package evidence_test import ( "testing" "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" dbm "github.com/tendermint/tm-db" "github.com/tendermint/tendermint/crypto" "github.com/tendermint/tendermint/crypto/tmhash" "github.com/tendermint/tendermint/evidence" "github.com/tendermint/tendermint/evidence/mocks" "github.com/tendermint/tendermint/libs/log" tmproto "github.com/tendermint/tendermint/proto/tendermint/types" sm "github.com/tendermint/tendermint/state" smmocks "github.com/tendermint/tendermint/state/mocks" "github.com/tendermint/tendermint/types" "github.com/tendermint/tendermint/version" ) func TestVerifyLightClientAttack_Lunatic(t *testing.T) { commonVals, commonPrivVals := types.RandValidatorSet(2, 10) newVal, newPrivVal := types.RandValidator(false, 9) conflictingVals, err := types.ValidatorSetFromExistingValidators(append(commonVals.Validators, newVal)) require.NoError(t, err) conflictingPrivVals := append(commonPrivVals, newPrivVal) commonHeader := makeHeaderRandom(4) commonHeader.Time = defaultEvidenceTime trustedHeader := makeHeaderRandom(10) conflictingHeader := makeHeaderRandom(10) conflictingHeader.Time = defaultEvidenceTime.Add(1 * time.Hour) conflictingHeader.ValidatorsHash = conflictingVals.Hash() // we are simulating a lunatic light client attack blockID := makeBlockID(conflictingHeader.Hash(), 1000, []byte("partshash")) voteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals) commit, err := types.MakeCommit(blockID, 10, 1, voteSet, conflictingPrivVals, defaultEvidenceTime) require.NoError(t, err) ev := &types.LightClientAttackEvidence{ ConflictingBlock: &types.LightBlock{ SignedHeader: &types.SignedHeader{ Header: conflictingHeader, Commit: commit, }, ValidatorSet: conflictingVals, }, CommonHeight: 4, TotalVotingPower: 20, ByzantineValidators: commonVals.Validators, Timestamp: defaultEvidenceTime, } commonSignedHeader := &types.SignedHeader{ Header: commonHeader, Commit: &types.Commit{}, } trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash")) vals, privVals := types.RandValidatorSet(3, 8) trustedVoteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), vals) trustedCommit, err := types.MakeCommit(trustedBlockID, 10, 1, trustedVoteSet, privVals, defaultEvidenceTime) require.NoError(t, err) trustedSignedHeader := &types.SignedHeader{ Header: trustedHeader, Commit: trustedCommit, } // good pass -> no error err = evidence.VerifyLightClientAttack(ev, commonSignedHeader, trustedSignedHeader, commonVals, defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour) assert.NoError(t, err) // trusted and conflicting hashes are the same -> an error should be returned err = evidence.VerifyLightClientAttack(ev, commonSignedHeader, ev.ConflictingBlock.SignedHeader, commonVals, defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour) assert.Error(t, err) // evidence with different total validator power should fail ev.TotalVotingPower = 1 err = evidence.VerifyLightClientAttack(ev, commonSignedHeader, trustedSignedHeader, commonVals, defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour) assert.Error(t, err) ev.TotalVotingPower = 20 state := sm.State{ LastBlockTime: defaultEvidenceTime.Add(2 * time.Hour), LastBlockHeight: 11, ConsensusParams: *types.DefaultConsensusParams(), } stateStore := &smmocks.Store{} stateStore.On("LoadValidators", int64(4)).Return(commonVals, nil) stateStore.On("Load").Return(state, nil) blockStore := &mocks.BlockStore{} blockStore.On("LoadBlockMeta", int64(4)).Return(&types.BlockMeta{Header: *commonHeader}) blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: *trustedHeader}) blockStore.On("LoadBlockCommit", int64(4)).Return(commit) blockStore.On("LoadBlockCommit", int64(10)).Return(trustedCommit) pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore) require.NoError(t, err) evList := types.EvidenceList{ev} err = pool.CheckEvidence(evList) assert.NoError(t, err) pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes) assert.Equal(t, 1, len(pendingEvs)) // if we submit evidence only against a single byzantine validator when we see there are more validators then this // should return an error ev.ByzantineValidators = []*types.Validator{commonVals.Validators[0]} err = pool.CheckEvidence(evList) assert.Error(t, err) ev.ByzantineValidators = commonVals.Validators // restore evidence // If evidence is submitted with an altered timestamp it should return an error ev.Timestamp = defaultEvidenceTime.Add(1 * time.Minute) err = pool.CheckEvidence(evList) assert.Error(t, err) } func TestVerifyLightClientAttack_Equivocation(t *testing.T) { conflictingVals, conflictingPrivVals := types.RandValidatorSet(5, 10) trustedHeader := makeHeaderRandom(10) conflictingHeader := makeHeaderRandom(10) conflictingHeader.ValidatorsHash = conflictingVals.Hash() trustedHeader.ValidatorsHash = conflictingHeader.ValidatorsHash trustedHeader.NextValidatorsHash = conflictingHeader.NextValidatorsHash trustedHeader.ConsensusHash = conflictingHeader.ConsensusHash trustedHeader.AppHash = conflictingHeader.AppHash trustedHeader.LastResultsHash = conflictingHeader.LastResultsHash // we are simulating a duplicate vote attack where all the validators in the conflictingVals set // except the last validator vote twice blockID := makeBlockID(conflictingHeader.Hash(), 1000, []byte("partshash")) voteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals) commit, err := types.MakeCommit(blockID, 10, 1, voteSet, conflictingPrivVals[:4], defaultEvidenceTime) require.NoError(t, err) ev := &types.LightClientAttackEvidence{ ConflictingBlock: &types.LightBlock{ SignedHeader: &types.SignedHeader{ Header: conflictingHeader, Commit: commit, }, ValidatorSet: conflictingVals, }, CommonHeight: 10, ByzantineValidators: conflictingVals.Validators[:4], TotalVotingPower: 50, Timestamp: defaultEvidenceTime, } trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash")) trustedVoteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals) trustedCommit, err := types.MakeCommit(trustedBlockID, 10, 1, trustedVoteSet, conflictingPrivVals, defaultEvidenceTime) require.NoError(t, err) trustedSignedHeader := &types.SignedHeader{ Header: trustedHeader, Commit: trustedCommit, } // good pass -> no error err = evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, conflictingVals, defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour) assert.NoError(t, err) // trusted and conflicting hashes are the same -> an error should be returned err = evidence.VerifyLightClientAttack(ev, trustedSignedHeader, ev.ConflictingBlock.SignedHeader, conflictingVals, defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour) assert.Error(t, err) // conflicting header has different next validators hash which should have been correctly derived from // the previous round ev.ConflictingBlock.Header.NextValidatorsHash = crypto.CRandBytes(tmhash.Size) err = evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, nil, defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour) assert.Error(t, err) // revert next validators hash ev.ConflictingBlock.Header.NextValidatorsHash = trustedHeader.NextValidatorsHash state := sm.State{ LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute), LastBlockHeight: 11, ConsensusParams: *types.DefaultConsensusParams(), } stateStore := &smmocks.Store{} stateStore.On("LoadValidators", int64(10)).Return(conflictingVals, nil) stateStore.On("Load").Return(state, nil) blockStore := &mocks.BlockStore{} blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: *trustedHeader}) blockStore.On("LoadBlockCommit", int64(10)).Return(trustedCommit) pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore) require.NoError(t, err) evList := types.EvidenceList{ev} err = pool.CheckEvidence(evList) assert.NoError(t, err) pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes) assert.Equal(t, 1, len(pendingEvs)) } func TestVerifyLightClientAttack_Amnesia(t *testing.T) { conflictingVals, conflictingPrivVals := types.RandValidatorSet(5, 10) conflictingHeader := makeHeaderRandom(10) conflictingHeader.ValidatorsHash = conflictingVals.Hash() trustedHeader := makeHeaderRandom(10) trustedHeader.ValidatorsHash = conflictingHeader.ValidatorsHash trustedHeader.NextValidatorsHash = conflictingHeader.NextValidatorsHash trustedHeader.AppHash = conflictingHeader.AppHash trustedHeader.ConsensusHash = conflictingHeader.ConsensusHash trustedHeader.LastResultsHash = conflictingHeader.LastResultsHash // we are simulating an amnesia attack where all the validators in the conflictingVals set // except the last validator vote twice. However this time the commits are of different rounds. blockID := makeBlockID(conflictingHeader.Hash(), 1000, []byte("partshash")) voteSet := types.NewVoteSet(evidenceChainID, 10, 0, tmproto.SignedMsgType(2), conflictingVals) commit, err := types.MakeCommit(blockID, 10, 0, voteSet, conflictingPrivVals, defaultEvidenceTime) require.NoError(t, err) ev := &types.LightClientAttackEvidence{ ConflictingBlock: &types.LightBlock{ SignedHeader: &types.SignedHeader{ Header: conflictingHeader, Commit: commit, }, ValidatorSet: conflictingVals, }, CommonHeight: 10, ByzantineValidators: nil, // with amnesia evidence no validators are submitted as abci evidence TotalVotingPower: 50, Timestamp: defaultEvidenceTime, } trustedBlockID := makeBlockID(trustedHeader.Hash(), 1000, []byte("partshash")) trustedVoteSet := types.NewVoteSet(evidenceChainID, 10, 1, tmproto.SignedMsgType(2), conflictingVals) trustedCommit, err := types.MakeCommit(trustedBlockID, 10, 1, trustedVoteSet, conflictingPrivVals, defaultEvidenceTime) require.NoError(t, err) trustedSignedHeader := &types.SignedHeader{ Header: trustedHeader, Commit: trustedCommit, } // good pass -> no error err = evidence.VerifyLightClientAttack(ev, trustedSignedHeader, trustedSignedHeader, conflictingVals, defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour) assert.NoError(t, err) // trusted and conflicting hashes are the same -> an error should be returned err = evidence.VerifyLightClientAttack(ev, trustedSignedHeader, ev.ConflictingBlock.SignedHeader, conflictingVals, defaultEvidenceTime.Add(1*time.Minute), 2*time.Hour) assert.Error(t, err) state := sm.State{ LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute), LastBlockHeight: 11, ConsensusParams: *types.DefaultConsensusParams(), } stateStore := &smmocks.Store{} stateStore.On("LoadValidators", int64(10)).Return(conflictingVals, nil) stateStore.On("Load").Return(state, nil) blockStore := &mocks.BlockStore{} blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: *trustedHeader}) blockStore.On("LoadBlockCommit", int64(10)).Return(trustedCommit) pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore) require.NoError(t, err) evList := types.EvidenceList{ev} err = pool.CheckEvidence(evList) assert.NoError(t, err) pendingEvs, _ := pool.PendingEvidence(state.ConsensusParams.Evidence.MaxBytes) assert.Equal(t, 1, len(pendingEvs)) } type voteData struct { vote1 *types.Vote vote2 *types.Vote valid bool } func TestVerifyDuplicateVoteEvidence(t *testing.T) { val := types.NewMockPV() val2 := types.NewMockPV() valSet := types.NewValidatorSet([]*types.Validator{val.ExtractIntoValidator(1)}) blockID := makeBlockID([]byte("blockhash"), 1000, []byte("partshash")) blockID2 := makeBlockID([]byte("blockhash2"), 1000, []byte("partshash")) blockID3 := makeBlockID([]byte("blockhash"), 10000, []byte("partshash")) blockID4 := makeBlockID([]byte("blockhash"), 10000, []byte("partshash2")) const chainID = "mychain" vote1 := makeVote(t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime) v1 := vote1.ToProto() err := val.SignVote(chainID, v1) require.NoError(t, err) badVote := makeVote(t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime) bv := badVote.ToProto() err = val2.SignVote(chainID, bv) require.NoError(t, err) vote1.Signature = v1.Signature badVote.Signature = bv.Signature cases := []voteData{ {vote1, makeVote(t, val, chainID, 0, 10, 2, 1, blockID2, defaultEvidenceTime), true}, // different block ids {vote1, makeVote(t, val, chainID, 0, 10, 2, 1, blockID3, defaultEvidenceTime), true}, {vote1, makeVote(t, val, chainID, 0, 10, 2, 1, blockID4, defaultEvidenceTime), true}, {vote1, makeVote(t, val, chainID, 0, 10, 2, 1, blockID, defaultEvidenceTime), false}, // wrong block id {vote1, makeVote(t, val, "mychain2", 0, 10, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong chain id {vote1, makeVote(t, val, chainID, 0, 11, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong height {vote1, makeVote(t, val, chainID, 0, 10, 3, 1, blockID2, defaultEvidenceTime), false}, // wrong round {vote1, makeVote(t, val, chainID, 0, 10, 2, 2, blockID2, defaultEvidenceTime), false}, // wrong step {vote1, makeVote(t, val2, chainID, 0, 10, 2, 1, blockID2, defaultEvidenceTime), false}, // wrong validator // a different vote time doesn't matter {vote1, makeVote(t, val, chainID, 0, 10, 2, 1, blockID2, time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC)), true}, {vote1, badVote, false}, // signed by wrong key } require.NoError(t, err) for _, c := range cases { ev := &types.DuplicateVoteEvidence{ VoteA: c.vote1, VoteB: c.vote2, ValidatorPower: 1, TotalVotingPower: 1, Timestamp: defaultEvidenceTime, } if c.valid { assert.Nil(t, evidence.VerifyDuplicateVote(ev, chainID, valSet), "evidence should be valid") } else { assert.NotNil(t, evidence.VerifyDuplicateVote(ev, chainID, valSet), "evidence should be invalid") } } // create good evidence and correct validator power goodEv := types.NewMockDuplicateVoteEvidenceWithValidator(10, defaultEvidenceTime, val, chainID) goodEv.ValidatorPower = 1 goodEv.TotalVotingPower = 1 badEv := types.NewMockDuplicateVoteEvidenceWithValidator(10, defaultEvidenceTime, val, chainID) badTimeEv := types.NewMockDuplicateVoteEvidenceWithValidator(10, defaultEvidenceTime.Add(1*time.Minute), val, chainID) badTimeEv.ValidatorPower = 1 badTimeEv.TotalVotingPower = 1 state := sm.State{ ChainID: chainID, LastBlockTime: defaultEvidenceTime.Add(1 * time.Minute), LastBlockHeight: 11, ConsensusParams: *types.DefaultConsensusParams(), } stateStore := &smmocks.Store{} stateStore.On("LoadValidators", int64(10)).Return(valSet, nil) stateStore.On("Load").Return(state, nil) blockStore := &mocks.BlockStore{} blockStore.On("LoadBlockMeta", int64(10)).Return(&types.BlockMeta{Header: types.Header{Time: defaultEvidenceTime}}) pool, err := evidence.NewPool(log.TestingLogger(), dbm.NewMemDB(), stateStore, blockStore) require.NoError(t, err) evList := types.EvidenceList{goodEv} err = pool.CheckEvidence(evList) assert.NoError(t, err) // evidence with a different validator power should fail evList = types.EvidenceList{badEv} err = pool.CheckEvidence(evList) assert.Error(t, err) // evidence with a different timestamp should fail evList = types.EvidenceList{badTimeEv} err = pool.CheckEvidence(evList) assert.Error(t, err) } func makeVote( t *testing.T, val types.PrivValidator, chainID string, valIndex int32, height int64, round int32, step int, blockID types.BlockID, time time.Time) *types.Vote { pubKey, err := val.GetPubKey() require.NoError(t, err) v := &types.Vote{ ValidatorAddress: pubKey.Address(), ValidatorIndex: valIndex, Height: height, Round: round, Type: tmproto.SignedMsgType(step), BlockID: blockID, Timestamp: time, } vpb := v.ToProto() err = val.SignVote(chainID, vpb) if err != nil { panic(err) } v.Signature = vpb.Signature return v } func makeHeaderRandom(height int64) *types.Header { return &types.Header{ Version: version.Consensus{Block: version.BlockProtocol, App: 1}, ChainID: evidenceChainID, Height: height, Time: defaultEvidenceTime, LastBlockID: makeBlockID([]byte("headerhash"), 1000, []byte("partshash")), LastCommitHash: crypto.CRandBytes(tmhash.Size), DataHash: crypto.CRandBytes(tmhash.Size), ValidatorsHash: crypto.CRandBytes(tmhash.Size), NextValidatorsHash: crypto.CRandBytes(tmhash.Size), ConsensusHash: crypto.CRandBytes(tmhash.Size), AppHash: crypto.CRandBytes(tmhash.Size), LastResultsHash: crypto.CRandBytes(tmhash.Size), EvidenceHash: crypto.CRandBytes(tmhash.Size), ProposerAddress: crypto.CRandBytes(crypto.AddressSize), } } func makeBlockID(hash []byte, partSetSize uint32, partSetHash []byte) types.BlockID { var ( h = make([]byte, tmhash.Size) psH = make([]byte, tmhash.Size) ) copy(h, hash) copy(psH, partSetHash) return types.BlockID{ Hash: h, PartSetHeader: types.PartSetHeader{ Total: partSetSize, Hash: psH, }, } }