You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
214 lines
7.1 KiB
214 lines
7.1 KiB
package light_test
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
dbm "github.com/tendermint/tm-db"
|
|
|
|
"github.com/tendermint/tendermint/libs/log"
|
|
"github.com/tendermint/tendermint/light"
|
|
"github.com/tendermint/tendermint/light/provider"
|
|
mockp "github.com/tendermint/tendermint/light/provider/mock"
|
|
dbs "github.com/tendermint/tendermint/light/store/db"
|
|
"github.com/tendermint/tendermint/types"
|
|
)
|
|
|
|
func TestLightClientAttackEvidence_Lunatic(t *testing.T) {
|
|
// primary performs a lunatic attack
|
|
var (
|
|
latestHeight = int64(10)
|
|
valSize = 5
|
|
divergenceHeight = int64(6)
|
|
primaryHeaders = make(map[int64]*types.SignedHeader, latestHeight)
|
|
primaryValidators = make(map[int64]*types.ValidatorSet, latestHeight)
|
|
)
|
|
|
|
witnessHeaders, witnessValidators, chainKeys := genMockNodeWithKeys(chainID, latestHeight, valSize, 2, bTime)
|
|
witness := mockp.New(chainID, witnessHeaders, witnessValidators)
|
|
forgedKeys := chainKeys[divergenceHeight-1].ChangeKeys(3) // we change 3 out of the 5 validators (still 2/5 remain)
|
|
forgedVals := forgedKeys.ToValidators(2, 0)
|
|
|
|
for height := int64(1); height <= latestHeight; height++ {
|
|
if height < divergenceHeight {
|
|
primaryHeaders[height] = witnessHeaders[height]
|
|
primaryValidators[height] = witnessValidators[height]
|
|
continue
|
|
}
|
|
primaryHeaders[height] = forgedKeys.GenSignedHeader(chainID, height, bTime.Add(time.Duration(height)*time.Minute),
|
|
nil, forgedVals, forgedVals, hash("app_hash"), hash("cons_hash"), hash("results_hash"), 0, len(forgedKeys))
|
|
primaryValidators[height] = forgedVals
|
|
}
|
|
primary := mockp.New(chainID, primaryHeaders, primaryValidators)
|
|
|
|
c, err := light.NewClient(
|
|
ctx,
|
|
chainID,
|
|
light.TrustOptions{
|
|
Period: 4 * time.Hour,
|
|
Height: 1,
|
|
Hash: primaryHeaders[1].Hash(),
|
|
},
|
|
primary,
|
|
[]provider.Provider{witness},
|
|
dbs.New(dbm.NewMemDB(), chainID),
|
|
light.Logger(log.TestingLogger()),
|
|
light.MaxRetryAttempts(1),
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
// Check verification returns an error.
|
|
_, err = c.VerifyLightBlockAtHeight(ctx, 10, bTime.Add(1*time.Hour))
|
|
if assert.Error(t, err) {
|
|
assert.Contains(t, err.Error(), "does not match primary")
|
|
}
|
|
|
|
// Check evidence was sent to both full nodes.
|
|
evAgainstPrimary := &types.LightClientAttackEvidence{
|
|
// after the divergence height the valset doesn't change so we expect the evidence to be for height 10
|
|
ConflictingBlock: &types.LightBlock{
|
|
SignedHeader: primaryHeaders[10],
|
|
ValidatorSet: primaryValidators[10],
|
|
},
|
|
CommonHeight: 4,
|
|
}
|
|
assert.True(t, witness.HasEvidence(evAgainstPrimary))
|
|
|
|
evAgainstWitness := &types.LightClientAttackEvidence{
|
|
// when forming evidence against witness we learn that the canonical chain continued to change validator sets
|
|
// hence the conflicting block is at 7
|
|
ConflictingBlock: &types.LightBlock{
|
|
SignedHeader: witnessHeaders[7],
|
|
ValidatorSet: witnessValidators[7],
|
|
},
|
|
CommonHeight: 4,
|
|
}
|
|
assert.True(t, primary.HasEvidence(evAgainstWitness))
|
|
}
|
|
|
|
func TestLightClientAttackEvidence_Equivocation(t *testing.T) {
|
|
// primary performs an equivocation attack
|
|
var (
|
|
latestHeight = int64(10)
|
|
valSize = 5
|
|
divergenceHeight = int64(6)
|
|
primaryHeaders = make(map[int64]*types.SignedHeader, latestHeight)
|
|
primaryValidators = make(map[int64]*types.ValidatorSet, latestHeight)
|
|
)
|
|
// validators don't change in this network (however we still use a map just for convenience)
|
|
witnessHeaders, witnessValidators, chainKeys := genMockNodeWithKeys(chainID, latestHeight+2, valSize, 2, bTime)
|
|
witness := mockp.New(chainID, witnessHeaders, witnessValidators)
|
|
|
|
for height := int64(1); height <= latestHeight; height++ {
|
|
if height < divergenceHeight {
|
|
primaryHeaders[height] = witnessHeaders[height]
|
|
primaryValidators[height] = witnessValidators[height]
|
|
continue
|
|
}
|
|
// we don't have a network partition so we will make 4/5 (greater than 2/3) malicious and vote again for
|
|
// a different block (which we do by adding txs)
|
|
primaryHeaders[height] = chainKeys[height].GenSignedHeader(chainID, height,
|
|
bTime.Add(time.Duration(height)*time.Minute), []types.Tx{[]byte("abcd")},
|
|
witnessValidators[height], witnessValidators[height+1], hash("app_hash"),
|
|
hash("cons_hash"), hash("results_hash"), 0, len(chainKeys[height])-1)
|
|
primaryValidators[height] = witnessValidators[height]
|
|
}
|
|
primary := mockp.New(chainID, primaryHeaders, primaryValidators)
|
|
|
|
c, err := light.NewClient(
|
|
ctx,
|
|
chainID,
|
|
light.TrustOptions{
|
|
Period: 4 * time.Hour,
|
|
Height: 1,
|
|
Hash: primaryHeaders[1].Hash(),
|
|
},
|
|
primary,
|
|
[]provider.Provider{witness},
|
|
dbs.New(dbm.NewMemDB(), chainID),
|
|
light.Logger(log.TestingLogger()),
|
|
light.MaxRetryAttempts(1),
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
// Check verification returns an error.
|
|
_, err = c.VerifyLightBlockAtHeight(ctx, 10, bTime.Add(1*time.Hour))
|
|
if assert.Error(t, err) {
|
|
assert.Contains(t, err.Error(), "does not match primary")
|
|
}
|
|
|
|
// Check evidence was sent to both full nodes.
|
|
// Common height should be set to the height of the divergent header in the instance
|
|
// of an equivocation attack and the validator sets are the same as what the witness has
|
|
evAgainstPrimary := &types.LightClientAttackEvidence{
|
|
ConflictingBlock: &types.LightBlock{
|
|
SignedHeader: primaryHeaders[divergenceHeight],
|
|
ValidatorSet: primaryValidators[divergenceHeight],
|
|
},
|
|
CommonHeight: divergenceHeight,
|
|
}
|
|
assert.True(t, witness.HasEvidence(evAgainstPrimary))
|
|
|
|
evAgainstWitness := &types.LightClientAttackEvidence{
|
|
ConflictingBlock: &types.LightBlock{
|
|
SignedHeader: witnessHeaders[divergenceHeight],
|
|
ValidatorSet: witnessValidators[divergenceHeight],
|
|
},
|
|
CommonHeight: divergenceHeight,
|
|
}
|
|
assert.True(t, primary.HasEvidence(evAgainstWitness))
|
|
}
|
|
|
|
func TestClientDivergentTraces(t *testing.T) {
|
|
primary := mockp.New(genMockNode(chainID, 10, 5, 2, bTime))
|
|
firstBlock, err := primary.LightBlock(ctx, 1)
|
|
require.NoError(t, err)
|
|
witness := mockp.New(genMockNode(chainID, 10, 5, 2, bTime))
|
|
|
|
c, err := light.NewClient(
|
|
ctx,
|
|
chainID,
|
|
light.TrustOptions{
|
|
Height: 1,
|
|
Hash: firstBlock.Hash(),
|
|
Period: 4 * time.Hour,
|
|
},
|
|
primary,
|
|
[]provider.Provider{witness},
|
|
dbs.New(dbm.NewMemDB(), chainID),
|
|
light.Logger(log.TestingLogger()),
|
|
light.MaxRetryAttempts(1),
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
// 1. Different nodes therefore a divergent header is produced but the
|
|
// light client can't verify it because it has a different trusted header.
|
|
_, err = c.VerifyLightBlockAtHeight(ctx, 10, bTime.Add(1*time.Hour))
|
|
assert.Error(t, err)
|
|
assert.Equal(t, 0, len(c.Witnesses()))
|
|
|
|
// 2. Two out of three nodes don't respond but the third has a header that matches
|
|
// verification should be successful and all the witnesses should remain
|
|
|
|
c, err = light.NewClient(
|
|
ctx,
|
|
chainID,
|
|
light.TrustOptions{
|
|
Height: 1,
|
|
Hash: firstBlock.Hash(),
|
|
Period: 4 * time.Hour,
|
|
},
|
|
primary,
|
|
[]provider.Provider{deadNode, deadNode, primary},
|
|
dbs.New(dbm.NewMemDB(), chainID),
|
|
light.Logger(log.TestingLogger()),
|
|
light.MaxRetryAttempts(1),
|
|
)
|
|
require.NoError(t, err)
|
|
_, err = c.VerifyLightBlockAtHeight(ctx, 10, bTime.Add(1*time.Hour))
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, 3, len(c.Witnesses()))
|
|
}
|