package types
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/tendermint/tendermint/crypto"
|
|
cryptoenc "github.com/tendermint/tendermint/crypto/encoding"
|
|
"github.com/tendermint/tendermint/crypto/merkle"
|
|
"github.com/tendermint/tendermint/crypto/tmhash"
|
|
tmjson "github.com/tendermint/tendermint/libs/json"
|
|
tmmath "github.com/tendermint/tendermint/libs/math"
|
|
tmproto "github.com/tendermint/tendermint/proto/tendermint/types"
|
|
)
|
|
|
|
const (
|
|
// MaxEvidenceBytes is a maximum size of any evidence (including amino overhead).
|
|
MaxEvidenceBytes int64 = 444
|
|
|
|
// An invalid field in the header from LunaticValidatorEvidence.
|
|
// Must be a function of the ABCI application state.
|
|
ValidatorsHashField = "ValidatorsHash"
|
|
NextValidatorsHashField = "NextValidatorsHash"
|
|
ConsensusHashField = "ConsensusHash"
|
|
AppHashField = "AppHash"
|
|
LastResultsHashField = "LastResultsHash"
|
|
)
|
|
|
|
// ErrEvidenceInvalid wraps a piece of evidence and the error denoting how or why it is invalid.
|
|
type ErrEvidenceInvalid struct {
|
|
Evidence Evidence
|
|
ErrorValue error
|
|
}
|
|
|
|
// NewErrEvidenceInvalid returns a new EvidenceInvalid with the given err.
|
|
func NewErrEvidenceInvalid(ev Evidence, err error) *ErrEvidenceInvalid {
|
|
return &ErrEvidenceInvalid{ev, err}
|
|
}
|
|
|
|
// Error returns a string representation of the error.
|
|
func (err *ErrEvidenceInvalid) Error() string {
|
|
return fmt.Sprintf("Invalid evidence: %v. Evidence: %v", err.ErrorValue, err.Evidence)
|
|
}
|
|
|
|
// ErrEvidenceOverflow is for when there is too much evidence in a block.
|
|
type ErrEvidenceOverflow struct {
|
|
MaxNum int
|
|
GotNum int
|
|
}
|
|
|
|
// NewErrEvidenceOverflow returns a new ErrEvidenceOverflow where got > max.
|
|
func NewErrEvidenceOverflow(max, got int) *ErrEvidenceOverflow {
|
|
return &ErrEvidenceOverflow{max, got}
|
|
}
|
|
|
|
// Error returns a string representation of the error.
|
|
func (err *ErrEvidenceOverflow) Error() string {
|
|
return fmt.Sprintf("Too much evidence: Max %d, got %d", err.MaxNum, err.GotNum)
|
|
}
|
|
|
|
//-------------------------------------------
|
|
|
|
// Evidence represents any provable malicious activity by a validator.
|
|
type Evidence interface {
|
|
Height() int64 // height of the equivocation
|
|
Time() time.Time // time of the equivocation
|
|
Address() []byte // address of the equivocating validator
|
|
Bytes() []byte // bytes which comprise the evidence
|
|
Hash() []byte // hash of the evidence
|
|
Verify(chainID string, pubKey crypto.PubKey) error // verify the evidence
|
|
Equal(Evidence) bool // check equality of evidence
|
|
|
|
ValidateBasic() error
|
|
String() string
|
|
}
|
|
|
|
type CompositeEvidence interface {
|
|
VerifyComposite(committedHeader *Header, valSet *ValidatorSet) error
|
|
Split(committedHeader *Header, valSet *ValidatorSet, valToLastHeight map[string]int64) []Evidence
|
|
}
|
|
|
|
func EvidenceToProto(evidence Evidence) (*tmproto.Evidence, error) {
|
|
if evidence == nil {
|
|
return nil, errors.New("nil evidence")
|
|
}
|
|
|
|
switch evi := evidence.(type) {
|
|
case *DuplicateVoteEvidence:
|
|
pbevi := evi.ToProto()
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_DuplicateVoteEvidence{
|
|
DuplicateVoteEvidence: &pbevi,
|
|
},
|
|
}
|
|
return tp, nil
|
|
case ConflictingHeadersEvidence:
|
|
pbevi := evi.ToProto()
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_ConflictingHeadersEvidence{
|
|
ConflictingHeadersEvidence: &pbevi,
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
case *ConflictingHeadersEvidence:
|
|
pbevi := evi.ToProto()
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_ConflictingHeadersEvidence{
|
|
ConflictingHeadersEvidence: &pbevi,
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
case *LunaticValidatorEvidence:
|
|
pbevi := evi.ToProto()
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_LunaticValidatorEvidence{
|
|
LunaticValidatorEvidence: &pbevi,
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
case LunaticValidatorEvidence:
|
|
pbevi := evi.ToProto()
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_LunaticValidatorEvidence{
|
|
LunaticValidatorEvidence: &pbevi,
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
case *PhantomValidatorEvidence:
|
|
pbevi := evi.ToProto()
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_PhantomValidatorEvidence{
|
|
PhantomValidatorEvidence: &pbevi,
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
case PhantomValidatorEvidence:
|
|
pbevi := evi.ToProto()
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_PhantomValidatorEvidence{
|
|
PhantomValidatorEvidence: &pbevi,
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
case *PotentialAmnesiaEvidence:
|
|
pbevi := evi.ToProto()
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_PotentialAmnesiaEvidence{
|
|
PotentialAmnesiaEvidence: &pbevi,
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
case PotentialAmnesiaEvidence:
|
|
pbevi := evi.ToProto()
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_PotentialAmnesiaEvidence{
|
|
PotentialAmnesiaEvidence: &pbevi,
|
|
},
|
|
}
|
|
return tp, nil
|
|
|
|
case AmnesiaEvidence:
|
|
return AmnesiaEvidenceToProto(evi)
|
|
|
|
case *AmnesiaEvidence:
|
|
return AmnesiaEvidenceToProto(*evi)
|
|
|
|
case MockEvidence:
|
|
if err := evi.ValidateBasic(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_MockEvidence{
|
|
MockEvidence: &tmproto.MockEvidence{
|
|
EvidenceHeight: evi.Height(),
|
|
EvidenceTime: evi.Time(),
|
|
EvidenceAddress: evi.Address(),
|
|
},
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
case MockRandomEvidence:
|
|
if err := evi.ValidateBasic(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_MockRandomEvidence{
|
|
MockRandomEvidence: &tmproto.MockRandomEvidence{
|
|
EvidenceHeight: evi.Height(),
|
|
EvidenceTime: evi.Time(),
|
|
EvidenceAddress: evi.Address(),
|
|
RandBytes: evi.randBytes,
|
|
},
|
|
},
|
|
}
|
|
return tp, nil
|
|
default:
|
|
return nil, fmt.Errorf("toproto: evidence is not recognized: %T", evi)
|
|
}
|
|
}
|
|
|
|
func EvidenceFromProto(evidence *tmproto.Evidence) (Evidence, error) {
|
|
if evidence == nil {
|
|
return nil, errors.New("nil evidence")
|
|
}
|
|
|
|
switch evi := evidence.Sum.(type) {
|
|
case *tmproto.Evidence_DuplicateVoteEvidence:
|
|
return DuplicateVoteEvidenceFromProto(evi.DuplicateVoteEvidence)
|
|
case *tmproto.Evidence_ConflictingHeadersEvidence:
|
|
return ConflictingHeadersEvidenceFromProto(evi.ConflictingHeadersEvidence)
|
|
case *tmproto.Evidence_LunaticValidatorEvidence:
|
|
return LunaticValidatorEvidenceFromProto(evi.LunaticValidatorEvidence)
|
|
case *tmproto.Evidence_PotentialAmnesiaEvidence:
|
|
return PotentialAmnesiaEvidenceFromProto(evi.PotentialAmnesiaEvidence)
|
|
case *tmproto.Evidence_AmnesiaEvidence:
|
|
return AmensiaEvidenceFromProto(evi.AmnesiaEvidence)
|
|
case *tmproto.Evidence_PhantomValidatorEvidence:
|
|
return PhantomValidatorEvidenceFromProto(evi.PhantomValidatorEvidence)
|
|
case *tmproto.Evidence_MockEvidence:
|
|
me := MockEvidence{
|
|
EvidenceHeight: evi.MockEvidence.GetEvidenceHeight(),
|
|
EvidenceAddress: evi.MockEvidence.GetEvidenceAddress(),
|
|
EvidenceTime: evi.MockEvidence.GetEvidenceTime(),
|
|
}
|
|
return me, me.ValidateBasic()
|
|
case *tmproto.Evidence_MockRandomEvidence:
|
|
mre := MockRandomEvidence{
|
|
MockEvidence: MockEvidence{
|
|
EvidenceHeight: evi.MockRandomEvidence.GetEvidenceHeight(),
|
|
EvidenceAddress: evi.MockRandomEvidence.GetEvidenceAddress(),
|
|
EvidenceTime: evi.MockRandomEvidence.GetEvidenceTime(),
|
|
},
|
|
randBytes: evi.MockRandomEvidence.RandBytes,
|
|
}
|
|
return mre, mre.ValidateBasic()
|
|
default:
|
|
return nil, errors.New("evidence is not recognized")
|
|
}
|
|
}
|
|
|
|
func init() {
|
|
tmjson.RegisterType(&DuplicateVoteEvidence{}, "tendermint/DuplicateVoteEvidence")
|
|
tmjson.RegisterType(&ConflictingHeadersEvidence{}, "tendermint/ConflictingHeadersEvidence")
|
|
tmjson.RegisterType(&PhantomValidatorEvidence{}, "tendermint/PhantomValidatorEvidence")
|
|
tmjson.RegisterType(&LunaticValidatorEvidence{}, "tendermint/LunaticValidatorEvidence")
|
|
tmjson.RegisterType(&PotentialAmnesiaEvidence{}, "tendermint/PotentialAmnesiaEvidence")
|
|
tmjson.RegisterType(&AmnesiaEvidence{}, "tendermint/AmnesiaEvidence")
|
|
}
|
|
|
|
//-------------------------------------------
|
|
|
|
// DuplicateVoteEvidence contains evidence a validator signed two conflicting
|
|
// votes.
|
|
type DuplicateVoteEvidence struct {
|
|
VoteA *Vote `json:"vote_a"`
|
|
VoteB *Vote `json:"vote_b"`
|
|
}
|
|
|
|
var _ Evidence = &DuplicateVoteEvidence{}
|
|
|
|
// NewDuplicateVoteEvidence creates DuplicateVoteEvidence with right ordering given
|
|
// two conflicting votes. If one of the votes is nil, evidence returned is nil as well
|
|
func NewDuplicateVoteEvidence(vote1 *Vote, vote2 *Vote) *DuplicateVoteEvidence {
|
|
var voteA, voteB *Vote
|
|
if vote1 == nil || vote2 == nil {
|
|
return nil
|
|
}
|
|
if strings.Compare(vote1.BlockID.Key(), vote2.BlockID.Key()) == -1 {
|
|
voteA = vote1
|
|
voteB = vote2
|
|
} else {
|
|
voteA = vote2
|
|
voteB = vote1
|
|
}
|
|
return &DuplicateVoteEvidence{
|
|
VoteA: voteA,
|
|
VoteB: voteB,
|
|
}
|
|
}
|
|
|
|
// String returns a string representation of the evidence.
|
|
func (dve *DuplicateVoteEvidence) String() string {
|
|
return fmt.Sprintf("DuplicateVoteEvidence{VoteA: %v, VoteB: %v}", dve.VoteA, dve.VoteB)
|
|
|
|
}
|
|
|
|
// Height returns the height this evidence refers to.
|
|
func (dve *DuplicateVoteEvidence) Height() int64 {
|
|
return dve.VoteA.Height
|
|
}
|
|
|
|
// Time returns the time the evidence was created.
|
|
func (dve *DuplicateVoteEvidence) Time() time.Time {
|
|
return dve.VoteA.Timestamp
|
|
}
|
|
|
|
// Address returns the address of the validator.
|
|
func (dve *DuplicateVoteEvidence) Address() []byte {
|
|
return dve.VoteA.ValidatorAddress
|
|
}
|
|
|
|
// Hash returns the hash of the evidence.
|
|
func (dve *DuplicateVoteEvidence) Bytes() []byte {
|
|
pbe := dve.ToProto()
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return bz
|
|
}
|
|
|
|
// Hash returns the hash of the evidence.
|
|
func (dve *DuplicateVoteEvidence) Hash() []byte {
|
|
pbe := dve.ToProto()
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return tmhash.Sum(bz)
|
|
}
|
|
|
|
// Verify returns an error if the two votes aren't conflicting.
|
|
//
|
|
// To be conflicting, they must be from the same validator, for the same H/R/S,
|
|
// but for different blocks.
|
|
func (dve *DuplicateVoteEvidence) Verify(chainID string, pubKey crypto.PubKey) error {
|
|
// H/R/S must be the same
|
|
if dve.VoteA.Height != dve.VoteB.Height ||
|
|
dve.VoteA.Round != dve.VoteB.Round ||
|
|
dve.VoteA.Type != dve.VoteB.Type {
|
|
return fmt.Errorf("h/r/s does not match: %d/%d/%v vs %d/%d/%v",
|
|
dve.VoteA.Height, dve.VoteA.Round, dve.VoteA.Type,
|
|
dve.VoteB.Height, dve.VoteB.Round, dve.VoteB.Type)
|
|
}
|
|
|
|
// Address must be the same
|
|
if !bytes.Equal(dve.VoteA.ValidatorAddress, dve.VoteB.ValidatorAddress) {
|
|
return fmt.Errorf("validator addresses do not match: %X vs %X",
|
|
dve.VoteA.ValidatorAddress,
|
|
dve.VoteB.ValidatorAddress,
|
|
)
|
|
}
|
|
|
|
// Index must be the same
|
|
if dve.VoteA.ValidatorIndex != dve.VoteB.ValidatorIndex {
|
|
return fmt.Errorf(
|
|
"validator indices do not match: %d and %d",
|
|
dve.VoteA.ValidatorIndex,
|
|
dve.VoteB.ValidatorIndex,
|
|
)
|
|
}
|
|
|
|
// BlockIDs must be different
|
|
if dve.VoteA.BlockID.Equals(dve.VoteB.BlockID) {
|
|
return fmt.Errorf(
|
|
"block IDs are the same (%v) - not a real duplicate vote",
|
|
dve.VoteA.BlockID,
|
|
)
|
|
}
|
|
|
|
// pubkey must match address (this should already be true, sanity check)
|
|
addr := dve.VoteA.ValidatorAddress
|
|
if !bytes.Equal(pubKey.Address(), addr) {
|
|
return fmt.Errorf("address (%X) doesn't match pubkey (%v - %X)",
|
|
addr, pubKey, pubKey.Address())
|
|
}
|
|
va := dve.VoteA.ToProto()
|
|
vb := dve.VoteB.ToProto()
|
|
// Signatures must be valid
|
|
if !pubKey.VerifyBytes(VoteSignBytes(chainID, va), dve.VoteA.Signature) {
|
|
return fmt.Errorf("verifying VoteA: %w", ErrVoteInvalidSignature)
|
|
}
|
|
if !pubKey.VerifyBytes(VoteSignBytes(chainID, vb), dve.VoteB.Signature) {
|
|
return fmt.Errorf("verifying VoteB: %w", ErrVoteInvalidSignature)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Equal checks if two pieces of evidence are equal.
|
|
func (dve *DuplicateVoteEvidence) Equal(ev Evidence) bool {
|
|
if _, ok := ev.(*DuplicateVoteEvidence); !ok {
|
|
return false
|
|
}
|
|
pbdev := dve.ToProto()
|
|
bz, err := pbdev.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
var evbz []byte
|
|
if ev, ok := ev.(*DuplicateVoteEvidence); ok {
|
|
evpb := ev.ToProto()
|
|
evbz, err = evpb.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
|
|
// just check their hashes
|
|
dveHash := tmhash.Sum(bz)
|
|
evHash := tmhash.Sum(evbz)
|
|
return bytes.Equal(dveHash, evHash)
|
|
}
|
|
|
|
// ValidateBasic performs basic validation.
|
|
func (dve *DuplicateVoteEvidence) ValidateBasic() error {
|
|
if dve.VoteA == nil || dve.VoteB == nil {
|
|
return fmt.Errorf("one or both of the votes are empty %v, %v", dve.VoteA, dve.VoteB)
|
|
}
|
|
if err := dve.VoteA.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid VoteA: %w", err)
|
|
}
|
|
if err := dve.VoteB.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid VoteB: %w", err)
|
|
}
|
|
// Enforce Votes are lexicographically sorted on blockID
|
|
if strings.Compare(dve.VoteA.BlockID.Key(), dve.VoteB.BlockID.Key()) >= 0 {
|
|
return errors.New("duplicate votes in invalid order")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (dve DuplicateVoteEvidence) ToProto() tmproto.DuplicateVoteEvidence {
|
|
voteB := dve.VoteB.ToProto()
|
|
voteA := dve.VoteA.ToProto()
|
|
tp := tmproto.DuplicateVoteEvidence{
|
|
VoteA: voteA,
|
|
VoteB: voteB,
|
|
}
|
|
return tp
|
|
}
|
|
|
|
func DuplicateVoteEvidenceFromProto(pb *tmproto.DuplicateVoteEvidence) (*DuplicateVoteEvidence, error) {
|
|
if pb == nil {
|
|
return nil, errors.New("nil duplicate vote evidence")
|
|
}
|
|
|
|
vA, err := VoteFromProto(pb.VoteA)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
vB, err := VoteFromProto(pb.VoteB)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
dve := new(DuplicateVoteEvidence)
|
|
|
|
dve.VoteA = vA
|
|
dve.VoteB = vB
|
|
|
|
return dve, dve.ValidateBasic()
|
|
}
|
|
|
|
//-------------------------------------------
|
|
|
|
// EvidenceList is a list of Evidence. Evidences is not a word.
|
|
type EvidenceList []Evidence
|
|
|
|
// Hash returns the simple merkle root hash of the EvidenceList.
|
|
func (evl EvidenceList) Hash() []byte {
|
|
// These allocations are required because Evidence is not of type Bytes, and
|
|
// golang slices can't be typed cast. This shouldn't be a performance problem since
|
|
// the Evidence size is capped.
|
|
evidenceBzs := make([][]byte, len(evl))
|
|
for i := 0; i < len(evl); i++ {
|
|
evidenceBzs[i] = evl[i].Bytes()
|
|
}
|
|
return merkle.HashFromByteSlices(evidenceBzs)
|
|
}
|
|
|
|
func (evl EvidenceList) String() string {
|
|
s := ""
|
|
for _, e := range evl {
|
|
s += fmt.Sprintf("%s\t\t", e)
|
|
}
|
|
return s
|
|
}
|
|
|
|
// Has returns true if the evidence is in the EvidenceList.
|
|
func (evl EvidenceList) Has(evidence Evidence) bool {
|
|
for _, ev := range evl {
|
|
if ev.Equal(evidence) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
//-------------------------------------------
|
|
|
|
// ConflictingHeadersEvidence is primarily used by the light client when it
|
|
// observes two conflicting headers, both having 1/3+ of the voting power of
|
|
// the currently trusted validator set.
|
|
type ConflictingHeadersEvidence struct {
|
|
H1 *SignedHeader `json:"h_1"`
|
|
H2 *SignedHeader `json:"h_2"`
|
|
}
|
|
|
|
var _ Evidence = ConflictingHeadersEvidence{}
|
|
var _ CompositeEvidence = ConflictingHeadersEvidence{}
|
|
|
|
// Split breaks up eviddence into smaller chunks (one per validator except for
|
|
// PotentialAmnesiaEvidence): PhantomValidatorEvidence,
|
|
// LunaticValidatorEvidence, DuplicateVoteEvidence and
|
|
// PotentialAmnesiaEvidence.
|
|
//
|
|
// committedHeader - header at height H1.Height == H2.Height
|
|
// valSet - validator set at height H1.Height == H2.Height
|
|
// valToLastHeight - map between active validators and respective last heights
|
|
func (ev ConflictingHeadersEvidence) Split(committedHeader *Header, valSet *ValidatorSet,
|
|
valToLastHeight map[string]int64) []Evidence {
|
|
|
|
evList := make([]Evidence, 0)
|
|
|
|
var alternativeHeader *SignedHeader
|
|
if bytes.Equal(committedHeader.Hash(), ev.H1.Hash()) {
|
|
alternativeHeader = ev.H2
|
|
} else {
|
|
alternativeHeader = ev.H1
|
|
}
|
|
|
|
// If there are signers(alternativeHeader) that are not part of
|
|
// validators(committedHeader), they misbehaved as they are signing protocol
|
|
// messages in heights they are not validators => immediately slashable
|
|
// (#F4).
|
|
for i, sig := range alternativeHeader.Commit.Signatures {
|
|
if sig.Absent() {
|
|
continue
|
|
}
|
|
|
|
lastHeightValidatorWasInSet, ok := valToLastHeight[string(sig.ValidatorAddress)]
|
|
if !ok {
|
|
continue
|
|
}
|
|
|
|
if !valSet.HasAddress(sig.ValidatorAddress) {
|
|
evList = append(evList, &PhantomValidatorEvidence{
|
|
Vote: alternativeHeader.Commit.GetVote(int32(i)),
|
|
LastHeightValidatorWasInSet: lastHeightValidatorWasInSet,
|
|
})
|
|
}
|
|
}
|
|
|
|
// If ValidatorsHash, NextValidatorsHash, ConsensusHash, AppHash, and
|
|
// LastResultsHash in alternativeHeader are different (incorrect application
|
|
// state transition), then it is a lunatic misbehavior => immediately
|
|
// slashable (#F5).
|
|
var invalidField string
|
|
switch {
|
|
case !bytes.Equal(committedHeader.ValidatorsHash, alternativeHeader.ValidatorsHash):
|
|
invalidField = "ValidatorsHash"
|
|
case !bytes.Equal(committedHeader.NextValidatorsHash, alternativeHeader.NextValidatorsHash):
|
|
invalidField = "NextValidatorsHash"
|
|
case !bytes.Equal(committedHeader.ConsensusHash, alternativeHeader.ConsensusHash):
|
|
invalidField = "ConsensusHash"
|
|
case !bytes.Equal(committedHeader.AppHash, alternativeHeader.AppHash):
|
|
invalidField = "AppHash"
|
|
case !bytes.Equal(committedHeader.LastResultsHash, alternativeHeader.LastResultsHash):
|
|
invalidField = "LastResultsHash"
|
|
}
|
|
if invalidField != "" {
|
|
for i, sig := range alternativeHeader.Commit.Signatures {
|
|
if sig.Absent() {
|
|
continue
|
|
}
|
|
evList = append(evList, &LunaticValidatorEvidence{
|
|
Header: alternativeHeader.Header,
|
|
Vote: alternativeHeader.Commit.GetVote(int32(i)),
|
|
InvalidHeaderField: invalidField,
|
|
})
|
|
}
|
|
return evList
|
|
}
|
|
|
|
// Use the fact that signatures are sorted by ValidatorAddress.
|
|
var (
|
|
i = 0
|
|
j = 0
|
|
)
|
|
OUTER_LOOP:
|
|
for i < len(ev.H1.Commit.Signatures) {
|
|
sigA := ev.H1.Commit.Signatures[i]
|
|
if sigA.Absent() {
|
|
i++
|
|
continue
|
|
}
|
|
// FIXME: Replace with HasAddress once DuplicateVoteEvidence#PubKey is
|
|
// removed.
|
|
_, val := valSet.GetByAddress(sigA.ValidatorAddress)
|
|
if val == nil {
|
|
i++
|
|
continue
|
|
}
|
|
|
|
for j < len(ev.H2.Commit.Signatures) {
|
|
sigB := ev.H2.Commit.Signatures[j]
|
|
if sigB.Absent() {
|
|
j++
|
|
continue
|
|
}
|
|
|
|
switch bytes.Compare(sigA.ValidatorAddress, sigB.ValidatorAddress) {
|
|
case 0:
|
|
// if H1.Round == H2.Round, and some signers signed different precommit
|
|
// messages in both commits, then it is an equivocation misbehavior =>
|
|
// immediately slashable (#F1).
|
|
if ev.H1.Commit.Round == ev.H2.Commit.Round {
|
|
evList = append(evList, &DuplicateVoteEvidence{
|
|
VoteA: ev.H1.Commit.GetVote(int32(i)),
|
|
VoteB: ev.H2.Commit.GetVote(int32(j)),
|
|
})
|
|
} else {
|
|
// if H1.Round != H2.Round we need to run full detection procedure => not
|
|
// immediately slashable.
|
|
firstVote := ev.H1.Commit.GetVote(int32(i))
|
|
secondVote := ev.H2.Commit.GetVote(int32(j))
|
|
var newEv PotentialAmnesiaEvidence
|
|
if firstVote.Timestamp.Before(secondVote.Timestamp) {
|
|
newEv = PotentialAmnesiaEvidence{
|
|
VoteA: firstVote,
|
|
VoteB: secondVote,
|
|
}
|
|
} else {
|
|
newEv = PotentialAmnesiaEvidence{
|
|
VoteA: secondVote,
|
|
VoteB: firstVote,
|
|
}
|
|
}
|
|
// has the validator incorrectly voted for a previous round
|
|
if newEv.VoteA.Round > newEv.VoteB.Round {
|
|
evList = append(evList, MakeAmnesiaEvidence(newEv, EmptyPOLC()))
|
|
} else {
|
|
evList = append(evList, newEv)
|
|
}
|
|
}
|
|
|
|
i++
|
|
j++
|
|
continue OUTER_LOOP
|
|
case 1:
|
|
i++
|
|
continue OUTER_LOOP
|
|
case -1:
|
|
j++
|
|
}
|
|
}
|
|
}
|
|
|
|
return evList
|
|
}
|
|
|
|
func (ev ConflictingHeadersEvidence) Height() int64 { return ev.H1.Height }
|
|
|
|
// XXX: this is not the time of equivocation
|
|
func (ev ConflictingHeadersEvidence) Time() time.Time { return ev.H1.Time }
|
|
|
|
func (ev ConflictingHeadersEvidence) Address() []byte {
|
|
panic("use ConflictingHeadersEvidence#Split to split evidence into individual pieces")
|
|
}
|
|
|
|
func (ev ConflictingHeadersEvidence) Bytes() []byte {
|
|
pbe := ev.ToProto()
|
|
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return bz
|
|
}
|
|
|
|
func (ev ConflictingHeadersEvidence) Hash() []byte {
|
|
bz := make([]byte, tmhash.Size*2)
|
|
copy(bz[:tmhash.Size-1], ev.H1.Hash().Bytes())
|
|
copy(bz[tmhash.Size:], ev.H2.Hash().Bytes())
|
|
return tmhash.Sum(bz)
|
|
}
|
|
|
|
func (ev ConflictingHeadersEvidence) Verify(chainID string, _ crypto.PubKey) error {
|
|
panic("use ConflictingHeadersEvidence#VerifyComposite to verify composite evidence")
|
|
}
|
|
|
|
// VerifyComposite verifies that both headers belong to the same chain, same
|
|
// height and signed by 1/3+ of validators at height H1.Height == H2.Height.
|
|
func (ev ConflictingHeadersEvidence) VerifyComposite(committedHeader *Header, valSet *ValidatorSet) error {
|
|
var alternativeHeader *SignedHeader
|
|
switch {
|
|
case bytes.Equal(committedHeader.Hash(), ev.H1.Hash()):
|
|
alternativeHeader = ev.H2
|
|
case bytes.Equal(committedHeader.Hash(), ev.H2.Hash()):
|
|
alternativeHeader = ev.H1
|
|
default:
|
|
return errors.New("none of the headers are committed from this node's perspective")
|
|
}
|
|
|
|
// ChainID must be the same
|
|
if committedHeader.ChainID != alternativeHeader.ChainID {
|
|
return errors.New("alt header is from a different chain")
|
|
}
|
|
|
|
// Height must be the same
|
|
if committedHeader.Height != alternativeHeader.Height {
|
|
return errors.New("alt header is from a different height")
|
|
}
|
|
|
|
// Limit the number of signatures to avoid DoS attacks where a header
|
|
// contains too many signatures.
|
|
//
|
|
// Validator set size = 100 [node]
|
|
// Max validator set size = 100 * 2 = 200 [fork?]
|
|
maxNumValidators := valSet.Size() * 2
|
|
if len(alternativeHeader.Commit.Signatures) > maxNumValidators {
|
|
return fmt.Errorf("alt commit contains too many signatures: %d, expected no more than %d",
|
|
len(alternativeHeader.Commit.Signatures),
|
|
maxNumValidators)
|
|
}
|
|
|
|
// Header must be signed by at least 1/3+ of voting power of currently
|
|
// trusted validator set.
|
|
if err := valSet.VerifyCommitTrusting(
|
|
alternativeHeader.ChainID,
|
|
alternativeHeader.Commit,
|
|
tmmath.Fraction{Numerator: 1, Denominator: 3}); err != nil {
|
|
return fmt.Errorf("alt header does not have 1/3+ of voting power of our validator set: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (ev ConflictingHeadersEvidence) Equal(ev2 Evidence) bool {
|
|
switch e2 := ev2.(type) {
|
|
case ConflictingHeadersEvidence:
|
|
return bytes.Equal(ev.H1.Hash(), e2.H1.Hash()) && bytes.Equal(ev.H2.Hash(), e2.H2.Hash())
|
|
case *ConflictingHeadersEvidence:
|
|
return bytes.Equal(ev.H1.Hash(), e2.H1.Hash()) && bytes.Equal(ev.H2.Hash(), e2.H2.Hash())
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (ev ConflictingHeadersEvidence) ValidateBasic() error {
|
|
if ev.H1 == nil {
|
|
return errors.New("first header is missing")
|
|
}
|
|
|
|
if ev.H2 == nil {
|
|
return errors.New("second header is missing")
|
|
}
|
|
|
|
if err := ev.H1.ValidateBasic(ev.H1.ChainID); err != nil {
|
|
return fmt.Errorf("h1: %w", err)
|
|
}
|
|
if err := ev.H2.ValidateBasic(ev.H2.ChainID); err != nil {
|
|
return fmt.Errorf("h2: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (ev ConflictingHeadersEvidence) String() string {
|
|
return fmt.Sprintf("ConflictingHeadersEvidence{H1: %d#%X, H2: %d#%X}",
|
|
ev.H1.Height, ev.H1.Hash(),
|
|
ev.H2.Height, ev.H2.Hash())
|
|
}
|
|
|
|
func (ev ConflictingHeadersEvidence) ToProto() tmproto.ConflictingHeadersEvidence {
|
|
pbh1 := ev.H1.ToProto()
|
|
pbh2 := ev.H2.ToProto()
|
|
|
|
tp := tmproto.ConflictingHeadersEvidence{
|
|
H1: pbh1,
|
|
H2: pbh2,
|
|
}
|
|
return tp
|
|
}
|
|
|
|
func ConflictingHeadersEvidenceFromProto(pb *tmproto.ConflictingHeadersEvidence) (ConflictingHeadersEvidence, error) {
|
|
if pb == nil {
|
|
return ConflictingHeadersEvidence{}, errors.New("nil ConflictingHeadersEvidence")
|
|
}
|
|
h1, err := SignedHeaderFromProto(pb.H1)
|
|
if err != nil {
|
|
return ConflictingHeadersEvidence{}, fmt.Errorf("from proto err: %w", err)
|
|
}
|
|
h2, err := SignedHeaderFromProto(pb.H2)
|
|
if err != nil {
|
|
return ConflictingHeadersEvidence{}, fmt.Errorf("from proto err: %w", err)
|
|
}
|
|
|
|
tp := ConflictingHeadersEvidence{
|
|
H1: h1,
|
|
H2: h2,
|
|
}
|
|
|
|
return tp, tp.ValidateBasic()
|
|
}
|
|
|
|
//-------------------------------------------
|
|
|
|
type PhantomValidatorEvidence struct {
|
|
Vote *Vote `json:"vote"`
|
|
LastHeightValidatorWasInSet int64 `json:"last_height_validator_was_in_set"`
|
|
}
|
|
|
|
var _ Evidence = PhantomValidatorEvidence{}
|
|
|
|
func (e PhantomValidatorEvidence) Height() int64 {
|
|
return e.Vote.Height
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) Time() time.Time {
|
|
return e.Vote.Timestamp
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) Address() []byte {
|
|
return e.Vote.ValidatorAddress
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) Hash() []byte {
|
|
pbe := e.ToProto()
|
|
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return tmhash.Sum(bz)
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) Bytes() []byte {
|
|
pbe := e.ToProto()
|
|
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return bz
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) Verify(chainID string, pubKey crypto.PubKey) error {
|
|
|
|
v := e.Vote.ToProto()
|
|
if !pubKey.VerifyBytes(VoteSignBytes(chainID, v), e.Vote.Signature) {
|
|
return errors.New("invalid signature")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) Equal(ev Evidence) bool {
|
|
switch e2 := ev.(type) {
|
|
case PhantomValidatorEvidence:
|
|
return e.Vote.Height == e2.Vote.Height &&
|
|
bytes.Equal(e.Vote.ValidatorAddress, e2.Vote.ValidatorAddress)
|
|
case *PhantomValidatorEvidence:
|
|
return e.Vote.Height == e2.Vote.Height &&
|
|
bytes.Equal(e.Vote.ValidatorAddress, e2.Vote.ValidatorAddress)
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) ValidateBasic() error {
|
|
|
|
if e.Vote == nil {
|
|
return errors.New("empty vote")
|
|
}
|
|
|
|
if err := e.Vote.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid signature: %v", err)
|
|
}
|
|
|
|
if !e.Vote.BlockID.IsComplete() {
|
|
return errors.New("expected vote for block")
|
|
}
|
|
|
|
if e.LastHeightValidatorWasInSet <= 0 {
|
|
return errors.New("negative or zero LastHeightValidatorWasInSet")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) String() string {
|
|
return fmt.Sprintf("PhantomValidatorEvidence{%X voted at height %d}",
|
|
e.Vote.ValidatorAddress, e.Vote.Height)
|
|
}
|
|
|
|
func (e PhantomValidatorEvidence) ToProto() tmproto.PhantomValidatorEvidence {
|
|
vpb := e.Vote.ToProto()
|
|
|
|
tp := tmproto.PhantomValidatorEvidence{
|
|
Vote: vpb,
|
|
LastHeightValidatorWasInSet: e.LastHeightValidatorWasInSet,
|
|
}
|
|
|
|
return tp
|
|
}
|
|
|
|
func PhantomValidatorEvidenceFromProto(pb *tmproto.PhantomValidatorEvidence) (PhantomValidatorEvidence, error) {
|
|
if pb == nil {
|
|
return PhantomValidatorEvidence{}, errors.New("nil PhantomValidatorEvidence")
|
|
}
|
|
|
|
vpb, err := VoteFromProto(pb.Vote)
|
|
if err != nil {
|
|
return PhantomValidatorEvidence{}, err
|
|
}
|
|
|
|
tp := PhantomValidatorEvidence{
|
|
Vote: vpb,
|
|
LastHeightValidatorWasInSet: pb.LastHeightValidatorWasInSet,
|
|
}
|
|
|
|
return tp, tp.ValidateBasic()
|
|
}
|
|
|
|
//-------------------------------------------
|
|
|
|
type LunaticValidatorEvidence struct {
|
|
Header *Header `json:"header"`
|
|
Vote *Vote `json:"vote"`
|
|
InvalidHeaderField string `json:"invalid_header_field"`
|
|
}
|
|
|
|
var _ Evidence = LunaticValidatorEvidence{}
|
|
|
|
func (e LunaticValidatorEvidence) Height() int64 {
|
|
return e.Header.Height
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) Time() time.Time {
|
|
return e.Header.Time
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) Address() []byte {
|
|
return e.Vote.ValidatorAddress
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) Hash() []byte {
|
|
bz := make([]byte, tmhash.Size+crypto.AddressSize)
|
|
copy(bz[:tmhash.Size-1], e.Header.Hash().Bytes())
|
|
copy(bz[tmhash.Size:], e.Vote.ValidatorAddress.Bytes())
|
|
return tmhash.Sum(bz)
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) Bytes() []byte {
|
|
pbe := e.ToProto()
|
|
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return bz
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) Verify(chainID string, pubKey crypto.PubKey) error {
|
|
// chainID must be the same
|
|
if chainID != e.Header.ChainID {
|
|
return fmt.Errorf("chainID do not match: %s vs %s",
|
|
chainID,
|
|
e.Header.ChainID,
|
|
)
|
|
}
|
|
|
|
v := e.Vote.ToProto()
|
|
if !pubKey.VerifyBytes(VoteSignBytes(chainID, v), e.Vote.Signature) {
|
|
return errors.New("invalid signature")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) Equal(ev Evidence) bool {
|
|
switch e2 := ev.(type) {
|
|
case LunaticValidatorEvidence:
|
|
return bytes.Equal(e.Header.Hash(), e2.Header.Hash()) &&
|
|
bytes.Equal(e.Vote.ValidatorAddress, e2.Vote.ValidatorAddress)
|
|
case *LunaticValidatorEvidence:
|
|
return bytes.Equal(e.Header.Hash(), e2.Header.Hash()) &&
|
|
bytes.Equal(e.Vote.ValidatorAddress, e2.Vote.ValidatorAddress)
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) ValidateBasic() error {
|
|
if e.Header == nil {
|
|
return errors.New("empty header")
|
|
}
|
|
|
|
if e.Vote == nil {
|
|
return errors.New("empty vote")
|
|
}
|
|
|
|
if err := e.Header.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid header: %v", err)
|
|
}
|
|
|
|
if err := e.Vote.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid signature: %v", err)
|
|
}
|
|
|
|
if !e.Vote.BlockID.IsComplete() {
|
|
return errors.New("expected vote for block")
|
|
}
|
|
|
|
if e.Header.Height != e.Vote.Height {
|
|
return fmt.Errorf("header and vote have different heights: %d vs %d",
|
|
e.Header.Height,
|
|
e.Vote.Height,
|
|
)
|
|
}
|
|
|
|
switch e.InvalidHeaderField {
|
|
case "ValidatorsHash", "NextValidatorsHash", "ConsensusHash", "AppHash", "LastResultsHash":
|
|
return nil
|
|
default:
|
|
return errors.New("unknown invalid header field")
|
|
}
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) String() string {
|
|
return fmt.Sprintf("LunaticValidatorEvidence{%X voted for %d/%X, which contains invalid %s}",
|
|
e.Vote.ValidatorAddress, e.Header.Height, e.Header.Hash(), e.InvalidHeaderField)
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) VerifyHeader(committedHeader *Header) error {
|
|
matchErr := func(field string) error {
|
|
return fmt.Errorf("%s matches committed hash", field)
|
|
}
|
|
|
|
if committedHeader == nil {
|
|
return errors.New("committed header is nil")
|
|
}
|
|
|
|
switch e.InvalidHeaderField {
|
|
case ValidatorsHashField:
|
|
if bytes.Equal(committedHeader.ValidatorsHash, e.Header.ValidatorsHash) {
|
|
return matchErr(ValidatorsHashField)
|
|
}
|
|
case NextValidatorsHashField:
|
|
if bytes.Equal(committedHeader.NextValidatorsHash, e.Header.NextValidatorsHash) {
|
|
return matchErr(NextValidatorsHashField)
|
|
}
|
|
case ConsensusHashField:
|
|
if bytes.Equal(committedHeader.ConsensusHash, e.Header.ConsensusHash) {
|
|
return matchErr(ConsensusHashField)
|
|
}
|
|
case AppHashField:
|
|
if bytes.Equal(committedHeader.AppHash, e.Header.AppHash) {
|
|
return matchErr(AppHashField)
|
|
}
|
|
case LastResultsHashField:
|
|
if bytes.Equal(committedHeader.LastResultsHash, e.Header.LastResultsHash) {
|
|
return matchErr(LastResultsHashField)
|
|
}
|
|
default:
|
|
return errors.New("unknown InvalidHeaderField")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (e LunaticValidatorEvidence) ToProto() tmproto.LunaticValidatorEvidence {
|
|
h := e.Header.ToProto()
|
|
v := e.Vote.ToProto()
|
|
|
|
tp := tmproto.LunaticValidatorEvidence{
|
|
Header: h,
|
|
Vote: v,
|
|
InvalidHeaderField: e.InvalidHeaderField,
|
|
}
|
|
|
|
return tp
|
|
}
|
|
|
|
func LunaticValidatorEvidenceFromProto(pb *tmproto.LunaticValidatorEvidence) (*LunaticValidatorEvidence, error) {
|
|
if pb == nil {
|
|
return nil, errors.New("nil LunaticValidatorEvidence")
|
|
}
|
|
|
|
h, err := HeaderFromProto(pb.GetHeader())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
v, err := VoteFromProto(pb.GetVote())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tp := LunaticValidatorEvidence{
|
|
Header: &h,
|
|
Vote: v,
|
|
InvalidHeaderField: pb.InvalidHeaderField,
|
|
}
|
|
|
|
return &tp, tp.ValidateBasic()
|
|
}
|
|
|
|
//-------------------------------------------
|
|
|
|
// PotentialAmnesiaEvidence is constructed when a validator votes on two different blocks at different rounds
|
|
// in the same height. PotentialAmnesiaEvidence can then evolve into AmensiaEvidence if the indicted validator
|
|
// is incapable of providing the proof of lock change that validates voting twice in the allotted trial period.
|
|
// Heightstamp is used for each node to keep a track of how much time has passed so as to know when the trial period
|
|
// is finished and is set when the node first receives the evidence.
|
|
type PotentialAmnesiaEvidence struct {
|
|
VoteA *Vote `json:"vote_a"`
|
|
VoteB *Vote `json:"vote_b"`
|
|
|
|
HeightStamp int64
|
|
}
|
|
|
|
var _ Evidence = PotentialAmnesiaEvidence{}
|
|
|
|
func (e PotentialAmnesiaEvidence) Height() int64 {
|
|
return e.VoteA.Height
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) Time() time.Time {
|
|
return e.VoteA.Timestamp
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) Address() []byte {
|
|
return e.VoteA.ValidatorAddress
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) Hash() []byte {
|
|
pbe := e.ToProto()
|
|
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return tmhash.Sum(bz)
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) Bytes() []byte {
|
|
pbe := e.ToProto()
|
|
|
|
bz, err := pbe.Marshal()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return bz
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) Verify(chainID string, pubKey crypto.PubKey) error {
|
|
// pubkey must match address (this should already be true, sanity check)
|
|
addr := e.VoteA.ValidatorAddress
|
|
if !bytes.Equal(pubKey.Address(), addr) {
|
|
return fmt.Errorf("address (%X) doesn't match pubkey (%v - %X)",
|
|
addr, pubKey, pubKey.Address())
|
|
}
|
|
|
|
va := e.VoteA.ToProto()
|
|
vb := e.VoteB.ToProto()
|
|
|
|
// Signatures must be valid
|
|
if !pubKey.VerifyBytes(VoteSignBytes(chainID, va), e.VoteA.Signature) {
|
|
return fmt.Errorf("verifying VoteA: %w", ErrVoteInvalidSignature)
|
|
}
|
|
if !pubKey.VerifyBytes(VoteSignBytes(chainID, vb), e.VoteB.Signature) {
|
|
return fmt.Errorf("verifying VoteB: %w", ErrVoteInvalidSignature)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) Equal(ev Evidence) bool {
|
|
switch e2 := ev.(type) {
|
|
case PotentialAmnesiaEvidence:
|
|
return e.Height() == e2.Height() && e.VoteA.Round == e2.VoteA.Round && e.VoteB.Round == e2.VoteB.Round &&
|
|
bytes.Equal(e.Address(), e2.Address())
|
|
case *PotentialAmnesiaEvidence:
|
|
return e.Height() == e2.Height() && e.VoteA.Round == e2.VoteA.Round && e.VoteB.Round == e2.VoteB.Round &&
|
|
bytes.Equal(e.Address(), e2.Address())
|
|
default:
|
|
return false
|
|
}
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) ValidateBasic() error {
|
|
if e.VoteA == nil || e.VoteB == nil {
|
|
return fmt.Errorf("one or both of the votes are empty %v, %v", e.VoteA, e.VoteB)
|
|
}
|
|
if err := e.VoteA.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid VoteA: %v", err)
|
|
}
|
|
if err := e.VoteB.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid VoteB: %v", err)
|
|
}
|
|
|
|
// H/S must be the same
|
|
if e.VoteA.Height != e.VoteB.Height ||
|
|
e.VoteA.Type != e.VoteB.Type {
|
|
return fmt.Errorf("h/s do not match: %d/%v vs %d/%v",
|
|
e.VoteA.Height, e.VoteA.Type, e.VoteB.Height, e.VoteB.Type)
|
|
}
|
|
|
|
// Enforce that vote A came before vote B
|
|
if e.VoteA.Timestamp.After(e.VoteB.Timestamp) {
|
|
return fmt.Errorf("vote A should have a timestamp before vote B, but got %s > %s",
|
|
e.VoteA.Timestamp, e.VoteB.Timestamp)
|
|
}
|
|
|
|
// Address must be the same
|
|
if !bytes.Equal(e.VoteA.ValidatorAddress, e.VoteB.ValidatorAddress) {
|
|
return fmt.Errorf("validator addresses do not match: %X vs %X",
|
|
e.VoteA.ValidatorAddress,
|
|
e.VoteB.ValidatorAddress,
|
|
)
|
|
}
|
|
|
|
// Index must be the same
|
|
// https://github.com/tendermint/tendermint/issues/4619
|
|
if e.VoteA.ValidatorIndex != e.VoteB.ValidatorIndex {
|
|
return fmt.Errorf(
|
|
"duplicateVoteEvidence Error: Validator indices do not match. Got %d and %d",
|
|
e.VoteA.ValidatorIndex,
|
|
e.VoteB.ValidatorIndex,
|
|
)
|
|
}
|
|
|
|
// BlockIDs must be different
|
|
if e.VoteA.BlockID.Equals(e.VoteB.BlockID) {
|
|
return fmt.Errorf(
|
|
"block IDs are the same (%v) - not a real duplicate vote",
|
|
e.VoteA.BlockID,
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) String() string {
|
|
return fmt.Sprintf("PotentialAmnesiaEvidence{VoteA: %v, VoteB: %v}", e.VoteA, e.VoteB)
|
|
}
|
|
|
|
// Primed finds whether the PotentialAmnesiaEvidence is ready to be upgraded to Amnesia Evidence. It is decided if
|
|
// either the prosecuted node voted in the past or if the allocated trial period has expired without a proof of lock
|
|
// change having been provided.
|
|
func (e PotentialAmnesiaEvidence) Primed(trialPeriod, currentHeight int64) bool {
|
|
// voted in the past can be instantly punishable
|
|
if e.VoteA.Round > e.VoteB.Round {
|
|
return true
|
|
}
|
|
// has the trial period expired
|
|
if e.HeightStamp > 0 {
|
|
return e.HeightStamp+trialPeriod <= currentHeight
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (e PotentialAmnesiaEvidence) ToProto() tmproto.PotentialAmnesiaEvidence {
|
|
voteB := e.VoteB.ToProto()
|
|
voteA := e.VoteA.ToProto()
|
|
|
|
tp := tmproto.PotentialAmnesiaEvidence{
|
|
VoteA: voteA,
|
|
VoteB: voteB,
|
|
HeightStamp: e.HeightStamp,
|
|
}
|
|
|
|
return tp
|
|
}
|
|
|
|
// ------------------
|
|
|
|
// ProofOfLockChange (POLC) proves that a node followed the consensus protocol and voted for a precommit in two
|
|
// different rounds because the node received a majority of votes for a different block in the latter round. In cases of
|
|
// amnesia evidence, a suspected node will need ProofOfLockChange to prove that the node did not break protocol.
|
|
type ProofOfLockChange struct {
|
|
Votes []Vote `json:"votes"`
|
|
PubKey crypto.PubKey `json:"pubkey"`
|
|
}
|
|
|
|
// MakePOLCFromVoteSet can be used when a majority of prevotes or precommits for a block is seen
|
|
// that the node has itself not yet voted for in order to process the vote set into a proof of lock change
|
|
func MakePOLCFromVoteSet(voteSet *VoteSet, pubKey crypto.PubKey, blockID BlockID) (ProofOfLockChange, error) {
|
|
polc := makePOLCFromVoteSet(voteSet, pubKey, blockID)
|
|
return polc, polc.ValidateBasic()
|
|
}
|
|
|
|
func makePOLCFromVoteSet(voteSet *VoteSet, pubKey crypto.PubKey, blockID BlockID) ProofOfLockChange {
|
|
var votes []Vote
|
|
valSetSize := voteSet.Size()
|
|
for valIdx := int32(0); int(valIdx) < valSetSize; valIdx++ {
|
|
vote := voteSet.GetByIndex(valIdx)
|
|
if vote != nil && vote.BlockID.Equals(blockID) {
|
|
votes = append(votes, *vote)
|
|
}
|
|
}
|
|
return ProofOfLockChange{
|
|
Votes: votes,
|
|
PubKey: pubKey,
|
|
}
|
|
}
|
|
|
|
// EmptyPOLC returns an empty polc. This is used when no polc has been provided in the allocated trial period time
|
|
// and the node now needs to move to upgrading to AmnesiaEvidence and hence uses an empty polc
|
|
func EmptyPOLC() ProofOfLockChange {
|
|
return ProofOfLockChange{
|
|
nil,
|
|
nil,
|
|
}
|
|
}
|
|
|
|
func (e ProofOfLockChange) Height() int64 {
|
|
return e.Votes[0].Height
|
|
}
|
|
|
|
// returns the time of the last vote
|
|
func (e ProofOfLockChange) Time() time.Time {
|
|
latest := e.Votes[0].Timestamp
|
|
for _, vote := range e.Votes {
|
|
if vote.Timestamp.After(latest) {
|
|
latest = vote.Timestamp
|
|
}
|
|
}
|
|
return latest
|
|
}
|
|
|
|
func (e ProofOfLockChange) Round() int32 {
|
|
return e.Votes[0].Round
|
|
}
|
|
|
|
func (e ProofOfLockChange) Address() []byte {
|
|
return e.PubKey.Address()
|
|
}
|
|
|
|
func (e ProofOfLockChange) BlockID() BlockID {
|
|
return e.Votes[0].BlockID
|
|
}
|
|
|
|
// ValidateVotes checks the polc against the validator set of that height. The function makes sure that the polc
|
|
// contains a majority of votes and that each
|
|
func (e ProofOfLockChange) ValidateVotes(valSet *ValidatorSet, chainID string) error {
|
|
if e.IsAbsent() {
|
|
return errors.New("polc is empty")
|
|
}
|
|
talliedVotingPower := int64(0)
|
|
votingPowerNeeded := valSet.TotalVotingPower() * 2 / 3
|
|
for _, vote := range e.Votes {
|
|
exists := false
|
|
for _, validator := range valSet.Validators {
|
|
if bytes.Equal(validator.Address, vote.ValidatorAddress) {
|
|
exists = true
|
|
v := vote.ToProto()
|
|
if !validator.PubKey.VerifyBytes(VoteSignBytes(chainID, v), vote.Signature) {
|
|
return fmt.Errorf("cannot verify vote (from validator: %d) against signature: %v",
|
|
vote.ValidatorIndex, vote.Signature)
|
|
}
|
|
|
|
talliedVotingPower += validator.VotingPower
|
|
}
|
|
}
|
|
if !exists {
|
|
return fmt.Errorf("vote was not from a validator in this set: %v", vote.String())
|
|
}
|
|
}
|
|
if talliedVotingPower <= votingPowerNeeded {
|
|
return ErrNotEnoughVotingPowerSigned{
|
|
Got: talliedVotingPower,
|
|
Needed: votingPowerNeeded + 1,
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (e ProofOfLockChange) Equal(e2 ProofOfLockChange) bool {
|
|
return bytes.Equal(e.Address(), e2.Address()) && e.Height() == e2.Height() &&
|
|
e.Round() == e2.Round()
|
|
}
|
|
|
|
func (e ProofOfLockChange) ValidateBasic() error {
|
|
// first check if the polc is absent / empty
|
|
if e.IsAbsent() {
|
|
return nil
|
|
}
|
|
|
|
if e.PubKey == nil {
|
|
return errors.New("missing public key")
|
|
}
|
|
// validate basic doesn't count the number of votes and their voting power, this is to be done by VerifyEvidence
|
|
if e.Votes == nil {
|
|
return errors.New("missing votes")
|
|
}
|
|
// height, round and vote type must be the same for all votes
|
|
height := e.Height()
|
|
round := e.Round()
|
|
if round == 0 {
|
|
return errors.New("can't have a polc for the first round")
|
|
}
|
|
voteType := e.Votes[0].Type
|
|
for idx, vote := range e.Votes {
|
|
if err := vote.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid vote#%d: %w", idx, err)
|
|
}
|
|
|
|
if vote.Height != height {
|
|
return fmt.Errorf("invalid height for vote#%d: %d instead of %d", idx, vote.Height, height)
|
|
}
|
|
|
|
if vote.Round != round {
|
|
return fmt.Errorf("invalid round for vote#%d: %d instead of %d", idx, vote.Round, round)
|
|
}
|
|
|
|
if vote.Type != voteType {
|
|
return fmt.Errorf("invalid vote type for vote#%d: %d instead of %d", idx, vote.Type, voteType)
|
|
}
|
|
|
|
if !vote.BlockID.Equals(e.BlockID()) {
|
|
return fmt.Errorf("vote must be for the same block id: %v instead of %v", e.BlockID(), vote.BlockID)
|
|
}
|
|
|
|
if bytes.Equal(vote.ValidatorAddress.Bytes(), e.PubKey.Address().Bytes()) {
|
|
return fmt.Errorf("vote validator address cannot be the same as the public key address: %X all votes %v",
|
|
vote.ValidatorAddress.Bytes(), e.PubKey.Address().Bytes())
|
|
}
|
|
|
|
for i := idx + 1; i < len(e.Votes); i++ {
|
|
if bytes.Equal(vote.ValidatorAddress.Bytes(), e.Votes[i].ValidatorAddress.Bytes()) {
|
|
return fmt.Errorf("duplicate votes: %v", vote)
|
|
}
|
|
}
|
|
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (e ProofOfLockChange) String() string {
|
|
if e.IsAbsent() {
|
|
return "Empty ProofOfLockChange"
|
|
}
|
|
return fmt.Sprintf("ProofOfLockChange {Address: %X, Height: %d, Round: %d", e.Address(), e.Height(),
|
|
e.Votes[0].Round)
|
|
}
|
|
|
|
// IsAbsent checks if the polc is empty
|
|
func (e ProofOfLockChange) IsAbsent() bool {
|
|
return e.Votes == nil && e.PubKey == nil
|
|
}
|
|
|
|
func (e *ProofOfLockChange) ToProto() (*tmproto.ProofOfLockChange, error) {
|
|
if e == nil {
|
|
return nil, errors.New("nil proof of lock change")
|
|
}
|
|
plc := new(tmproto.ProofOfLockChange)
|
|
vpb := make([]*tmproto.Vote, len(e.Votes))
|
|
|
|
// if absent create empty proto polc
|
|
if e.IsAbsent() {
|
|
return plc, nil
|
|
}
|
|
|
|
if e.Votes == nil {
|
|
return nil, errors.New("polc is not absent but has no votes")
|
|
}
|
|
for i, v := range e.Votes {
|
|
pb := v.ToProto()
|
|
if pb != nil {
|
|
vpb[i] = pb
|
|
}
|
|
}
|
|
|
|
pk, err := cryptoenc.PubKeyToProto(e.PubKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
plc.PubKey = &pk
|
|
plc.Votes = vpb
|
|
|
|
return plc, nil
|
|
}
|
|
|
|
// AmnesiaEvidence is the progression of PotentialAmnesiaEvidence and is used to prove an infringement of the
|
|
// Tendermint consensus when a validator incorrectly sends a vote in a later round without correctly changing the lock
|
|
type AmnesiaEvidence struct {
|
|
PotentialAmnesiaEvidence
|
|
Polc ProofOfLockChange
|
|
}
|
|
|
|
// Height, Time, Address and Verify functions are all inherited by the PotentialAmnesiaEvidence struct
|
|
var _ Evidence = &AmnesiaEvidence{}
|
|
var _ Evidence = AmnesiaEvidence{}
|
|
|
|
func MakeAmnesiaEvidence(pe PotentialAmnesiaEvidence, proof ProofOfLockChange) AmnesiaEvidence {
|
|
return AmnesiaEvidence{
|
|
pe,
|
|
proof,
|
|
}
|
|
}
|
|
|
|
func (e AmnesiaEvidence) Equal(ev Evidence) bool {
|
|
e2, ok := ev.(AmnesiaEvidence)
|
|
if !ok {
|
|
return false
|
|
}
|
|
return e.PotentialAmnesiaEvidence.Equal(e2.PotentialAmnesiaEvidence)
|
|
}
|
|
|
|
func (e AmnesiaEvidence) ValidateBasic() error {
|
|
if err := e.PotentialAmnesiaEvidence.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid potential amnesia evidence: %w", err)
|
|
}
|
|
if !e.Polc.IsAbsent() {
|
|
if err := e.Polc.ValidateBasic(); err != nil {
|
|
return fmt.Errorf("invalid proof of lock change: %w", err)
|
|
}
|
|
|
|
if !bytes.Equal(e.PotentialAmnesiaEvidence.Address(), e.Polc.Address()) {
|
|
return fmt.Errorf("validator addresses do not match (%X - %X)", e.PotentialAmnesiaEvidence.Address(),
|
|
e.Polc.Address())
|
|
}
|
|
|
|
if e.PotentialAmnesiaEvidence.Height() != e.Polc.Height() {
|
|
return fmt.Errorf("heights do not match (%d - %d)", e.PotentialAmnesiaEvidence.Height(),
|
|
e.Polc.Height())
|
|
}
|
|
|
|
if e.Polc.Round() <= e.VoteA.Round || e.Polc.Round() > e.VoteB.Round {
|
|
return fmt.Errorf("polc must be between %d and %d (inclusive)", e.VoteA.Round+1, e.VoteB.Round)
|
|
}
|
|
|
|
if !e.Polc.BlockID().Equals(e.PotentialAmnesiaEvidence.VoteB.BlockID) && !e.Polc.BlockID().IsZero() {
|
|
return fmt.Errorf("polc must be either for a nil block or for the same block as the second vote: %v != %v",
|
|
e.Polc.BlockID(), e.PotentialAmnesiaEvidence.VoteB.BlockID)
|
|
}
|
|
|
|
if e.Polc.Time().After(e.PotentialAmnesiaEvidence.VoteB.Timestamp) {
|
|
return fmt.Errorf("validator voted again before receiving a majority of votes for the new block: %v is after %v",
|
|
e.Polc.Time(), e.PotentialAmnesiaEvidence.VoteB.Timestamp)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ViolatedConsensus assess on the basis of the AmensiaEvidence whether the validator has violated the
|
|
// Tendermint consensus. Evidence must be validated first (see ValidateBasic).
|
|
// We are only interested in proving that the latter of the votes in terms of time was correctly done.
|
|
func (e AmnesiaEvidence) ViolatedConsensus() (bool, string) {
|
|
// a validator having voted cannot go back and vote on an earlier round
|
|
if e.PotentialAmnesiaEvidence.VoteA.Round > e.PotentialAmnesiaEvidence.VoteB.Round {
|
|
return true, "validator went back and voted on a previous round"
|
|
}
|
|
|
|
// if empty, then no proof was provided to defend the validators actions
|
|
if e.Polc.IsAbsent() {
|
|
return true, "no proof of lock was provided"
|
|
}
|
|
|
|
return false, ""
|
|
}
|
|
|
|
func (e AmnesiaEvidence) String() string {
|
|
return fmt.Sprintf("AmnesiaEvidence{ %v, polc: %v }", e.PotentialAmnesiaEvidence, e.Polc)
|
|
}
|
|
|
|
func ProofOfLockChangeFromProto(pb *tmproto.ProofOfLockChange) (*ProofOfLockChange, error) {
|
|
if pb == nil {
|
|
return nil, errors.New("nil proof of lock change")
|
|
}
|
|
|
|
plc := new(ProofOfLockChange)
|
|
|
|
// check if it is an empty polc
|
|
if pb.PubKey == nil && pb.Votes == nil {
|
|
return plc, nil
|
|
}
|
|
|
|
if pb.Votes == nil {
|
|
return nil, errors.New("proofOfLockChange: is not absent but has no votes")
|
|
}
|
|
|
|
vpb := make([]Vote, len(pb.Votes))
|
|
for i, v := range pb.Votes {
|
|
vi, err := VoteFromProto(v)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
vpb[i] = *vi
|
|
}
|
|
|
|
if pb.PubKey == nil {
|
|
return nil, errors.New("proofOfLockChange: is not abest but has nil PubKey")
|
|
}
|
|
pk, err := cryptoenc.PubKeyFromProto(*pb.PubKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
plc.PubKey = pk
|
|
plc.Votes = vpb
|
|
|
|
return plc, nil
|
|
}
|
|
|
|
func PotentialAmnesiaEvidenceFromProto(pb *tmproto.PotentialAmnesiaEvidence) (*PotentialAmnesiaEvidence, error) {
|
|
voteA, err := VoteFromProto(pb.GetVoteA())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
voteB, err := VoteFromProto(pb.GetVoteB())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
tp := PotentialAmnesiaEvidence{
|
|
VoteA: voteA,
|
|
VoteB: voteB,
|
|
HeightStamp: pb.GetHeightStamp(),
|
|
}
|
|
|
|
return &tp, tp.ValidateBasic()
|
|
}
|
|
|
|
func AmnesiaEvidenceToProto(evi AmnesiaEvidence) (*tmproto.Evidence, error) {
|
|
paepb := evi.PotentialAmnesiaEvidence.ToProto()
|
|
|
|
polc, err := evi.Polc.ToProto()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
tp := &tmproto.Evidence{
|
|
Sum: &tmproto.Evidence_AmnesiaEvidence{
|
|
AmnesiaEvidence: &tmproto.AmnesiaEvidence{
|
|
PotentialAmnesiaEvidence: &paepb,
|
|
Polc: polc,
|
|
},
|
|
},
|
|
}
|
|
|
|
return tp, nil
|
|
}
|
|
|
|
func AmensiaEvidenceFromProto(pb *tmproto.AmnesiaEvidence) (AmnesiaEvidence, error) {
|
|
if pb == nil {
|
|
return AmnesiaEvidence{}, errors.New("nil duplicate vote evidence")
|
|
}
|
|
|
|
pae, err := PotentialAmnesiaEvidenceFromProto(pb.PotentialAmnesiaEvidence)
|
|
if err != nil {
|
|
return AmnesiaEvidence{}, err
|
|
}
|
|
polc, err := ProofOfLockChangeFromProto(pb.Polc)
|
|
if err != nil {
|
|
return AmnesiaEvidence{}, err
|
|
}
|
|
|
|
tp := AmnesiaEvidence{
|
|
PotentialAmnesiaEvidence: *pae,
|
|
Polc: *polc,
|
|
}
|
|
|
|
return tp, tp.ValidateBasic()
|
|
}
|
|
|
|
//-----------------------------------------------------------------
|
|
|
|
// UNSTABLE
|
|
type MockRandomEvidence struct {
|
|
MockEvidence
|
|
randBytes []byte
|
|
}
|
|
|
|
var _ Evidence = &MockRandomEvidence{}
|
|
|
|
// UNSTABLE
|
|
func NewMockRandomEvidence(height int64, eTime time.Time, address []byte, randBytes []byte) MockRandomEvidence {
|
|
return MockRandomEvidence{
|
|
MockEvidence{
|
|
EvidenceHeight: height,
|
|
EvidenceTime: eTime,
|
|
EvidenceAddress: address}, randBytes,
|
|
}
|
|
}
|
|
|
|
func (e MockRandomEvidence) Hash() []byte {
|
|
return []byte(fmt.Sprintf("%d-%x", e.EvidenceHeight, e.randBytes))
|
|
}
|
|
|
|
func (e MockRandomEvidence) Equal(ev Evidence) bool { return false }
|
|
|
|
// UNSTABLE
|
|
type MockEvidence struct {
|
|
EvidenceHeight int64
|
|
EvidenceTime time.Time
|
|
EvidenceAddress []byte
|
|
}
|
|
|
|
var _ Evidence = &MockEvidence{}
|
|
|
|
// UNSTABLE
|
|
func NewMockEvidence(height int64, eTime time.Time, address []byte) MockEvidence {
|
|
return MockEvidence{
|
|
EvidenceHeight: height,
|
|
EvidenceTime: eTime,
|
|
EvidenceAddress: address,
|
|
}
|
|
}
|
|
|
|
func (e MockEvidence) Height() int64 { return e.EvidenceHeight }
|
|
func (e MockEvidence) Time() time.Time { return e.EvidenceTime }
|
|
func (e MockEvidence) Address() []byte { return e.EvidenceAddress }
|
|
func (e MockEvidence) Hash() []byte {
|
|
return []byte(fmt.Sprintf("%d-%x-%s",
|
|
e.EvidenceHeight, e.EvidenceAddress, e.EvidenceTime))
|
|
}
|
|
func (e MockEvidence) Bytes() []byte {
|
|
return []byte(fmt.Sprintf("%d-%x-%s",
|
|
e.EvidenceHeight, e.EvidenceAddress, e.EvidenceTime))
|
|
}
|
|
func (e MockEvidence) Verify(chainID string, pubKey crypto.PubKey) error { return nil }
|
|
func (e MockEvidence) Equal(ev Evidence) bool {
|
|
return e.EvidenceHeight == ev.Height() &&
|
|
bytes.Equal(e.EvidenceAddress, ev.Address())
|
|
}
|
|
func (e MockEvidence) ValidateBasic() error { return nil }
|
|
func (e MockEvidence) String() string {
|
|
return fmt.Sprintf("Evidence: %d/%s/%s", e.EvidenceHeight, e.Time(), e.EvidenceAddress)
|
|
}
|
|
|
|
// mock polc - fails validate basic, not stable
|
|
func NewMockPOLC(height int64, time time.Time, pubKey crypto.PubKey) ProofOfLockChange {
|
|
voteVal := NewMockPV()
|
|
pKey, _ := voteVal.GetPubKey()
|
|
vote := Vote{Type: tmproto.PrecommitType, Height: height, Round: 1, BlockID: BlockID{},
|
|
Timestamp: time, ValidatorAddress: pKey.Address(), ValidatorIndex: 1, Signature: []byte{}}
|
|
|
|
v := vote.ToProto()
|
|
if err := voteVal.SignVote("mock-chain-id", v); err != nil {
|
|
panic(err)
|
|
}
|
|
vote.Signature = v.Signature
|
|
|
|
return ProofOfLockChange{
|
|
Votes: []Vote{vote},
|
|
PubKey: pubKey,
|
|
}
|
|
}
|