absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 12:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Slash malevolent validators (#294)

Browse Source 
* add slash tx

* ignore unsigned tx replays

* verify that provided evidence is valid

* fix clippy + fmt

* move application tx handling to another module

* partially handle the tendermint txs

* fix pr comments

* support unsigned app txs

* add slash target to the votes

* enforce provided, unsigned, signed tx ordering within a block

* bug fixes

* add unit test for tendermint txs

* bug fixes

* update tests for tendermint txs

* add tx ordering test

* tidy up tx ordering test

* cargo +nightly fmt

* Misc fixes from rebasing

* Finish resolving clippy

* Remove sha3 from tendermint-machine

* Resolve a DoS in SlashEvidence's read

Also moves Evidence from Vec<Message> to (Message, Option<Message>). That
should meet all requirements while being a bit safer.

* Make lazy_static a dev-depend for tributary

* Various small tweaks

One use of sort was inefficient, sorting unsigned || signed when unsigned was
already properly sorted. Given how the unsigned TXs were given a nonce of 0, an
unstable sort may swap places with an unsigned TX and a signed TX with a nonce
of 0 (leading to a faulty block).

The extra protection added here sorts signed, then concats.

* Fix Tributary tests I broke, start review on tendermint/tx.rs

* Finish reviewing everything outside tests and empty_signature

* Remove empty_signature

empty_signature led to corrupted local state histories. Unfortunately, the API
is only sane with a signature.

We now use the actual signature, which risks creating a signature over a
malicious message if we have ever have an invariant producing malicious
messages. Prior, we only signed the message after the local machine confirmed
it was okay per the local view of consensus.

This is tolerated/preferred over a corrupt state history since production of
such messages is already an invariant. TODOs are added to make handling of this
theoretical invariant further robust.

* Remove async_sequential for tokio::test

There was no competition for resources forcing them to be run sequentially.

* Modify block order test to be statistically significant without multiple runs

* Clean tests

---------

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
This commit is contained in:
akildemir
2023-08-21 07:28:23 +03:00
committed by GitHub
parent 8973eb8ac4
commit 39ce819876
31 changed files with 2646 additions and 910 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
coordinator/tributary/src/block.rs
View File

@@ -1,6 +1,6 @@
use std::{
io,
collections::{VecDeque, HashMap},
collections::{VecDeque, HashSet, HashMap},
};
use thiserror::Error;
@@ -9,6 +9,16 @@ use blake2::{Digest, Blake2s256};
use ciphersuite::{Ciphersuite, Ristretto};
use tendermint::ext::{Network, Commit};
use crate::{
transaction::{
TransactionError, Signed, TransactionKind, Transaction as TransactionTrait, verify_transaction,
},
BLOCK_SIZE_LIMIT, ReadWrite, merkle, Transaction,
tendermint::tx::verify_tendermint_tx,
};
#[derive(Clone, PartialEq, Eq, Debug, Error)]
pub enum BlockError {
/// Block was too large.
@@ -20,9 +30,12 @@ pub enum BlockError {
/// Header specified an invalid transactions merkle tree hash.
#[error("header transactions hash is incorrect")]
InvalidTransactions,
/// A provided transaction was placed after a non-provided transaction.
#[error("a provided transaction was included after a non-provided transaction")]
ProvidedAfterNonProvided,
/// An unsigned transaction which was already added to the chain was present again.
#[error("an unsigned transaction which was already added to the chain was present again")]
UnsignedAlreadyIncluded,
/// Transactions weren't ordered as expected (Provided, followed by Unsigned, folowed by Signed).
#[error("transactions weren't ordered as expected (Provided, Unsigned, Signed)")]
WrongTransactionOrder,
/// The block had a provided transaction this validator has yet to be provided.
#[error("block had a provided transaction not yet locally provided: {0:?}")]
NonLocalProvided([u8; 32]),
@@ -34,11 +47,6 @@ pub enum BlockError {
TransactionError(TransactionError),
}
use crate::{
BLOCK_SIZE_LIMIT, ReadWrite, TransactionError, Signed, TransactionKind, Transaction, merkle,
verify_transaction,
};
#[derive(Clone, PartialEq, Eq, Debug)]
pub struct BlockHeader {
pub parent: [u8; 32],
@@ -66,12 +74,12 @@ impl BlockHeader {
}
#[derive(Clone, PartialEq, Eq, Debug)]
pub struct Block<T: Transaction> {
pub struct Block<T: TransactionTrait> {
pub header: BlockHeader,
pub transactions: Vec<T>,
pub transactions: Vec<Transaction<T>>,
}
impl<T: Transaction> ReadWrite for Block<T> {
impl<T: TransactionTrait> ReadWrite for Block<T> {
fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
let header = BlockHeader::read(reader)?;
@@ -81,7 +89,7 @@ impl<T: Transaction> ReadWrite for Block<T> {
let mut transactions = Vec::with_capacity(usize::try_from(txs).unwrap());
for _ in 0 .. txs {
transactions.push(T::read(reader)?);
transactions.push(Transaction::read(reader)?);
}
Ok(Block { header, transactions })
@@ -97,22 +105,33 @@ impl<T: Transaction> ReadWrite for Block<T> {
}
}
impl<T: Transaction> Block<T> {
impl<T: TransactionTrait> Block<T> {
/// Create a new block.
///
/// mempool is expected to only have valid, non-conflicting transactions.
pub(crate) fn new(parent: [u8; 32], provided: Vec<T>, mempool: Vec<T>) -> Self {
let mut txs = provided;
for tx in mempool {
assert!(
!matches!(tx.kind(), TransactionKind::Provided(_)),
"provided transaction entered mempool"
);
txs.push(tx);
/// mempool is expected to only have valid, non-conflicting transactions, sorted by nonce.
pub(crate) fn new(parent: [u8; 32], provided: Vec<T>, mempool: Vec<Transaction<T>>) -> Self {
let mut txs = vec![];
for tx in provided {
txs.push(Transaction::Application(tx))
}
let mut signed = vec![];
let mut unsigned = vec![];
for tx in mempool {
match tx.kind() {
TransactionKind::Signed(_) => signed.push(tx),
TransactionKind::Unsigned => unsigned.push(tx),
TransactionKind::Provided(_) => panic!("provided transaction entered mempool"),
}
}
// unsigned first
txs.extend(unsigned);
// then signed
txs.extend(signed);
// Check TXs are sorted by nonce.
let nonce = |tx: &T| {
let nonce = |tx: &Transaction<T>| {
if let TransactionKind::Signed(Signed { nonce, .. }) = tx.kind() {
*nonce
} else {
@@ -123,7 +142,7 @@ impl<T: Transaction> Block<T> {
for tx in &txs {
let nonce = nonce(tx);
if nonce < last {
panic!("failed to sort txs by nonce");
panic!("TXs in mempool weren't ordered by nonce");
}
last = nonce;
}
@@ -146,13 +165,33 @@ impl<T: Transaction> Block<T> {
self.header.hash()
}
pub(crate) fn verify(
#[allow(clippy::too_many_arguments)]
pub(crate) fn verify<N: Network>(
&self,
genesis: [u8; 32],
last_block: [u8; 32],
mut locally_provided: HashMap<&'static str, VecDeque<T>>,
mut next_nonces: HashMap<<Ristretto as Ciphersuite>::G, u32>,
schema: N::SignatureScheme,
commit: impl Fn(u32) -> Option<Commit<N::SignatureScheme>>,
unsigned_in_chain: impl Fn([u8; 32]) -> bool,
) -> Result<(), BlockError> {
#[derive(Clone, Copy, PartialEq, Eq, Debug)]
enum Order {
Provided,
Unsigned,
Signed,
}
impl From<Order> for u8 {
fn from(order: Order) -> u8 {
match order {
Order::Provided => 0,
Order::Unsigned => 1,
Order::Signed => 2,
}
}
}
if self.serialize().len() > BLOCK_SIZE_LIMIT {
Err(BlockError::TooLargeBlock)?;
}
@@ -161,33 +200,66 @@ impl<T: Transaction> Block<T> {
Err(BlockError::InvalidParent)?;
}
let mut found_non_provided = false;
let mut last_tx_order = Order::Provided;
let mut included_in_block = HashSet::new();
let mut txs = Vec::with_capacity(self.transactions.len());
for tx in self.transactions.iter() {
txs.push(tx.hash());
let tx_hash = tx.hash();
txs.push(tx_hash);
if let TransactionKind::Provided(order) = tx.kind() {
if found_non_provided {
Err(BlockError::ProvidedAfterNonProvided)?;
let current_tx_order = match tx.kind() {
TransactionKind::Provided(order) => {
let Some(local) = locally_provided.get_mut(order).and_then(|deque| deque.pop_front())
else {
Err(BlockError::NonLocalProvided(txs.pop().unwrap()))?
};
// Since this was a provided TX, it must be an application TX
let Transaction::Application(tx) = tx else {
Err(BlockError::NonLocalProvided(txs.pop().unwrap()))?
};
if tx != &local {
Err(BlockError::DistinctProvided)?;
}
Order::Provided
}
TransactionKind::Unsigned => {
// check we don't already have the tx in the chain
if unsigned_in_chain(tx_hash) || included_in_block.contains(&tx_hash) {
Err(BlockError::UnsignedAlreadyIncluded)?;
}
included_in_block.insert(tx_hash);
let Some(local) = locally_provided.get_mut(order).and_then(|deque| deque.pop_front())
else {
Err(BlockError::NonLocalProvided(txs.pop().unwrap()))?
};
if tx != &local {
Err(BlockError::DistinctProvided)?;
Order::Unsigned
}
TransactionKind::Signed(..) => Order::Signed,
};
// enforce Provided => Unsigned => Signed order
if u8::from(current_tx_order) < u8::from(last_tx_order) {
Err(BlockError::WrongTransactionOrder)?;
}
last_tx_order = current_tx_order;
if current_tx_order == Order::Provided {
// We don't need to call verify_transaction since we did when we locally provided this
// transaction. Since it's identical, it must be valid
continue;
}
found_non_provided = true;
match verify_transaction(tx, genesis, &mut next_nonces) {
Ok(()) => {}
Err(e) => Err(BlockError::TransactionError(e))?,
// TODO: should we modify the verify_transaction to take `Transaction<T>` or
// use this pattern of verifying tendermint Txs and app txs differently?
match tx {
Transaction::Tendermint(tx) => {
match verify_tendermint_tx::<N>(tx, genesis, schema.clone(), &commit) {
Ok(()) => {}
Err(e) => Err(BlockError::TransactionError(e))?,
}
}
Transaction::Application(tx) => match verify_transaction(tx, genesis, &mut next_nonces) {
Ok(()) => {}
Err(e) => Err(BlockError::TransactionError(e))?,
},
}
}

100
coordinator/tributary/src/blockchain.rs
View File

@@ -4,13 +4,17 @@ use ciphersuite::{group::GroupEncoding, Ciphersuite, Ristretto};
use serai_db::{DbTxn, Db};
use scale::Decode;
use tendermint::ext::{Network, Commit};
use crate::{
ReadWrite, Signed, TransactionKind, Transaction, ProvidedError, ProvidedTransactions, BlockError,
Block, Mempool,
ReadWrite, ProvidedError, ProvidedTransactions, BlockError, Block, Mempool, Transaction,
transaction::{Signed, TransactionKind, Transaction as TransactionTrait},
};
#[derive(Clone, PartialEq, Eq, Debug)]
pub(crate) struct Blockchain<D: Db, T: Transaction> {
pub(crate) struct Blockchain<D: Db, T: TransactionTrait> {
db: Option<D>,
genesis: [u8; 32],
@@ -22,7 +26,7 @@ pub(crate) struct Blockchain<D: Db, T: Transaction> {
mempool: Mempool<D, T>,
}
impl<D: Db, T: Transaction> Blockchain<D, T> {
impl<D: Db, T: TransactionTrait> Blockchain<D, T> {
fn tip_key(&self) -> Vec<u8> {
D::key(b"tributary_blockchain", b"tip", self.genesis)
}
@@ -32,12 +36,18 @@ impl<D: Db, T: Transaction> Blockchain<D, T> {
fn block_key(genesis: &[u8], hash: &[u8; 32]) -> Vec<u8> {
D::key(b"tributary_blockchain", b"block", [genesis, hash].concat())
}
fn block_hash_key(genesis: &[u8], block_number: u32) -> Vec<u8> {
D::key(b"tributary_blockchain", b"block_hash", [genesis, &block_number.to_le_bytes()].concat())
}
fn commit_key(genesis: &[u8], hash: &[u8; 32]) -> Vec<u8> {
D::key(b"tributary_blockchain", b"commit", [genesis, hash].concat())
}
fn block_after_key(genesis: &[u8], hash: &[u8; 32]) -> Vec<u8> {
D::key(b"tributary_blockchain", b"block_after", [genesis, hash].concat())
}
fn unsigned_included_key(genesis: &[u8], hash: &[u8; 32]) -> Vec<u8> {
D::key(b"tributary_blockchain", b"unsigned_included", [genesis, hash].concat())
}
fn next_nonce_key(&self, signer: &<Ristretto as Ciphersuite>::G) -> Vec<u8> {
D::key(
b"tributary_blockchain",
@@ -102,16 +112,46 @@ impl<D: Db, T: Transaction> Blockchain<D, T> {
db.get(Self::commit_key(&genesis, block))
}
pub(crate) fn block_hash_from_db(db: &D, genesis: [u8; 32], block: u32) -> Option<[u8; 32]> {
db.get(Self::block_hash_key(&genesis, block)).map(|h| h.try_into().unwrap())
}
pub(crate) fn commit(&self, block: &[u8; 32]) -> Option<Vec<u8>> {
Self::commit_from_db(self.db.as_ref().unwrap(), self.genesis, block)
}
pub(crate) fn block_hash(&self, block: u32) -> Option<[u8; 32]> {
Self::block_hash_from_db(self.db.as_ref().unwrap(), self.genesis, block)
}
pub(crate) fn commit_by_block_number(&self, block: u32) -> Option<Vec<u8>> {
self.commit(&self.block_hash(block)?)
}
pub(crate) fn block_after(db: &D, genesis: [u8; 32], block: &[u8; 32]) -> Option<[u8; 32]> {
db.get(Self::block_after_key(&genesis, block)).map(|bytes| bytes.try_into().unwrap())
}
pub(crate) fn add_transaction(&mut self, internal: bool, tx: T) -> bool {
self.mempool.add(&self.next_nonces, internal, tx)
pub(crate) fn add_transaction<N: Network>(
&mut self,
internal: bool,
tx: Transaction<T>,
schema: N::SignatureScheme,
) -> bool {
let db = self.db.as_ref().unwrap();
let genesis = self.genesis;
let commit = |block: u32| -> Option<Commit<N::SignatureScheme>> {
let hash = Self::block_hash_from_db(db, genesis, block)?;
// we must have a commit per valid hash
let commit = Self::commit_from_db(db, genesis, &hash).unwrap();
// commit has to be valid if it is coming from our db
Some(Commit::<N::SignatureScheme>::decode(&mut commit.as_ref()).unwrap())
};
let unsigned_in_chain =
|hash: [u8; 32]| db.get(Self::unsigned_included_key(&self.genesis, &hash)).is_some();
self.mempool.add::<N>(&self.next_nonces, internal, tx, schema, unsigned_in_chain, commit)
}
pub(crate) fn provide_transaction(&mut self, tx: T) -> Result<(), ProvidedError> {
@@ -123,29 +163,53 @@ impl<D: Db, T: Transaction> Blockchain<D, T> {
Some(self.next_nonces.get(&key).cloned()?.max(self.mempool.next_nonce(&key).unwrap_or(0)))
}
pub(crate) fn build_block(&mut self) -> Block<T> {
pub(crate) fn build_block<N: Network>(&mut self, schema: N::SignatureScheme) -> Block<T> {
let db = self.db.as_ref().unwrap();
let unsigned_in_chain =
|hash: [u8; 32]| db.get(Self::unsigned_included_key(&self.genesis, &hash)).is_some();
let block = Block::new(
self.tip,
self.provided.transactions.values().flatten().cloned().collect(),
self.mempool.block(&self.next_nonces),
self.mempool.block(&self.next_nonces, unsigned_in_chain),
);
// build_block should not return invalid blocks
self.verify_block(&block).unwrap();
self.verify_block::<N>(&block, schema).unwrap();
block
}
pub(crate) fn verify_block(&self, block: &Block<T>) -> Result<(), BlockError> {
block.verify(
pub(crate) fn verify_block<N: Network>(
&self,
block: &Block<T>,
schema: N::SignatureScheme,
) -> Result<(), BlockError> {
let db = self.db.as_ref().unwrap();
let unsigned_in_chain =
|hash: [u8; 32]| db.get(Self::unsigned_included_key(&self.genesis, &hash)).is_some();
let commit = |block: u32| -> Option<Commit<N::SignatureScheme>> {
let commit = self.commit_by_block_number(block)?;
// commit has to be valid if it is coming from our db
Some(Commit::<N::SignatureScheme>::decode(&mut commit.as_ref()).unwrap())
};
block.verify::<N>(
self.genesis,
self.tip,
self.provided.transactions.clone(),
self.next_nonces.clone(),
schema,
&commit,
unsigned_in_chain,
)
}
/// Add a block.
pub(crate) fn add_block(&mut self, block: &Block<T>, commit: Vec<u8>) -> Result<(), BlockError> {
self.verify_block(block)?;
pub(crate) fn add_block<N: Network>(
&mut self,
block: &Block<T>,
commit: Vec<u8>,
schema: N::SignatureScheme,
) -> Result<(), BlockError> {
self.verify_block::<N>(block, schema)?;
log::info!(
"adding block {} to tributary {} with {} TXs",
@@ -167,6 +231,8 @@ impl<D: Db, T: Transaction> Blockchain<D, T> {
self.block_number += 1;
txn.put(self.block_number_key(), self.block_number.to_le_bytes());
txn.put(Self::block_hash_key(&self.genesis, self.block_number), self.tip);
txn.put(Self::block_key(&self.genesis, &self.tip), block.serialize());
txn.put(Self::commit_key(&self.genesis, &self.tip), commit);
@@ -177,7 +243,13 @@ impl<D: Db, T: Transaction> Blockchain<D, T> {
TransactionKind::Provided(order) => {
self.provided.complete(&mut txn, order, tx.hash());
}
TransactionKind::Unsigned => {}
TransactionKind::Unsigned => {
let hash = tx.hash();
// Save as included on chain
txn.put(Self::unsigned_included_key(&self.genesis, &hash), []);
// remove from the mempool
self.mempool.remove(&hash);
}
TransactionKind::Signed(Signed { signer, nonce, .. }) => {
let next_nonce = nonce + 1;
let prev = self

89
coordinator/tributary/src/lib.rs
View File

@@ -22,8 +22,10 @@ use tokio::sync::RwLock;
mod merkle;
pub(crate) use merkle::*;
mod transaction;
pub use transaction::*;
pub mod transaction;
pub use transaction::{TransactionError, Signed, TransactionKind, Transaction as TransactionTrait};
use crate::tendermint::tx::TendermintTx;
mod provided;
pub(crate) use provided::*;
@@ -38,7 +40,7 @@ pub(crate) use blockchain::*;
mod mempool;
pub(crate) use mempool::*;
mod tendermint;
pub mod tendermint;
pub(crate) use crate::tendermint::*;
#[cfg(any(test, feature = "tests"))]
@@ -57,6 +59,59 @@ pub(crate) const TENDERMINT_MESSAGE: u8 = 0;
pub(crate) const BLOCK_MESSAGE: u8 = 1;
pub(crate) const TRANSACTION_MESSAGE: u8 = 2;
#[allow(clippy::large_enum_variant)]
#[derive(Clone, PartialEq, Eq, Debug)]
pub enum Transaction<T: TransactionTrait> {
Tendermint(TendermintTx),
Application(T),
}
impl<T: TransactionTrait> ReadWrite for Transaction<T> {
fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
let mut kind = [0];
reader.read_exact(&mut kind)?;
match kind[0] {
0 => {
let tx = TendermintTx::read(reader)?;
Ok(Transaction::Tendermint(tx))
}
1 => {
let tx = T::read(reader)?;
Ok(Transaction::Application(tx))
}
_ => Err(io::Error::new(io::ErrorKind::Other, "invalid transaction type")),
}
}
fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
match self {
Transaction::Tendermint(tx) => {
writer.write_all(&[0])?;
tx.write(writer)
}
Transaction::Application(tx) => {
writer.write_all(&[1])?;
tx.write(writer)
}
}
}
}
impl<T: TransactionTrait> Transaction<T> {
pub fn hash(&self) -> [u8; 32] {
match self {
Transaction::Tendermint(tx) => tx.hash(),
Transaction::Application(tx) => tx.hash(),
}
}
pub fn kind(&self) -> TransactionKind<'_> {
match self {
Transaction::Tendermint(tx) => tx.kind(),
Transaction::Application(tx) => tx.kind(),
}
}
}
/// An item which can be read and written.
pub trait ReadWrite: Sized {
fn read<R: io::Read>(reader: &mut R) -> io::Result<Self>;
@@ -83,7 +138,7 @@ impl<P: P2p> P2p for Arc<P> {
}
#[derive(Clone)]
pub struct Tributary<D: Db, T: Transaction, P: P2p> {
pub struct Tributary<D: Db, T: TransactionTrait, P: P2p> {
db: D,
genesis: [u8; 32],
@@ -94,7 +149,7 @@ pub struct Tributary<D: Db, T: Transaction, P: P2p> {
messages: Arc<RwLock<MessageSender<TendermintNetwork<D, T, P>>>>,
}
impl<D: Db, T: Transaction, P: P2p> Tributary<D, T, P> {
impl<D: Db, T: TransactionTrait, P: P2p> Tributary<D, T, P> {
pub async fn new(
db: D,
genesis: [u8; 32],
@@ -118,7 +173,9 @@ impl<D: Db, T: Transaction, P: P2p> Tributary<D, T, P> {
} else {
start_time
};
let proposal = TendermintBlock(blockchain.build_block().serialize());
let proposal = TendermintBlock(
blockchain.build_block::<TendermintNetwork<D, T, P>>(validators.clone()).serialize(),
);
let blockchain = Arc::new(RwLock::new(blockchain));
let network = TendermintNetwork { genesis, signer, validators, blockchain, p2p };
@@ -168,9 +225,14 @@ impl<D: Db, T: Transaction, P: P2p> Tributary<D, T, P> {
// Safe to be &self since the only meaningful usage of self is self.network.blockchain which
// successfully acquires its own write lock
pub async fn add_transaction(&self, tx: T) -> bool {
let tx = Transaction::Application(tx);
let mut to_broadcast = vec![TRANSACTION_MESSAGE];
tx.write(&mut to_broadcast).unwrap();
let res = self.network.blockchain.write().await.add_transaction(true, tx);
let res = self.network.blockchain.write().await.add_transaction::<TendermintNetwork<D, T, P>>(
true,
tx,
self.network.signature_scheme(),
);
if res {
self.network.p2p.broadcast(self.genesis, to_broadcast).await;
}
@@ -218,14 +280,19 @@ impl<D: Db, T: Transaction, P: P2p> Tributary<D, T, P> {
pub async fn handle_message(&mut self, msg: &[u8]) -> bool {
match msg.first() {
Some(&TRANSACTION_MESSAGE) => {
let Ok(tx) = T::read::<&[u8]>(&mut &msg[1 ..]) else {
let Ok(tx) = Transaction::read::<&[u8]>(&mut &msg[1 ..]) else {
log::error!("received invalid transaction message");
return false;
};
// TODO: Sync mempools with fellow peers
// Can we just rebroadcast transactions not included for at least two blocks?
let res = self.network.blockchain.write().await.add_transaction(false, tx);
let res =
self.network.blockchain.write().await.add_transaction::<TendermintNetwork<D, T, P>>(
false,
tx,
self.network.signature_scheme(),
);
log::debug!("received transaction message. valid new transaction: {res}");
res
}
@@ -261,8 +328,8 @@ impl<D: Db, T: Transaction, P: P2p> Tributary<D, T, P> {
}
#[derive(Clone)]
pub struct TributaryReader<D: Db, T: Transaction>(D, [u8; 32], PhantomData<T>);
impl<D: Db, T: Transaction> TributaryReader<D, T> {
pub struct TributaryReader<D: Db, T: TransactionTrait>(D, [u8; 32], PhantomData<T>);
impl<D: Db, T: TransactionTrait> TributaryReader<D, T> {
pub fn genesis(&self) -> [u8; 32] {
self.1
}

221
coordinator/tributary/src/mempool.rs
View File

@@ -4,18 +4,25 @@ use ciphersuite::{Ciphersuite, Ristretto};
use serai_db::{DbTxn, Db};
use crate::{ACCOUNT_MEMPOOL_LIMIT, Signed, TransactionKind, Transaction, verify_transaction};
use tendermint::ext::{Network, Commit};
use crate::{
ACCOUNT_MEMPOOL_LIMIT, ReadWrite,
transaction::{Signed, TransactionKind, Transaction as TransactionTrait, verify_transaction},
tendermint::tx::verify_tendermint_tx,
Transaction,
};
#[derive(Clone, PartialEq, Eq, Debug)]
pub(crate) struct Mempool<D: Db, T: Transaction> {
pub(crate) struct Mempool<D: Db, T: TransactionTrait> {
db: D,
genesis: [u8; 32],
txs: HashMap<[u8; 32], T>,
txs: HashMap<[u8; 32], Transaction<T>>,
next_nonces: HashMap<<Ristretto as Ciphersuite>::G, u32>,
}
impl<D: Db, T: Transaction> Mempool<D, T> {
impl<D: Db, T: TransactionTrait> Mempool<D, T> {
fn transaction_key(&self, hash: &[u8]) -> Vec<u8> {
D::key(b"tributary_mempool", b"transaction", [self.genesis.as_ref(), hash].concat())
}
@@ -23,90 +30,141 @@ impl<D: Db, T: Transaction> Mempool<D, T> {
D::key(b"tributary_mempool", b"current", self.genesis)
}
// save given tx to the mempool db
fn save_tx(&mut self, tx: Transaction<T>) {
let tx_hash = tx.hash();
let transaction_key = self.transaction_key(&tx_hash);
let current_mempool_key = self.current_mempool_key();
let mut current_mempool = self.db.get(&current_mempool_key).unwrap_or(vec![]);
let mut txn = self.db.txn();
txn.put(transaction_key, tx.serialize());
current_mempool.extend(tx_hash);
txn.put(current_mempool_key, current_mempool);
txn.commit();
self.txs.insert(tx_hash, tx);
}
fn unsigned_already_exist(
&self,
hash: [u8; 32],
unsigned_in_chain: impl Fn([u8; 32]) -> bool,
) -> bool {
unsigned_in_chain(hash) || self.txs.contains_key(&hash)
}
pub(crate) fn new(db: D, genesis: [u8; 32]) -> Self {
let mut res = Mempool { db, genesis, txs: HashMap::new(), next_nonces: HashMap::new() };
let current_mempool = res.db.get(res.current_mempool_key()).unwrap_or(vec![]);
let mut hash = [0; 32];
let mut i = 0;
while i < current_mempool.len() {
hash.copy_from_slice(&current_mempool[i .. (i + 32)]);
let tx =
T::read::<&[u8]>(&mut res.db.get(res.transaction_key(&hash)).unwrap().as_ref()).unwrap();
match tx.kind() {
TransactionKind::Signed(Signed { signer, nonce, .. }) => {
if let Some(prev) = res.next_nonces.insert(*signer, nonce + 1) {
// These mempool additions should've been ordered
assert!(prev < *nonce);
for hash in current_mempool.chunks(32) {
let hash: [u8; 32] = hash.try_into().unwrap();
let tx: Transaction<T> =
Transaction::read::<&[u8]>(&mut res.db.get(res.transaction_key(&hash)).unwrap().as_ref())
.unwrap();
debug_assert_eq!(tx.hash(), hash);
match tx {
Transaction::Tendermint(tx) => {
res.txs.insert(hash, Transaction::Tendermint(tx));
}
Transaction::Application(tx) => {
match tx.kind() {
TransactionKind::Signed(Signed { signer, nonce, .. }) => {
if let Some(prev) = res.next_nonces.insert(*signer, nonce + 1) {
// These mempool additions should've been ordered
debug_assert!(prev < *nonce);
}
res.txs.insert(hash, Transaction::Application(tx));
}
TransactionKind::Unsigned => {
res.txs.insert(hash, Transaction::Application(tx));
}
_ => panic!("mempool database had a provided transaction"),
}
}
_ => panic!("mempool database had a non-signed transaction"),
}
debug_assert_eq!(tx.hash(), hash);
res.txs.insert(hash, tx);
i += 32;
}
res
}
/// Returns true if this is a valid, new transaction.
pub(crate) fn add(
pub(crate) fn add<N: Network>(
&mut self,
blockchain_next_nonces: &HashMap<<Ristretto as Ciphersuite>::G, u32>,
internal: bool,
tx: T,
tx: Transaction<T>,
schema: N::SignatureScheme,
unsigned_in_chain: impl Fn([u8; 32]) -> bool,
commit: impl Fn(u32) -> Option<Commit<N::SignatureScheme>>,
) -> bool {
match tx.kind() {
TransactionKind::Signed(Signed { signer, nonce, .. }) => {
// Get the nonce from the blockchain
let Some(blockchain_next_nonce) = blockchain_next_nonces.get(signer).cloned() else {
// Not a participant
return false;
};
match &tx {
Transaction::Tendermint(tendermint_tx) => {
// All Tendermint transactions should be unsigned
assert_eq!(TransactionKind::Unsigned, tendermint_tx.kind());
// If the blockchain's nonce is greater than the mempool's, use it
// Default to true so if the mempool hasn't tracked this nonce yet, it'll be inserted
let mut blockchain_is_greater = true;
if let Some(mempool_next_nonce) = self.next_nonces.get(signer) {
blockchain_is_greater = blockchain_next_nonce > *mempool_next_nonce;
}
if blockchain_is_greater {
self.next_nonces.insert(*signer, blockchain_next_nonce);
}
// If we have too many transactions from this sender, don't add this yet UNLESS we are
// this sender
if !internal && (nonce >= &(blockchain_next_nonce + ACCOUNT_MEMPOOL_LIMIT)) {
// check we have the tx in the pool/chain
if self.unsigned_already_exist(tx.hash(), unsigned_in_chain) {
return false;
}
if verify_transaction(&tx, self.genesis, &mut self.next_nonces).is_err() {
// verify the tx
if verify_tendermint_tx::<N>(tendermint_tx, self.genesis, schema, commit).is_err() {
return false;
}
assert_eq!(self.next_nonces[signer], nonce + 1);
let tx_hash = tx.hash();
let transaction_key = self.transaction_key(&tx_hash);
let current_mempool_key = self.current_mempool_key();
let mut current_mempool = self.db.get(&current_mempool_key).unwrap_or(vec![]);
let mut txn = self.db.txn();
txn.put(transaction_key, tx.serialize());
current_mempool.extend(tx_hash);
txn.put(current_mempool_key, current_mempool);
txn.commit();
self.txs.insert(tx_hash, tx);
true
}
_ => false,
Transaction::Application(app_tx) => {
match app_tx.kind() {
TransactionKind::Signed(Signed { signer, nonce, .. }) => {
// Get the nonce from the blockchain
let Some(blockchain_next_nonce) = blockchain_next_nonces.get(signer).cloned() else {
// Not a participant
return false;
};
// If the blockchain's nonce is greater than the mempool's, use it
// Default to true so if the mempool hasn't tracked this nonce yet, it'll be inserted
let mut blockchain_is_greater = true;
if let Some(mempool_next_nonce) = self.next_nonces.get(signer) {
blockchain_is_greater = blockchain_next_nonce > *mempool_next_nonce;
}
if blockchain_is_greater {
self.next_nonces.insert(*signer, blockchain_next_nonce);
}
// If we have too many transactions from this sender, don't add this yet UNLESS we are
// this sender
if !internal && (nonce >= &(blockchain_next_nonce + ACCOUNT_MEMPOOL_LIMIT)) {
return false;
}
if verify_transaction(app_tx, self.genesis, &mut self.next_nonces).is_err() {
return false;
}
debug_assert_eq!(self.next_nonces[signer], nonce + 1);
}
TransactionKind::Unsigned => {
// check we have the tx in the pool/chain
if self.unsigned_already_exist(tx.hash(), unsigned_in_chain) {
return false;
}
if app_tx.verify().is_err() {
return false;
}
}
TransactionKind::Provided(_) => return false,
}
}
}
// Save the TX to the pool
self.save_tx(tx);
true
}
// Returns None if the mempool doesn't have a nonce tracked.
@@ -118,10 +176,13 @@ impl<D: Db, T: Transaction> Mempool<D, T> {
pub(crate) fn block(
&mut self,
blockchain_next_nonces: &HashMap<<Ristretto as Ciphersuite>::G, u32>,
) -> Vec<T> {
let mut res = vec![];
unsigned_in_chain: impl Fn([u8; 32]) -> bool,
) -> Vec<Transaction<T>> {
let mut unsigned = vec![];
let mut signed = vec![];
for hash in self.txs.keys().cloned().collect::<Vec<_>>() {
let tx = &self.txs[&hash];
// Verify this hasn't gone stale
match tx.kind() {
TransactionKind::Signed(Signed { signer, nonce, .. }) => {
@@ -129,25 +190,35 @@ impl<D: Db, T: Transaction> Mempool<D, T> {
self.remove(&hash);
continue;
}
}
_ => panic!("non-signed transaction entered mempool"),
}
// Since this TX isn't stale, include it
res.push(tx.clone());
// Since this TX isn't stale, include it
signed.push(tx.clone());
}
TransactionKind::Unsigned => {
if unsigned_in_chain(hash) {
self.remove(&hash);
continue;
}
unsigned.push(tx.clone());
}
_ => panic!("provided transaction entered mempool"),
}
}
// Sort res by nonce.
let nonce = |tx: &T| {
// Sort signed by nonce
let nonce = |tx: &Transaction<T>| {
if let TransactionKind::Signed(Signed { nonce, .. }) = tx.kind() {
*nonce
} else {
0
unreachable!()
}
};
res.sort_by(|a, b| nonce(a).partial_cmp(&nonce(b)).unwrap());
signed.sort_by(|a, b| nonce(a).partial_cmp(&nonce(b)).unwrap());
res
// unsigned first, then signed.
unsigned.append(&mut signed);
unsigned
}
/// Remove a transaction from the mempool.
@@ -177,7 +248,7 @@ impl<D: Db, T: Transaction> Mempool<D, T> {
}
#[cfg(test)]
pub(crate) fn txs(&self) -> &HashMap<[u8; 32], T> {
pub(crate) fn txs(&self) -> &HashMap<[u8; 32], Transaction<T>> {
&self.txs
}
}

2
coordinator/tributary/src/provided.rs
View File

@@ -4,7 +4,7 @@ use thiserror::Error;
use serai_db::{Get, DbTxn, Db};
use crate::{TransactionKind, TransactionError, Transaction, verify_transaction};
use crate::transaction::{TransactionKind, TransactionError, Transaction, verify_transaction};
#[derive(Clone, PartialEq, Eq, Debug, Error)]
pub enum ProvidedError {

78
coordinator/tributary/src/tendermint.rs → coordinator/tributary/src/tendermint/mod.rs
View File

@@ -6,7 +6,7 @@ use async_trait::async_trait;
use subtle::ConstantTimeEq;
use zeroize::{Zeroize, Zeroizing};
use rand::{SeedableRng, seq::SliceRandom};
use rand::{SeedableRng, seq::SliceRandom, rngs::OsRng};
use rand_chacha::ChaCha12Rng;
use transcript::{Transcript, RecommendedTranscript};
@@ -29,6 +29,7 @@ use tendermint::{
BlockNumber, RoundNumber, Signer as SignerTrait, SignatureScheme, Weights, Block as BlockTrait,
BlockError as TendermintBlockError, Commit, Network,
},
SlashEvent,
};
use tokio::{
@@ -37,10 +38,14 @@ use tokio::{
};
use crate::{
TENDERMINT_MESSAGE, BLOCK_MESSAGE, ReadWrite, Transaction, BlockHeader, Block, BlockError,
Blockchain, P2p,
TENDERMINT_MESSAGE, TRANSACTION_MESSAGE, BLOCK_MESSAGE, ReadWrite,
transaction::Transaction as TransactionTrait, Transaction, BlockHeader, Block, BlockError,
Blockchain, P2p, tendermint::tx::SlashVote,
};
pub mod tx;
use tx::{TendermintTx, VoteSignature};
fn challenge(
genesis: [u8; 32],
key: [u8; 32],
@@ -205,7 +210,7 @@ impl Weights for Validators {
let block = usize::try_from(block.0).unwrap();
let round = usize::try_from(round.0).unwrap();
// If multiple rounds are used, a naive block + round would cause the same index to be chosen
// in quick succesion.
// in quick succession.
// Accordingly, if we use additional rounds, jump halfway around.
// While this is still game-able, it's not explicitly reusing indexes immediately after each
// other.
@@ -215,7 +220,7 @@ impl Weights for Validators {
}
#[derive(Clone, PartialEq, Eq, Debug, Encode, Decode)]
pub(crate) struct TendermintBlock(pub Vec<u8>);
pub struct TendermintBlock(pub Vec<u8>);
impl BlockTrait for TendermintBlock {
type Id = [u8; 32];
fn id(&self) -> Self::Id {
@@ -224,7 +229,7 @@ impl BlockTrait for TendermintBlock {
}
#[derive(Clone, Debug)]
pub(crate) struct TendermintNetwork<D: Db, T: Transaction, P: P2p> {
pub struct TendermintNetwork<D: Db, T: TransactionTrait, P: P2p> {
pub(crate) genesis: [u8; 32],
pub(crate) signer: Arc<Signer>,
@@ -235,7 +240,7 @@ pub(crate) struct TendermintNetwork<D: Db, T: Transaction, P: P2p> {
}
#[async_trait]
impl<D: Db, T: Transaction, P: P2p> Network for TendermintNetwork<D, T, P> {
impl<D: Db, T: TransactionTrait, P: P2p> Network for TendermintNetwork<D, T, P> {
type ValidatorId = [u8; 32];
type SignatureScheme = Arc<Validators>;
type Weights = Arc<Validators>;
@@ -262,22 +267,55 @@ impl<D: Db, T: Transaction, P: P2p> Network for TendermintNetwork<D, T, P> {
to_broadcast.extend(msg.encode());
self.p2p.broadcast(self.genesis, to_broadcast).await
}
async fn slash(&mut self, validator: Self::ValidatorId) {
// TODO: Handle this slash
async fn slash(&mut self, validator: Self::ValidatorId, slash_event: SlashEvent<Self>) {
log::error!(
"validator {} triggered a slash event on tributary {}",
"validator {} triggered a slash event on tributary {} (with evidence: {})",
hex::encode(validator),
hex::encode(self.genesis)
hex::encode(self.genesis),
matches!(slash_event, SlashEvent::WithEvidence(_, _)),
);
let signer = self.signer();
let tx = match slash_event {
SlashEvent::WithEvidence(m1, m2) => {
// create an unsigned evidence tx
TendermintTx::SlashEvidence((m1, m2).encode())
}
SlashEvent::Id(reason, block, round) => {
// create a signed vote tx
let mut tx = TendermintTx::SlashVote(SlashVote {
id: (reason, block, round).encode().try_into().unwrap(),
target: validator.encode().try_into().unwrap(),
sig: VoteSignature::default(),
});
tx.sign(&mut OsRng, signer.genesis, &signer.key);
tx
}
};
// add tx to blockchain and broadcast to peers
// TODO: Make a function out of this following block
let mut to_broadcast = vec![TRANSACTION_MESSAGE];
tx.write(&mut to_broadcast).unwrap();
if self.blockchain.write().await.add_transaction::<Self>(
true,
Transaction::Tendermint(tx),
self.signature_scheme(),
) {
self.p2p.broadcast(signer.genesis, to_broadcast).await;
}
}
async fn validate(&mut self, block: &Self::Block) -> Result<(), TendermintBlockError> {
let block =
Block::read::<&[u8]>(&mut block.0.as_ref()).map_err(|_| TendermintBlockError::Fatal)?;
self.blockchain.read().await.verify_block(&block).map_err(|e| match e {
BlockError::NonLocalProvided(_) => TendermintBlockError::Temporal,
_ => TendermintBlockError::Fatal,
})
self.blockchain.read().await.verify_block::<Self>(&block, self.signature_scheme()).map_err(
|e| match e {
BlockError::NonLocalProvided(_) => TendermintBlockError::Temporal,
_ => TendermintBlockError::Fatal,
},
)
}
async fn add_block(
@@ -303,7 +341,11 @@ impl<D: Db, T: Transaction, P: P2p> Network for TendermintNetwork<D, T, P> {
let encoded_commit = commit.encode();
loop {
let block_res = self.blockchain.write().await.add_block(&block, encoded_commit.clone());
let block_res = self.blockchain.write().await.add_block::<Self>(
&block,
encoded_commit.clone(),
self.signature_scheme(),
);
match block_res {
Ok(()) => {
// If we successfully added this block, broadcast it
@@ -326,6 +368,8 @@ impl<D: Db, T: Transaction, P: P2p> Network for TendermintNetwork<D, T, P> {
}
}
Some(TendermintBlock(self.blockchain.write().await.build_block().serialize()))
Some(TendermintBlock(
self.blockchain.write().await.build_block::<Self>(self.signature_scheme()).serialize(),
))
}
}

347
coordinator/tributary/src/tendermint/tx.rs Normal file
View File

@@ -0,0 +1,347 @@
use core::ops::Deref;
use std::{io, vec, default::Default};
use scale::Decode;
use zeroize::Zeroizing;
use blake2::{Digest, Blake2s256, Blake2b512};
use rand::{RngCore, CryptoRng};
use ciphersuite::{
group::{GroupEncoding, ff::Field},
Ciphersuite, Ristretto,
};
use schnorr::SchnorrSignature;
use crate::{
transaction::{Transaction, TransactionKind, TransactionError},
ReadWrite,
};
use tendermint::{
SignedMessageFor, Data,
round::RoundData,
time::CanonicalInstant,
commit_msg,
ext::{Network, Commit, RoundNumber, SignatureScheme},
};
/// Signing data for a slash vote.
///
/// The traditional Signed uses a nonce, whereas votes aren't required/expected to be ordered.
/// Accordingly, a simple uniqueness check works instead.
#[derive(Clone, PartialEq, Eq, Debug)]
pub struct VoteSignature {
pub signer: <Ristretto as Ciphersuite>::G,
pub signature: SchnorrSignature<Ristretto>,
}
impl ReadWrite for VoteSignature {
fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
let signer = Ristretto::read_G(reader)?;
let signature = SchnorrSignature::<Ristretto>::read(reader)?;
Ok(VoteSignature { signer, signature })
}
fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
writer.write_all(&self.signer.to_bytes())?;
self.signature.write(writer)
}
}
impl Default for VoteSignature {
fn default() -> Self {
VoteSignature {
signer: Ristretto::generator(),
signature: SchnorrSignature::<Ristretto>::read(&mut [0; 64].as_slice()).unwrap(),
}
}
}
/// A vote to slash a malicious validator.
#[derive(Clone, PartialEq, Eq, Debug)]
pub struct SlashVote {
pub id: [u8; 13], // vote id(slash event id)
pub target: [u8; 32], // who to slash
pub sig: VoteSignature, // signature
}
impl ReadWrite for SlashVote {
fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
let mut id = [0; 13];
let mut target = [0; 32];
reader.read_exact(&mut id)?;
reader.read_exact(&mut target)?;
let sig = VoteSignature::read(reader)?;
Ok(SlashVote { id, target, sig })
}
fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
writer.write_all(&self.id)?;
writer.write_all(&self.target)?;
self.sig.write(writer)
}
}
#[allow(clippy::large_enum_variant)]
#[derive(Clone, PartialEq, Eq, Debug)]
pub enum TendermintTx {
SlashEvidence(Vec<u8>),
// TODO: should the SlashVote.sig be directly in the enum
// like as in (SlashVote, sig) since the sig is sig of the tx.
SlashVote(SlashVote),
}
impl ReadWrite for TendermintTx {
fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
let mut kind = [0];
reader.read_exact(&mut kind)?;
match kind[0] {
0 => {
let mut len = [0; 4];
reader.read_exact(&mut len)?;
let mut len =
usize::try_from(u32::from_le_bytes(len)).expect("running on a 16-bit system?");
let mut data = vec![];
// Read chunk-by-chunk so a claimed 4 GB length doesn't cause a 4 GB allocation
// While we could check the length is sane, that'd require we know what a sane length is
// We'd also have to maintain that length's sanity even as other parts of the codebase,
// and even entire crates, change
// This is fine as it'll eventually hit the P2P message size limit, yet doesn't require
// knowing it nor does it make any assumptions
const CHUNK_LEN: usize = 1024;
let mut chunk = [0; CHUNK_LEN];
while len > 0 {
let to_read = len.min(CHUNK_LEN);
data.reserve(to_read);
reader.read_exact(&mut chunk[.. to_read])?;
data.extend(&chunk[.. to_read]);
len -= to_read;
}
Ok(TendermintTx::SlashEvidence(data))
}
1 => {
let vote = SlashVote::read(reader)?;
Ok(TendermintTx::SlashVote(vote))
}
_ => Err(io::Error::new(io::ErrorKind::Other, "invalid transaction type")),
}
}
fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
match self {
TendermintTx::SlashEvidence(ev) => {
writer.write_all(&[0])?;
writer.write_all(&u32::try_from(ev.len()).unwrap().to_le_bytes())?;
writer.write_all(ev)
}
TendermintTx::SlashVote(vote) => {
writer.write_all(&[1])?;
vote.write(writer)
}
}
}
}
impl Transaction for TendermintTx {
fn kind(&self) -> TransactionKind<'_> {
// There's an assert elsewhere in the codebase expecting this behavior
// If we do want to add Provided/Signed TendermintTxs, review the implications carefully
TransactionKind::Unsigned
}
fn hash(&self) -> [u8; 32] {
let mut tx = self.serialize();
if let TendermintTx::SlashVote(vote) = self {
// Make sure the part we're cutting off is the signature
assert_eq!(tx.drain((tx.len() - 64) ..).collect::<Vec<_>>(), vote.sig.signature.serialize());
}
Blake2s256::digest(tx).into()
}
fn sig_hash(&self, genesis: [u8; 32]) -> <Ristretto as Ciphersuite>::F {
match self {
TendermintTx::SlashEvidence(_) => panic!("sig_hash called on slash evidence transaction"),
TendermintTx::SlashVote(vote) => {
let signature = &vote.sig.signature;
<Ristretto as Ciphersuite>::F::from_bytes_mod_order_wide(
&Blake2b512::digest(
[genesis.as_ref(), &self.hash(), signature.R.to_bytes().as_ref()].concat(),
)
.into(),
)
}
}
}
fn verify(&self) -> Result<(), TransactionError> {
Ok(())
}
}
impl TendermintTx {
// Sign a transaction
pub fn sign<R: RngCore + CryptoRng>(
&mut self,
rng: &mut R,
genesis: [u8; 32],
key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
) {
fn signature(tx: &mut TendermintTx) -> Option<&mut VoteSignature> {
match tx {
TendermintTx::SlashVote(vote) => Some(&mut vote.sig),
_ => None,
}
}
signature(self).unwrap().signer = Ristretto::generator() * key.deref();
let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
signature(self).unwrap().signature.R =
<Ristretto as Ciphersuite>::generator() * sig_nonce.deref();
let sig_hash = self.sig_hash(genesis);
signature(self).unwrap().signature =
SchnorrSignature::<Ristretto>::sign(key, sig_nonce, sig_hash);
}
}
pub fn decode_evidence<N: Network>(
mut ev: &[u8],
) -> Result<(SignedMessageFor<N>, Option<SignedMessageFor<N>>), TransactionError> {
<(SignedMessageFor<N>, Option<SignedMessageFor<N>>)>::decode(&mut ev).map_err(|_| {
dbg!("failed to decode");
TransactionError::InvalidContent
})
}
// TODO: Move this into tendermint-machine
// TODO: Strongly type Evidence, instead of having two messages and no idea what's supposedly
// wrong with them. Doing so will massively simplify the auditability of this (as this
// re-implements an entire foreign library's checks for malicious behavior).
pub(crate) fn verify_tendermint_tx<N: Network>(
tx: &TendermintTx,
genesis: [u8; 32],
schema: N::SignatureScheme,
commit: impl Fn(u32) -> Option<Commit<N::SignatureScheme>>,
) -> Result<(), TransactionError> {
tx.verify()?;
match tx {
TendermintTx::SlashEvidence(ev) => {
let (first, second) = decode_evidence::<N>(ev)?;
// verify that evidence messages are signed correctly
if !first.verify_signature(&schema) {
Err(TransactionError::InvalidSignature)?
}
let first = first.msg;
if let Some(second) = second {
if !second.verify_signature(&schema) {
Err(TransactionError::InvalidSignature)?
}
let second = second.msg;
// 2 types of evidence here
// 1- multiple distinct messages for the same block + round + step
// 2- precommitted to multiple blocks
// Make sure they're distinct messages, from the same sender, within the same block
if (first == second) || (first.sender != second.sender) || (first.block != second.block) {
Err(TransactionError::InvalidContent)?;
}
// Distinct messages within the same step
if (first.round == second.round) && (first.data.step() == second.data.step()) {
return Ok(());
}
// check whether messages are precommits to different blocks
// The inner signatures don't need to be verified since the outer signatures were
// While the inner signatures may be invalid, that would've yielded a invalid precommit
// signature slash instead of distinct precommit slash
if let Data::Precommit(Some((h1, _))) = first.data {
if let Data::Precommit(Some((h2, _))) = second.data {
if h1 == h2 {
Err(TransactionError::InvalidContent)?;
}
return Ok(());
}
}
// No fault identified
Err(TransactionError::InvalidContent)?
}
// 2 types of evidence can be here
// 1- invalid commit signature
// 2- vr number that was greater than or equal to the current round
match &first.data {
Data::Proposal(vr, _) => {
// check the vr
if vr.is_none() || vr.unwrap().0 < first.round.0 {
Err(TransactionError::InvalidContent)?
}
}
Data::Precommit(Some((id, sig))) => {
// TODO: We need to be passed in the genesis time to handle this edge case
if first.block.0 == 0 {
todo!("invalid precommit signature on first block")
}
// get the last commit
// TODO: Why do we use u32 when Tendermint uses u64?
let prior_commit = match u32::try_from(first.block.0 - 1) {
Ok(n) => match commit(n) {
Some(c) => c,
// If we have yet to sync the block in question, we will return InvalidContent based
// on our own temporal ambiguity
// This will also cause an InvalidContent for anything using a non-existent block,
// yet that's valid behavior
// TODO: Double check the ramifications of this
_ => Err(TransactionError::InvalidContent)?,
},
_ => Err(TransactionError::InvalidContent)?,
};
// calculate the end time till the msg round
let mut last_end_time = CanonicalInstant::new(prior_commit.end_time);
for r in 0 ..= first.round.0 {
last_end_time = RoundData::<N>::new(RoundNumber(r), last_end_time).end_time();
}
// verify that the commit was actually invalid
if schema.verify(first.sender, &commit_msg(last_end_time.canonical(), id.as_ref()), sig) {
Err(TransactionError::InvalidContent)?
}
}
_ => Err(TransactionError::InvalidContent)?,
}
}
TendermintTx::SlashVote(vote) => {
// TODO: verify the target is actually one of our validators?
// this shouldn't be a problem because if the target isn't valid, no one else
// gonna vote on it. But we still have to think about spam votes.
// TODO: we need to check signer is a participant
// TODO: Move this into the standalone TendermintTx verify
let sig = &vote.sig;
// verify the tx signature
// TODO: Use Schnorr half-aggregation and a batch verification here
if !sig.signature.verify(sig.signer, tx.sig_hash(genesis)) {
Err(TransactionError::InvalidSignature)?;
}
}
}
Ok(())
}

46
coordinator/tributary/src/tests/block.rs
View File

@@ -1,14 +1,23 @@
use std::{io, collections::HashMap};
use std::{sync::Arc, io, collections::HashMap, fmt::Debug};
use blake2::{Digest, Blake2s256};
use ciphersuite::{
group::{ff::Field, Group},
Ciphersuite, Ristretto,
};
use schnorr::SchnorrSignature;
use crate::{ReadWrite, TransactionError, Signed, TransactionKind, Transaction, BlockError, Block};
use serai_db::MemDb;
use tendermint::ext::Commit;
use crate::{
ReadWrite, BlockError, Block, Transaction,
tests::p2p::DummyP2p,
transaction::{TransactionError, Signed, TransactionKind, Transaction as TransactionTrait},
tendermint::{TendermintNetwork, Validators},
};
type N = TendermintNetwork<MemDb, NonceTransaction, DummyP2p>;
// A transaction solely defined by its nonce and a distinguisher (to allow creating distinct TXs
// sharing a nonce).
@@ -50,7 +59,7 @@ impl ReadWrite for NonceTransaction {
}
}
impl Transaction for NonceTransaction {
impl TransactionTrait for NonceTransaction {
fn kind(&self) -> TransactionKind<'_> {
TransactionKind::Signed(&self.2)
}
@@ -68,8 +77,21 @@ impl Transaction for NonceTransaction {
fn empty_block() {
const GENESIS: [u8; 32] = [0xff; 32];
const LAST: [u8; 32] = [0x01; 32];
let validators = Arc::new(Validators::new(GENESIS, vec![]).unwrap());
let commit = |_: u32| -> Option<Commit<Arc<Validators>>> {
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
let unsigned_in_chain = |_: [u8; 32]| false;
Block::<NonceTransaction>::new(LAST, vec![], vec![])
.verify(GENESIS, LAST, HashMap::new(), HashMap::new())
.verify::<N>(
GENESIS,
LAST,
HashMap::new(),
HashMap::new(),
validators,
commit,
unsigned_in_chain,
)
.unwrap();
}
@@ -78,19 +100,29 @@ fn duplicate_nonces() {
const GENESIS: [u8; 32] = [0xff; 32];
const LAST: [u8; 32] = [0x01; 32];
let validators = Arc::new(Validators::new(GENESIS, vec![]).unwrap());
// Run once without duplicating a nonce, and once with, so that's confirmed to be the faulty
// component
for i in [1, 0] {
let mut mempool = vec![];
let mut insert = |tx: NonceTransaction| mempool.push(tx);
let mut insert = |tx: NonceTransaction| mempool.push(Transaction::Application(tx));
insert(NonceTransaction::new(0, 0));
insert(NonceTransaction::new(i, 1));
let res = Block::new(LAST, vec![], mempool).verify(
let commit = |_: u32| -> Option<Commit<Arc<Validators>>> {
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
let unsigned_in_chain = |_: [u8; 32]| false;
let res = Block::new(LAST, vec![], mempool).verify::<N>(
GENESIS,
LAST,
HashMap::new(),
HashMap::from([(<Ristretto as Ciphersuite>::G::identity(), 0)]),
validators.clone(),
commit,
unsigned_in_chain,
);
if i == 1 {
res.unwrap();

408
coordinator/tributary/src/tests/blockchain.rs
View File

@@ -1,7 +1,12 @@
use std::collections::{VecDeque, HashMap};
use core::ops::Deref;
use std::{
collections::{VecDeque, HashMap},
sync::Arc,
io,
};
use zeroize::Zeroizing;
use rand::{RngCore, rngs::OsRng};
use rand::rngs::OsRng;
use blake2::{Digest, Blake2s256};
@@ -10,17 +15,20 @@ use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
use serai_db::{DbTxn, Db, MemDb};
use crate::{
merkle, Transaction, ProvidedError, ProvidedTransactions, Block, Blockchain,
tests::{ProvidedTransaction, SignedTransaction, random_provided_transaction},
ReadWrite, TransactionKind,
transaction::Transaction as TransactionTrait,
TransactionError, Transaction, ProvidedError, ProvidedTransactions, merkle, BlockError, Block,
Blockchain,
tendermint::{TendermintNetwork, Validators, tx::TendermintTx, Signer, TendermintBlock},
tests::{
ProvidedTransaction, SignedTransaction, random_provided_transaction, p2p::DummyP2p,
new_genesis, random_vote_tx, random_evidence_tx,
},
};
fn new_genesis() -> [u8; 32] {
let mut genesis = [0; 32];
OsRng.fill_bytes(&mut genesis);
genesis
}
type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
fn new_blockchain<T: Transaction>(
fn new_blockchain<T: TransactionTrait>(
genesis: [u8; 32],
participants: &[<Ristretto as Ciphersuite>::G],
) -> (MemDb, Blockchain<MemDb, T>) {
@@ -34,12 +42,14 @@ fn new_blockchain<T: Transaction>(
#[test]
fn block_addition() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let (db, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
let block = blockchain.build_block();
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(block.header.parent, genesis);
assert_eq!(block.header.transactions, [0; 32]);
blockchain.verify_block(&block).unwrap();
assert!(blockchain.add_block(&block, vec![]).is_ok());
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
assert!(blockchain.add_block::<N>(&block, vec![], validators).is_ok());
assert_eq!(blockchain.tip(), block.hash());
assert_eq!(blockchain.block_number(), 1);
assert_eq!(
@@ -51,23 +61,24 @@ fn block_addition() {
#[test]
fn invalid_block() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
let block = blockchain.build_block();
let block = blockchain.build_block::<N>(validators.clone());
// Mutate parent
{
#[allow(clippy::redundant_clone)] // False positive
let mut block = block.clone();
block.header.parent = Blake2s256::digest(block.header.parent).into();
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
// Mutate tranactions merkle
{
let mut block = block;
block.header.transactions = Blake2s256::digest(block.header.transactions).into();
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
@@ -76,9 +87,9 @@ fn invalid_block() {
// Not a participant
{
// Manually create the block to bypass build_block's checks
let block = Block::new(blockchain.tip(), vec![], vec![tx.clone()]);
let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx.clone())]);
assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
// Run the rest of the tests with them as a participant
@@ -86,40 +97,81 @@ fn invalid_block() {
// Re-run the not a participant block to make sure it now works
{
let block = Block::new(blockchain.tip(), vec![], vec![tx.clone()]);
let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx.clone())]);
assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
blockchain.verify_block(&block).unwrap();
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
}
{
// Add a valid transaction
let mut blockchain = blockchain.clone();
assert!(blockchain.add_transaction(true, tx.clone()));
let mut block = blockchain.build_block();
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Application(tx.clone()),
validators.clone()
));
let mut block = blockchain.build_block::<N>(validators.clone());
assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
blockchain.verify_block(&block).unwrap();
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
// And verify mutating the transactions merkle now causes a failure
block.header.transactions = merkle(&[]);
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
{
// Invalid nonce
let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 5);
// Manually create the block to bypass build_block's checks
let block = Block::new(blockchain.tip(), vec![], vec![tx]);
assert!(blockchain.verify_block(&block).is_err());
let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx)]);
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
{
// Invalid signature
let mut blockchain = blockchain;
assert!(blockchain.add_transaction(true, tx));
let mut block = blockchain.build_block();
blockchain.verify_block(&block).unwrap();
block.transactions[0].1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
assert!(blockchain.verify_block(&block).is_err());
let mut blockchain = blockchain.clone();
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Application(tx),
validators.clone()
));
let mut block = blockchain.build_block::<N>(validators.clone());
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
match &mut block.transactions[0] {
Transaction::Application(tx) => {
tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
}
_ => panic!("non-signed tx found"),
}
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
// Make sure this isn't because the merkle changed due to the transaction hash including the
// signature (which it explicitly isn't allowed to anyways)
assert_eq!(block.header.transactions, merkle(&[block.transactions[0].hash()]));
}
{
// Invalid vote signature
let mut blockchain = blockchain.clone();
let vote_tx = random_vote_tx(&mut OsRng, genesis);
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Tendermint(vote_tx),
validators.clone()
));
let mut block = blockchain.build_block::<N>(validators.clone());
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
match &mut block.transactions[0] {
Transaction::Tendermint(tx) => match tx {
TendermintTx::SlashVote(vote) => {
vote.sig.signature.s += <Ristretto as Ciphersuite>::F::ONE;
}
_ => panic!("non-vote tx found"),
},
_ => panic!("non-tendermint tx found"),
}
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
// Make sure this isn't because the merkle changed due to the transaction hash including the
// signature (which it explicitly isn't allowed to anyways)
@@ -130,7 +182,7 @@ fn invalid_block() {
#[test]
fn signed_transaction() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
let signer = tx.1.signer;
@@ -139,14 +191,21 @@ fn signed_transaction() {
assert_eq!(blockchain.next_nonce(signer), Some(0));
let test = |blockchain: &mut Blockchain<MemDb, SignedTransaction>,
mempool: Vec<SignedTransaction>| {
mempool: Vec<Transaction<SignedTransaction>>| {
let tip = blockchain.tip();
for tx in mempool.clone() {
let Transaction::Application(tx) = tx else {
panic!("tendermint tx found");
};
let next_nonce = blockchain.next_nonce(signer).unwrap();
assert!(blockchain.add_transaction(true, tx));
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Application(tx),
validators.clone()
));
assert_eq!(next_nonce + 1, blockchain.next_nonce(signer).unwrap());
}
let block = blockchain.build_block();
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(block, Block::new(blockchain.tip(), vec![], mempool.clone()));
assert_eq!(blockchain.tip(), tip);
assert_eq!(block.header.parent, tip);
@@ -160,19 +219,21 @@ fn signed_transaction() {
);
// Verify and add the block
blockchain.verify_block(&block).unwrap();
assert!(blockchain.add_block(&block, vec![]).is_ok());
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_ok());
assert_eq!(blockchain.tip(), block.hash());
};
// Test with a single nonce
test(&mut blockchain, vec![tx]);
test(&mut blockchain, vec![Transaction::Application(tx)]);
assert_eq!(blockchain.next_nonce(signer), Some(1));
// Test with a flood of nonces
let mut mempool = vec![];
for nonce in 1 .. 64 {
mempool.push(crate::tests::signed_transaction(&mut OsRng, genesis, &key, nonce));
mempool.push(Transaction::Application(crate::tests::signed_transaction(
&mut OsRng, genesis, &key, nonce,
)));
}
test(&mut blockchain, mempool);
assert_eq!(blockchain.next_nonce(signer), Some(64));
@@ -181,6 +242,7 @@ fn signed_transaction() {
#[test]
fn provided_transaction() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let (_, mut blockchain) = new_blockchain::<ProvidedTransaction>(genesis, &[]);
let tx = random_provided_transaction(&mut OsRng);
@@ -203,18 +265,274 @@ fn provided_transaction() {
// Non-provided transactions should fail verification
let block = Block::new(blockchain.tip(), vec![tx.clone()], vec![]);
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
// Provided transactions should pass verification
blockchain.provide_transaction(tx.clone()).unwrap();
blockchain.verify_block(&block).unwrap();
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
// add_block should work for verified blocks
assert!(blockchain.add_block(&block, vec![]).is_ok());
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_ok());
let block = Block::new(blockchain.tip(), vec![tx], vec![]);
// The provided transaction should no longer considered provided, causing this error
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
// add_block should fail for unverified provided transactions if told to add them
assert!(blockchain.add_block(&block, vec![]).is_err());
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_err());
}
#[test]
fn tendermint_vote_tx() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
let test = |blockchain: &mut Blockchain<MemDb, SignedTransaction>,
mempool: Vec<Transaction<SignedTransaction>>| {
let tip = blockchain.tip();
for tx in mempool.clone() {
let Transaction::Tendermint(tx) = tx else {
panic!("non-tendermint tx found");
};
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Tendermint(tx),
validators.clone()
));
}
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(blockchain.tip(), tip);
assert_eq!(block.header.parent, tip);
// Make sure all transactions were included
for bt in &block.transactions {
assert!(mempool.contains(bt));
}
// Make sure the merkle was correct
// Uses block.transactions instead of mempool as order may differ between the two
assert_eq!(
block.header.transactions,
merkle(&block.transactions.iter().map(Transaction::hash).collect::<Vec<_>>()),
);
// Verify and add the block
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_ok());
assert_eq!(blockchain.tip(), block.hash());
};
// test with single tx
let tx = random_vote_tx(&mut OsRng, genesis);
test(&mut blockchain, vec![Transaction::Tendermint(tx)]);
// test with multiple txs
let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
for _ in 0 .. 5 {
mempool.push(Transaction::Tendermint(random_vote_tx(&mut OsRng, genesis)));
}
test(&mut blockchain, mempool);
}
#[tokio::test]
async fn tendermint_evidence_tx() {
let genesis = new_genesis();
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let signer = Signer::new(genesis, key.clone());
let signer_id = Ristretto::generator() * key.deref();
let validators = Arc::new(Validators::new(genesis, vec![(signer_id, 1)]).unwrap());
let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
let test = |blockchain: &mut Blockchain<MemDb, SignedTransaction>,
mempool: Vec<Transaction<SignedTransaction>>,
validators: Arc<Validators>| {
let tip = blockchain.tip();
for tx in mempool.clone() {
let Transaction::Tendermint(tx) = tx else {
panic!("non-tendermint tx found");
};
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Tendermint(tx),
validators.clone()
));
}
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(blockchain.tip(), tip);
assert_eq!(block.header.parent, tip);
// Make sure all transactions were included
for bt in &block.transactions {
assert!(mempool.contains(bt));
}
// Verify and add the block
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_ok());
assert_eq!(blockchain.tip(), block.hash());
};
// test with single tx
let tx = random_evidence_tx::<N>(signer.into(), TendermintBlock(vec![0x12])).await;
test(&mut blockchain, vec![Transaction::Tendermint(tx)], validators);
// test with multiple txs
let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
let mut signers = vec![];
for _ in 0 .. 5 {
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let signer = Signer::new(genesis, key.clone());
let signer_id = Ristretto::generator() * key.deref();
signers.push((signer_id, 1));
mempool.push(Transaction::Tendermint(
random_evidence_tx::<N>(signer.into(), TendermintBlock(vec![0x12])).await,
));
}
// update validators
let validators = Arc::new(Validators::new(genesis, signers).unwrap());
test(&mut blockchain, mempool, validators);
}
#[test]
fn block_tx_ordering() {
#[derive(Debug, PartialEq, Eq, Clone)]
enum SignedTx {
Signed(Box<SignedTransaction>),
Provided(Box<ProvidedTransaction>),
}
impl ReadWrite for SignedTx {
fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
let mut kind = [0];
reader.read_exact(&mut kind)?;
match kind[0] {
0 => Ok(SignedTx::Signed(Box::new(SignedTransaction::read(reader)?))),
1 => Ok(SignedTx::Provided(Box::new(ProvidedTransaction::read(reader)?))),
_ => Err(io::Error::new(io::ErrorKind::Other, "invalid transaction type")),
}
}
fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
match self {
SignedTx::Signed(signed) => {
writer.write_all(&[0])?;
signed.write(writer)
}
SignedTx::Provided(pro) => {
writer.write_all(&[1])?;
pro.write(writer)
}
}
}
}
impl TransactionTrait for SignedTx {
fn kind(&self) -> TransactionKind<'_> {
match self {
SignedTx::Signed(signed) => signed.kind(),
SignedTx::Provided(pro) => pro.kind(),
}
}
fn hash(&self) -> [u8; 32] {
match self {
SignedTx::Signed(signed) => signed.hash(),
SignedTx::Provided(pro) => pro.hash(),
}
}
fn verify(&self) -> Result<(), TransactionError> {
Ok(())
}
}
let genesis = new_genesis();
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
// signer
let signer = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0).1.signer;
let (_, mut blockchain) = new_blockchain::<SignedTx>(genesis, &[signer]);
let tip = blockchain.tip();
// add txs
let mut mempool = vec![];
let mut provided_txs = vec![];
for i in 0 .. 128 {
let signed_tx = Transaction::Application(SignedTx::Signed(Box::new(
crate::tests::signed_transaction(&mut OsRng, genesis, &key, i),
)));
assert!(blockchain.add_transaction::<N>(true, signed_tx.clone(), validators.clone()));
mempool.push(signed_tx);
let unsigned_tx = Transaction::Tendermint(random_vote_tx(&mut OsRng, genesis));
assert!(blockchain.add_transaction::<N>(true, unsigned_tx.clone(), validators.clone()));
mempool.push(unsigned_tx);
let provided_tx = SignedTx::Provided(Box::new(random_provided_transaction(&mut OsRng)));
blockchain.provide_transaction(provided_tx.clone()).unwrap();
provided_txs.push(provided_tx);
}
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(blockchain.tip(), tip);
assert_eq!(block.header.parent, tip);
// Make sure all transactions were included
assert_eq!(block.transactions.len(), 3 * 128);
for bt in &block.transactions[128 ..] {
assert!(mempool.contains(bt));
}
// check the tx order
let txs = &block.transactions;
for tx in txs.iter().take(128) {
assert!(matches!(tx.kind(), TransactionKind::Provided(..)));
}
for tx in txs.iter().take(128).skip(128) {
assert!(matches!(tx.kind(), TransactionKind::Unsigned));
}
for tx in txs.iter().take(128).skip(256) {
assert!(matches!(tx.kind(), TransactionKind::Signed(..)));
}
// should be a valid block
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
// Unsigned before Provided
{
let mut block = block.clone();
// Doesn't use swap to preserve the order of Provided, as that's checked before kind ordering
let unsigned = block.transactions.remove(128);
block.transactions.insert(0, unsigned);
assert_eq!(
blockchain.verify_block::<N>(&block, validators.clone()).unwrap_err(),
BlockError::WrongTransactionOrder
);
}
// Signed before Provided
{
let mut block = block.clone();
let signed = block.transactions.remove(256);
block.transactions.insert(0, signed);
assert_eq!(
blockchain.verify_block::<N>(&block, validators.clone()).unwrap_err(),
BlockError::WrongTransactionOrder
);
}
// Signed before Unsigned
{
let mut block = block;
block.transactions.swap(128, 256);
assert_eq!(
blockchain.verify_block::<N>(&block, validators.clone()).unwrap_err(),
BlockError::WrongTransactionOrder
);
}
}

147
coordinator/tributary/src/tests/mempool.rs
View File

@@ -1,50 +1,132 @@
use std::collections::HashMap;
use std::{sync::Arc, collections::HashMap};
use zeroize::Zeroizing;
use rand::{RngCore, rngs::OsRng};
use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
use tendermint::ext::Commit;
use serai_db::MemDb;
use crate::{
transaction::Transaction as TransactionTrait,
tendermint::{TendermintBlock, Validators, Signer, TendermintNetwork},
ACCOUNT_MEMPOOL_LIMIT, Transaction, Mempool,
tests::{SignedTransaction, signed_transaction},
tests::{
SignedTransaction, signed_transaction, p2p::DummyP2p, random_vote_tx, random_evidence_tx,
},
};
fn new_mempool<T: Transaction>() -> ([u8; 32], MemDb, Mempool<MemDb, T>) {
type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
fn new_mempool<T: TransactionTrait>() -> ([u8; 32], MemDb, Mempool<MemDb, T>) {
let mut genesis = [0; 32];
OsRng.fill_bytes(&mut genesis);
let db = MemDb::new();
(genesis, db.clone(), Mempool::new(db, genesis))
}
#[test]
fn mempool_addition() {
#[tokio::test]
async fn mempool_addition() {
let (genesis, db, mut mempool) = new_mempool::<SignedTransaction>();
let commit = |_: u32| -> Option<Commit<Arc<Validators>>> {
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
let unsigned_in_chain = |_: [u8; 32]| false;
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let first_tx = signed_transaction(&mut OsRng, genesis, &key, 0);
let signer = first_tx.1.signer;
assert_eq!(mempool.next_nonce(&signer), None);
// validators
let validators = Arc::new(Validators::new(genesis, vec![(signer, 1)]).unwrap());
// Add TX 0
let mut blockchain_next_nonces = HashMap::from([(signer, 0)]);
assert!(mempool.add(&blockchain_next_nonces, true, first_tx.clone()));
assert!(mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Application(first_tx.clone()),
validators.clone(),
unsigned_in_chain,
commit,
));
assert_eq!(mempool.next_nonce(&signer), Some(1));
// add a tendermint vote tx
let vote_tx = random_vote_tx(&mut OsRng, genesis);
assert!(mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Tendermint(vote_tx.clone()),
validators.clone(),
unsigned_in_chain,
commit,
));
// add a tendermint evidence tx
let evidence_tx =
random_evidence_tx::<N>(Signer::new(genesis, key.clone()).into(), TendermintBlock(vec![]))
.await;
assert!(mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Tendermint(evidence_tx.clone()),
validators.clone(),
unsigned_in_chain,
commit,
));
// Test reloading works
assert_eq!(mempool, Mempool::new(db, genesis));
// Adding it again should fail
assert!(!mempool.add(&blockchain_next_nonces, true, first_tx.clone()));
assert!(!mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Application(first_tx.clone()),
validators.clone(),
unsigned_in_chain,
commit,
));
assert!(!mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Tendermint(vote_tx.clone()),
validators.clone(),
unsigned_in_chain,
commit,
));
assert!(!mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Tendermint(evidence_tx.clone()),
validators.clone(),
unsigned_in_chain,
commit,
));
// Do the same with the next nonce
let second_tx = signed_transaction(&mut OsRng, genesis, &key, 1);
assert!(mempool.add(&blockchain_next_nonces, true, second_tx.clone()));
assert!(mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Application(second_tx.clone()),
validators.clone(),
unsigned_in_chain,
commit,
));
assert_eq!(mempool.next_nonce(&signer), Some(2));
assert!(!mempool.add(&blockchain_next_nonces, true, second_tx.clone()));
assert!(!mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Application(second_tx.clone()),
validators.clone(),
unsigned_in_chain,
commit,
));
// If the mempool doesn't have a nonce for an account, it should successfully use the
// blockchain's
@@ -53,43 +135,68 @@ fn mempool_addition() {
let second_signer = tx.1.signer;
assert_eq!(mempool.next_nonce(&second_signer), None);
blockchain_next_nonces.insert(second_signer, 2);
assert!(mempool.add(&blockchain_next_nonces, true, tx.clone()));
assert!(mempool.add::<N>(
&blockchain_next_nonces,
true,
Transaction::Application(tx.clone()),
validators.clone(),
unsigned_in_chain,
commit
));
assert_eq!(mempool.next_nonce(&second_signer), Some(3));
// Getting a block should work
assert_eq!(mempool.block(&blockchain_next_nonces).len(), 3);
assert_eq!(mempool.block(&blockchain_next_nonces, unsigned_in_chain).len(), 5);
// If the blockchain says an account had its nonce updated, it should cause a prune
blockchain_next_nonces.insert(signer, 1);
let mut block = mempool.block(&blockchain_next_nonces);
assert_eq!(block.len(), 2);
let mut block = mempool.block(&blockchain_next_nonces, unsigned_in_chain);
assert_eq!(block.len(), 4);
assert!(!block.iter().any(|tx| tx.hash() == first_tx.hash()));
assert_eq!(mempool.txs(), &block.drain(..).map(|tx| (tx.hash(), tx)).collect::<HashMap<_, _>>());
// Removing should also successfully prune
mempool.remove(&tx.hash());
assert_eq!(mempool.txs(), &HashMap::from([(second_tx.hash(), second_tx)]));
mempool.remove(&vote_tx.hash());
assert_eq!(
mempool.txs(),
&HashMap::from([
(second_tx.hash(), Transaction::Application(second_tx)),
(evidence_tx.hash(), Transaction::Tendermint(evidence_tx))
])
);
}
#[test]
fn too_many_mempool() {
let (genesis, _, mut mempool) = new_mempool::<SignedTransaction>();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let commit = |_: u32| -> Option<Commit<Arc<Validators>>> {
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
let unsigned_in_chain = |_: [u8; 32]| false;
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let signer = signed_transaction(&mut OsRng, genesis, &key, 0).1.signer;
// We should be able to add transactions up to the limit
for i in 0 .. ACCOUNT_MEMPOOL_LIMIT {
assert!(mempool.add(
assert!(mempool.add::<N>(
&HashMap::from([(signer, 0)]),
false,
signed_transaction(&mut OsRng, genesis, &key, i)
Transaction::Application(signed_transaction(&mut OsRng, genesis, &key, i)),
validators.clone(),
unsigned_in_chain,
commit,
));
}
// Yet adding more should fail
assert!(!mempool.add(
assert!(!mempool.add::<N>(
&HashMap::from([(signer, 0)]),
false,
signed_transaction(&mut OsRng, genesis, &key, ACCOUNT_MEMPOOL_LIMIT)
Transaction::Application(signed_transaction(&mut OsRng, genesis, &key, ACCOUNT_MEMPOOL_LIMIT)),
validators.clone(),
unsigned_in_chain,
commit,
));
}

2
coordinator/tributary/src/tests/mod.rs
View File

@@ -10,3 +10,5 @@ mod block;
mod blockchain;
#[cfg(test)]
mod mempool;
#[cfg(test)]
mod p2p;

11
coordinator/tributary/src/tests/p2p.rs Normal file
View File

@@ -0,0 +1,11 @@
pub use crate::P2p;
#[derive(Clone, Debug)]
pub struct DummyP2p;
#[async_trait::async_trait]
impl P2p for DummyP2p {
async fn broadcast(&self, _: [u8; 32], _: Vec<u8>) {
unimplemented!()
}
}

89
coordinator/tributary/src/tests/transaction/mod.rs
View File

@@ -1,8 +1,8 @@
use core::ops::Deref;
use std::{io, collections::HashMap};
use std::{sync::Arc, io, collections::HashMap};
use zeroize::Zeroizing;
use rand::{RngCore, CryptoRng};
use rand::{RngCore, CryptoRng, rngs::OsRng};
use blake2::{Digest, Blake2s256};
@@ -12,11 +12,28 @@ use ciphersuite::{
};
use schnorr::SchnorrSignature;
use crate::{ReadWrite, Signed, TransactionError, TransactionKind, Transaction, verify_transaction};
use scale::Encode;
use ::tendermint::{
ext::{Network, Signer as SignerTrait, SignatureScheme, BlockNumber, RoundNumber},
SignedMessageFor, DataFor, Message, SignedMessage, Data,
};
use crate::{
transaction::{Signed, TransactionError, TransactionKind, Transaction, verify_transaction},
ReadWrite,
tendermint::{
tx::{SlashVote, VoteSignature, TendermintTx},
Validators, Signer,
},
};
#[cfg(test)]
mod signed;
#[cfg(test)]
mod tendermint;
pub fn random_signed<R: RngCore + CryptoRng>(rng: &mut R) -> Signed {
Signed {
signer: <Ristretto as Ciphersuite>::G::random(&mut *rng),
@@ -138,3 +155,69 @@ pub fn random_signed_transaction<R: RngCore + CryptoRng>(
(genesis, signed_transaction(rng, genesis, &key, nonce))
}
pub fn new_genesis() -> [u8; 32] {
let mut genesis = [0; 32];
OsRng.fill_bytes(&mut genesis);
genesis
}
pub async fn tendermint_meta() -> ([u8; 32], Signer, [u8; 32], Arc<Validators>) {
// signer
let genesis = new_genesis();
let signer =
Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
let validator_id = signer.validator_id().await.unwrap();
// schema
let signer_pub =
<Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
let validators = Arc::new(Validators::new(genesis, vec![(signer_pub, 1)]).unwrap());
(genesis, signer, validator_id, validators)
}
pub async fn signed_from_data<N: Network>(
signer: <N::SignatureScheme as SignatureScheme>::Signer,
signer_id: N::ValidatorId,
block_number: u64,
round_number: u32,
data: DataFor<N>,
) -> SignedMessageFor<N> {
let msg = Message {
sender: signer_id,
block: BlockNumber(block_number),
round: RoundNumber(round_number),
data,
};
let sig = signer.sign(&msg.encode()).await;
SignedMessage { msg, sig }
}
pub async fn random_evidence_tx<N: Network>(
signer: <N::SignatureScheme as SignatureScheme>::Signer,
b: N::Block,
) -> TendermintTx {
// Creates a TX with an invalid valid round number
// TODO: Use a random failure reason
let data = Data::Proposal(Some(RoundNumber(0)), b);
let signer_id = signer.validator_id().await.unwrap();
let signed = signed_from_data::<N>(signer, signer_id, 0, 0, data).await;
TendermintTx::SlashEvidence((signed, None::<SignedMessageFor<N>>).encode())
}
pub fn random_vote_tx<R: RngCore + CryptoRng>(rng: &mut R, genesis: [u8; 32]) -> TendermintTx {
// private key
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut *rng));
// vote data
let mut id = [0u8; 13];
let mut target = [0u8; 32];
rng.fill_bytes(&mut id);
rng.fill_bytes(&mut target);
let mut tx = TendermintTx::SlashVote(SlashVote { id, target, sig: VoteSignature::default() });
tx.sign(rng, genesis, &key);
tx
}

3
coordinator/tributary/src/tests/transaction/signed.rs
View File

@@ -7,7 +7,8 @@ use blake2::{Digest, Blake2s256};
use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
use crate::{
ReadWrite, Signed, Transaction, verify_transaction,
ReadWrite,
transaction::{Signed, Transaction, verify_transaction},
tests::{random_signed, random_signed_transaction},
};

303
coordinator/tributary/src/tests/transaction/tendermint.rs Normal file
View File

@@ -0,0 +1,303 @@
use std::sync::Arc;
use zeroize::Zeroizing;
use rand::{RngCore, rngs::OsRng};
use ciphersuite::{Ristretto, Ciphersuite, group::ff::Field};
use schnorr::SchnorrSignature;
use scale::Encode;
use tendermint::{
time::CanonicalInstant,
round::RoundData,
Data, SignedMessageFor, commit_msg,
ext::{RoundNumber, Commit, Signer as SignerTrait},
};
use serai_db::MemDb;
use crate::{
ReadWrite,
tendermint::{
tx::{TendermintTx, verify_tendermint_tx},
TendermintBlock, Signer, Validators, TendermintNetwork,
},
tests::{
p2p::DummyP2p, SignedTransaction, new_genesis, random_evidence_tx, random_vote_tx,
tendermint_meta, signed_from_data,
},
};
type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
#[test]
fn vote_tx() {
let genesis = new_genesis();
let mut tx = random_vote_tx(&mut OsRng, genesis);
let commit = |_: u32| -> Option<Commit<Arc<Validators>>> {
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
// should pass
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap();
if let TendermintTx::SlashVote(vote) = &mut tx {
vote.sig.signature = SchnorrSignature::read(&mut [0; 64].as_slice()).unwrap();
} else {
panic!("SlashVote TX wasn't SlashVote");
}
// should fail
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators, commit).is_err());
}
#[tokio::test]
async fn serialize_tendermint() {
// make a tendermint tx with random evidence
let (genesis, signer, _, _) = tendermint_meta().await;
let tx = random_evidence_tx::<N>(signer.into(), TendermintBlock(vec![])).await;
let res = TendermintTx::read::<&[u8]>(&mut tx.serialize().as_ref()).unwrap();
assert_eq!(res, tx);
// with vote tx
let vote_tx = random_vote_tx(&mut OsRng, genesis);
let vote_res = TendermintTx::read::<&[u8]>(&mut vote_tx.serialize().as_ref()).unwrap();
assert_eq!(vote_res, vote_tx);
}
#[tokio::test]
async fn invalid_valid_round() {
// signer
let (genesis, signer, signer_id, validators) = tendermint_meta().await;
let commit = |_: u32| -> Option<Commit<Arc<Validators>>> {
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
let valid_round_tx = |valid_round| {
let signer = signer.clone();
async move {
let data = Data::Proposal(valid_round, TendermintBlock(vec![]));
let signed = signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, data).await;
(signed.clone(), TendermintTx::SlashEvidence((signed, None::<SignedMessageFor<N>>).encode()))
}
};
// This should be invalid evidence if a valid valid round is specified
let (_, tx) = valid_round_tx(None).await;
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).is_err());
// If an invalid valid round is specified (>= current), this should be invalid evidence
let (mut signed, tx) = valid_round_tx(Some(RoundNumber(0))).await;
// should pass
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap();
// change the signature
let mut random_sig = [0u8; 64];
OsRng.fill_bytes(&mut random_sig);
signed.sig = random_sig;
let tx = TendermintTx::SlashEvidence((signed.clone(), None::<SignedMessageFor<N>>).encode());
// should fail
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators, commit).is_err());
}
#[tokio::test]
async fn invalid_precommit_signature() {
let (genesis, signer, signer_id, validators) = tendermint_meta().await;
let commit = |i: u32| -> Option<Commit<Arc<Validators>>> {
assert_eq!(i, 0);
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
let precommit = |precommit| {
let signer = signer.clone();
async move {
let signed =
signed_from_data::<N>(signer.clone().into(), signer_id, 1, 0, Data::Precommit(precommit))
.await;
(signed.clone(), TendermintTx::SlashEvidence((signed, None::<SignedMessageFor<N>>).encode()))
}
};
// Empty Precommit should fail.
assert!(verify_tendermint_tx::<N>(&precommit(None).await.1, genesis, validators.clone(), commit)
.is_err());
// valid precommit signature should fail.
let block_id = [0x22u8; 32];
let last_end_time =
RoundData::<N>::new(RoundNumber(0), CanonicalInstant::new(commit(0).unwrap().end_time))
.end_time();
let commit_msg = commit_msg(last_end_time.canonical(), block_id.as_ref());
assert!(verify_tendermint_tx::<N>(
&precommit(Some((block_id, signer.clone().sign(&commit_msg).await))).await.1,
genesis,
validators.clone(),
commit
)
.is_err());
// any other signature can be used as evidence.
{
let (mut signed, tx) = precommit(Some((block_id, signer.sign(&[]).await))).await;
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap();
// So long as we can authenticate where it came from
let mut random_sig = [0u8; 64];
OsRng.fill_bytes(&mut random_sig);
signed.sig = random_sig;
let tx = TendermintTx::SlashEvidence((signed.clone(), None::<SignedMessageFor<N>>).encode());
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators, commit).is_err());
}
}
#[tokio::test]
async fn evidence_with_prevote() {
let (genesis, signer, signer_id, validators) = tendermint_meta().await;
let commit = |_: u32| -> Option<Commit<Arc<Validators>>> {
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
let prevote = |block_id| {
let signer = signer.clone();
async move {
TendermintTx::SlashEvidence(
(
signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
.await,
None::<SignedMessageFor<N>>,
)
.encode(),
)
}
};
// No prevote message should be valid as slash evidence at this time
for prevote in [prevote(None).await, prevote(Some([0x22u8; 32])).await] {
assert!(verify_tendermint_tx::<N>(&prevote, genesis, validators.clone(), commit).is_err());
}
}
#[tokio::test]
async fn conflicting_msgs_evidence_tx() {
let (genesis, signer, signer_id, validators) = tendermint_meta().await;
let commit = |i: u32| -> Option<Commit<Arc<Validators>>> {
assert_eq!(i, 0);
Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
};
// Block b, round n
let signed_for_b_r = |block, round, data| {
let signer = signer.clone();
async move { signed_from_data::<N>(signer.clone().into(), signer_id, block, round, data).await }
};
// Proposal
{
// non-conflicting data should fail
let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(&signed_1)).encode());
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).is_err());
// conflicting data should pass
let signed_2 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(signed_2)).encode());
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap();
// Except if it has a distinct round number, as we don't check cross-round conflicts
// (except for Precommit)
let signed_2 = signed_for_b_r(0, 1, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(signed_2)).encode());
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap_err();
// Proposals for different block numbers should also fail as evidence
let signed_2 = signed_for_b_r(1, 0, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(signed_2)).encode());
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap_err();
}
// Prevote
{
// non-conflicting data should fail
let signed_1 = signed_for_b_r(0, 0, Data::Prevote(Some([0x11; 32]))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(&signed_1)).encode());
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).is_err());
// conflicting data should pass
let signed_2 = signed_for_b_r(0, 0, Data::Prevote(Some([0x22; 32]))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(signed_2)).encode());
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap();
// Except if it has a distinct round number, as we don't check cross-round conflicts
// (except for Precommit)
let signed_2 = signed_for_b_r(0, 1, Data::Prevote(Some([0x22; 32]))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(signed_2)).encode());
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap_err();
// Proposals for different block numbers should also fail as evidence
let signed_2 = signed_for_b_r(1, 0, Data::Prevote(Some([0x22; 32]))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(signed_2)).encode());
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap_err();
}
// Precommit
{
let sig = signer.sign(&[]).await; // the inner signature doesn't matter
let signed_1 = signed_for_b_r(0, 0, Data::Precommit(Some(([0x11; 32], sig)))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(&signed_1)).encode());
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).is_err());
// For precommit, the round number is ignored
let signed_2 = signed_for_b_r(0, 1, Data::Precommit(Some(([0x22; 32], sig)))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(signed_2)).encode());
verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).unwrap();
// Yet the block number isn't
let signed_2 = signed_for_b_r(1, 0, Data::Precommit(Some(([0x22; 32], sig)))).await;
let tx = TendermintTx::SlashEvidence((&signed_1, Some(signed_2)).encode());
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).is_err());
}
// msgs from different senders should fail
{
let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;
let signer_2 =
Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
let signed_id_2 = signer_2.validator_id().await.unwrap();
let signed_2 = signed_from_data::<N>(
signer_2.into(),
signed_id_2,
0,
0,
Data::Proposal(None, TendermintBlock(vec![0x22])),
)
.await;
let tx = TendermintTx::SlashEvidence((signed_1, Some(signed_2)).encode());
// update schema so that we don't fail due to invalid signature
let signer_pub =
<Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
let signer_pub_2 =
<Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
let validators =
Arc::new(Validators::new(genesis, vec![(signer_pub, 1), (signer_pub_2, 1)]).unwrap());
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators, commit).is_err());
}
// msgs with different steps should fail
{
let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![]))).await;
let signed_2 = signed_for_b_r(0, 0, Data::Prevote(None)).await;
let tx = TendermintTx::SlashEvidence((signed_1, Some(signed_2)).encode());
assert!(verify_tendermint_tx::<N>(&tx, genesis, validators.clone(), commit).is_err());
}
}

6
coordinator/tributary/src/transaction.rs
View File

@@ -92,12 +92,18 @@ pub enum TransactionKind<'a> {
Provided(&'static str),
/// An unsigned transaction, only able to be included by the block producer.
///
/// Once an Unsigned transaction is included on-chain, it may not be included again. In order to
/// have multiple Unsigned transactions with the same values included on-chain, some distinct
/// nonce must be included in order to cause a distinct hash.
Unsigned,
/// A signed transaction.
Signed(&'a Signed),
}
// TODO: Should this be renamed TransactionTrait now that a literal Transaction exists?
// Or should the literal Transaction be renamed to Event?
pub trait Transaction: 'static + Send + Sync + Clone + Eq + Debug + ReadWrite {
/// Return what type of transaction this is.
fn kind(&self) -> TransactionKind<'_>;