different rounds.
  275. blockID := makeBlockID(conflictingHeader.Hash(), 1000, []byte("partshash"))
  276. voteSet := types.NewVoteSet(evidenceChainID, height, 0, tmproto.SignedMsgType(2), conflictingVals)
  277. commit, err := factory.MakeCommit(ctx, blockID, height, 0, voteSet, conflictingPrivVals, defaultEvidenceTime)
  278. require.NoError(t, err)
  279. ev := &types.LightClientAttackEvidence{
  280. ConflictingBlock: &types.LightBlock{
  281. SignedHeader: &types.SignedHeader{
  282. Header: conflictingHeader,
  283. Commit: commit,
  284. },
  285. ValidatorSet: conflictingVals,
  286. },
  287. CommonHeight: height,
  288. ByzantineValidators: nil, // with amnesia evidence no validators are submitted as abci evidence
  289. TotalVotingPower: 50,
  290. Timestamp: defaultEvidenceTime,
  291. }
  292. trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash"))
  293. trustedVoteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), conflictingVals)
  294. trustedCommit, err := factory.MakeCommit(ctx, trustedBlockID, height, 1,
  295. trustedVoteSet, conflictingPrivVals, defaultEvidenceTime)
  296. require.NoError(t, err)
  297. trustedSignedHeader := &types.SignedHeader{
  298. Header: trustedHeader,
  299. Commit: trustedCommit,
  300. }
  301. // good pass -> no error
  302. require.NoError(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, conflictingVals,
  303. defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
  304. // trusted and conflicting hashes are the same -> an error should be returned
  305. assert.Error(t, evidence.VerifyLightClientAttack(ev, trustedSignedHeader, ev.ConflictingBlock.SignedHeader, conflictingVals,
  306. defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour))
  307. state := sm.State{
  308. LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute),
  309. LastBlockHeight: 11,
  310. ConsensusParams: *types.DefaultConsensusParams(),
  311. }
  312. stateStore := &smmocks.Store{}
  313. stateStore.On("LoadValidators", int64(10)).Return(conflictingVals, nil)
  314. stateStore.On("Load").Return(state, nil)
  315. blockStore := &mocks.BlockStore{}
  316. blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: *trustedHeader})
  317. blockStore.On("LoadBlockCommit", int64(10)).Return(trustedCommit)
  318. pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore)
  319. require.NoError(t, err)
  320. evList := types.EvidenceList{ev}
  321. err = pool.CheckEvidence(evList)
  322. assert.NoError(t, err)
  323. pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes)
  324. assert.Equal(t, 1, len(pendingEvs))
  325. }
  326. type voteData struct {
  327. vote1 *types.Vote
  328. vote2 *types.Vote
  329. valid bool
  330. }
  331. func TestVerifyDuplicateVoteEvidence(t *testing.T) {
  332. ctx, cancel := context.WithCancel(context.Background())
  333. defer cancel()
  334. val := types.NewMockPV()
  335. val2 := types.NewMockPV()
  336. valSet := types.NewValidatorSet([]*types.Validator{val.ExtractIntoValidator(ctx, 1)})
  337. blockID := makeBlockID([]byte("blockhash"), 1000, []byte("partshash"))
  338. blockID2 := makeBlockID([]byte("blockhash2"), 1000, []byte("partshash"))
  339. blockID3 := makeBlockID([]byte("blockhash"), 10000, []byte("partshash"))
  340. blockID4 := makeBlockID([]byte("blockhash"), 10000, []byte("partshash2"))
  341. const chainID = "mychain"
  342. vote1 := makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime)
  343. v1 := vote1.ToProto()
  344. err := val.SignVote(ctx, chainID, v1)
  345. require.NoError(t, err)
  346. badVote := makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime)
  347. bv := badVote.ToProto()
  348. err = val2.SignVote(ctx, chainID, bv)
  349. require.NoError(t, err)
  350. vote1.Signature = v1.Signature
  351. badVote.Signature = bv.Signature
  352. cases := []voteData{
  353. {vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID2, defaultEvidenceTime), true}, // different block ids
  354. {vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID3, defaultEvidenceTime), true},
  355. {vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID4, defaultEvidenceTime), true},
  356. {vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime), false}, // wrong block id
  357. {vote1, makeVote(ctx, t, val, "mychain2", 0, 10, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong chain id
  358. {vote1, makeVote(ctx, t, val, chainID, 0, 11, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong height
  359. {vote1, makeVote(ctx, t, val, chainID, 0, 10, 3, 1, blockID2, defaultEvidenceTime), false}, // wrong round
  360. {vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 2, blockID2, defaultEvidenceTime), false}, // wrong step
  361. {vote1, makeVote(ctx, t, val2, chainID, 0, 10, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong validator
  362. // a different vote time doesn't matter
  363. {vote1, makeVote(ctx, t, val, chainID, 0, 10, 2, 1, blockID2, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)), true},
  364. {vote1, badVote, false}, // signed by wrong key
  365. }
  366. require.NoError(t, err)
  367. for _, c := range cases {
  368. ev := &types.DuplicateVoteEvidence{
  369. VoteA: c.vote1,
  370. VoteB: c.vote2,
  371. ValidatorPower: 1,
  372. TotalVotingPower: 1,
  373. Timestamp: defaultEvidenceTime,
  374. }
  375. if c.valid {
  376. assert.Nil(t, evidence.VerifyDuplicateVote(ev, chainID, valSet), "evidence should be valid")
  377. } else {
  378. assert.NotNil(t, evidence.VerifyDuplicateVote(ev, chainID, valSet), "evidence should be invalid")
  379. }
  380. }
  381. // create good evidence and correct validator power
  382. goodEv, err := types.NewMockDuplicateVoteEvidenceWithValidator(ctx, 10, defaultEvidenceTime, val, chainID)
  383. require.NoError(t, err)
  384. goodEv.ValidatorPower = 1
  385. goodEv.TotalVotingPower = 1
  386. badEv, err := types.NewMockDuplicateVoteEvidenceWithValidator(ctx, 10, defaultEvidenceTime, val, chainID)
  387. require.NoError(t, err)
  388. badTimeEv, err := types.NewMockDuplicateVoteEvidenceWithValidator(ctx, 10, defaultEvidenceTime.Add(1*time.Minute), val, chainID)
  389. require.NoError(t, err)
  390. badTimeEv.ValidatorPower = 1
  391. badTimeEv.TotalVotingPower = 1
  392. state := sm.State{
  393. ChainID: chainID,
  394. LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute),
  395. LastBlockHeight: 11,
  396. ConsensusParams: *types.DefaultConsensusParams(),
  397. }
  398. stateStore := &smmocks.Store{}
  399. stateStore.On("LoadValidators", int64(10)).Return(valSet, nil)
  400. stateStore.On("Load").Return(state, nil)
  401. blockStore := &mocks.BlockStore{}
  402. blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: types.Header{Time: defaultEvidenceTime}})
  403. pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore)
  404. require.NoError(t, err)
  405. evList := types.EvidenceList{goodEv}
  406. err = pool.CheckEvidence(evList)
  407. assert.NoError(t, err)
  408. // evidence with a different validator power should fail
  409. evList = types.EvidenceList{badEv}
  410. err = pool.CheckEvidence(evList)
  411. assert.Error(t, err)
  412. // evidence with a different timestamp should fail
  413. evList = types.EvidenceList{badTimeEv}
  414. err = pool.CheckEvidence(evList)
  415. assert.Error(t, err)
  416. }
  417. func makeLunaticEvidence(
  418. ctx context.Context,
  419. t *testing.T,
  420. height, commonHeight int64,
  421. totalVals, byzVals, phantomVals int,
  422. commonTime, attackTime time.Time,
  423. ) (ev *types.LightClientAttackEvidence, trusted *types.LightBlock, common *types.LightBlock) {
  424. t.Helper()
  425. commonValSet, commonPrivVals := factory.ValidatorSet(ctx, t, totalVals, defaultVotingPower)
  426. require.Greater(t, totalVals, byzVals)
  427. // extract out the subset of byzantine validators in the common validator set
  428. byzValSet, byzPrivVals := commonValSet.Validators[:byzVals], commonPrivVals[:byzVals]
  429. phantomValSet, phantomPrivVals := factory.ValidatorSet(ctx, t, phantomVals, defaultVotingPower)
  430. conflictingVals := phantomValSet.Copy()
  431. require.NoError(t, conflictingVals.UpdateWithChangeSet(byzValSet))
  432. conflictingPrivVals := append(phantomPrivVals, byzPrivVals...)
  433. conflictingPrivVals = orderPrivValsByValSet(ctx, t, conflictingVals, conflictingPrivVals)
  434. commonHeader := factory.MakeHeader(t, &types.Header{
  435. ChainID: evidenceChainID,
  436. Height: commonHeight,
  437. Time: commonTime,
  438. })
  439. trustedHeader := factory.MakeHeader(t, &types.Header{
  440. ChainID: evidenceChainID,
  441. Height: height,
  442. Time: defaultEvidenceTime,
  443. })
  444. conflictingHeader := factory.MakeHeader(t, &types.Header{
  445. ChainID: evidenceChainID,
  446. Height: height,
  447. Time: attackTime,
  448. ValidatorsHash: conflictingVals.Hash(),
  449. })
  450. blockID := factory.MakeBlockIDWithHash(conflictingHeader.Hash())
  451. voteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), conflictingVals)
  452. commit, err := factory.MakeCommit(ctx, blockID, height, 1, voteSet, conflictingPrivVals, defaultEvidenceTime)
  453. require.NoError(t, err)
  454. ev = &types.LightClientAttackEvidence{
  455. ConflictingBlock: &types.LightBlock{
  456. SignedHeader: &types.SignedHeader{
  457. Header: conflictingHeader,
  458. Commit: commit,
  459. },
  460. ValidatorSet: conflictingVals,
  461. },
  462. CommonHeight: commonHeight,
  463. TotalVotingPower: commonValSet.TotalVotingPower(),
  464. ByzantineValidators: byzValSet,
  465. Timestamp: commonTime,
  466. }
  467. common = &types.LightBlock{
  468. SignedHeader: &types.SignedHeader{
  469. Header: commonHeader,
  470. // we can leave this empty because we shouldn't be checking this
  471. Commit: &types.Commit{},
  472. },
  473. ValidatorSet: commonValSet,
  474. }
  475. trustedBlockID := factory.MakeBlockIDWithHash(trustedHeader.Hash())
  476. trustedVals, privVals := factory.ValidatorSet(ctx, t, totalVals, defaultVotingPower)
  477. trustedVoteSet := types.NewVoteSet(evidenceChainID, height, 1, tmproto.SignedMsgType(2), trustedVals)
  478. trustedCommit, err := factory.MakeCommit(ctx, trustedBlockID, height, 1, trustedVoteSet, privVals, defaultEvidenceTime)
  479. require.NoError(t, err)
  480. trusted = &types.LightBlock{
  481. SignedHeader: &types.SignedHeader{
  482. Header: trustedHeader,
  483. Commit: trustedCommit,
  484. },
  485. ValidatorSet: trustedVals,
  486. }
  487. return ev, trusted, common
  488. }
  489. func makeVote(
  490. ctx context.Context,
  491. t *testing.T, val types.PrivValidator, chainID string, valIndex int32, height int64,
  492. round int32, step int, blockID types.BlockID, time time.Time,
  493. ) *types.Vote {
  494. pubKey, err := val.GetPubKey(ctx)
  495. require.NoError(t, err)
  496. v := &types.Vote{
  497. ValidatorAddress: pubKey.Address(),
  498. ValidatorIndex: valIndex,
  499. Height: height,
  500. Round: round,
  501. Type: tmproto.SignedMsgType(step),
  502. BlockID: blockID,
  503. Timestamp: time,
  504. }
  505. vpb := v.ToProto()
  506. err = val.SignVote(ctx, chainID, vpb)
  507. require.NoError(t, err)
  508. v.Signature = vpb.Signature
  509. return v
  510. }
  511. func makeBlockID(hash []byte, partSetSize uint32, partSetHash []byte) types.BlockID {
  512. var (
  513. h = make([]byte, tmhash.Size)
  514. psH = make([]byte, tmhash.Size)
  515. )
  516. copy(h, hash)
  517. copy(psH, partSetHash)
  518. return types.BlockID{
  519. Hash: h,
  520. PartSetHeader: types.PartSetHeader{
  521. Total: partSetSize,
  522. Hash: psH,
  523. },
  524. }
  525. }
  526. func orderPrivValsByValSet(ctx context.Context, t *testing.T, vals *types.ValidatorSet, privVals []types.PrivValidator) []types.PrivValidator {
  527. output := make([]types.PrivValidator, len(privVals))
  528. for idx, v := range vals.Validators {
  529. for _, p := range privVals {
  530. pubKey, err := p.GetPubKey(ctx)
  531. require.NoError(t, err)
  532. if bytes.Equal(v.Address, pubKey.Address()) {
  533. output[idx] = p
  534. break
  535. }
  536. }
  537. require.NotEmpty(t, output[idx])
  538. }
  539. return output
  540. }