absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 12:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Slash malevolent validators (#294)

Browse Source 
* add slash tx

* ignore unsigned tx replays

* verify that provided evidence is valid

* fix clippy + fmt

* move application tx handling to another module

* partially handle the tendermint txs

* fix pr comments

* support unsigned app txs

* add slash target to the votes

* enforce provided, unsigned, signed tx ordering within a block

* bug fixes

* add unit test for tendermint txs

* bug fixes

* update tests for tendermint txs

* add tx ordering test

* tidy up tx ordering test

* cargo +nightly fmt

* Misc fixes from rebasing

* Finish resolving clippy

* Remove sha3 from tendermint-machine

* Resolve a DoS in SlashEvidence's read

Also moves Evidence from Vec<Message> to (Message, Option<Message>). That
should meet all requirements while being a bit safer.

* Make lazy_static a dev-depend for tributary

* Various small tweaks

One use of sort was inefficient, sorting unsigned || signed when unsigned was
already properly sorted. Given how the unsigned TXs were given a nonce of 0, an
unstable sort may swap places with an unsigned TX and a signed TX with a nonce
of 0 (leading to a faulty block).

The extra protection added here sorts signed, then concats.

* Fix Tributary tests I broke, start review on tendermint/tx.rs

* Finish reviewing everything outside tests and empty_signature

* Remove empty_signature

empty_signature led to corrupted local state histories. Unfortunately, the API
is only sane with a signature.

We now use the actual signature, which risks creating a signature over a
malicious message if we have ever have an invariant producing malicious
messages. Prior, we only signed the message after the local machine confirmed
it was okay per the local view of consensus.

This is tolerated/preferred over a corrupt state history since production of
such messages is already an invariant. TODOs are added to make handling of this
theoretical invariant further robust.

* Remove async_sequential for tokio::test

There was no competition for resources forcing them to be run sequentially.

* Modify block order test to be statistically significant without multiple runs

* Clean tests

---------

Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
This commit is contained in:
akildemir
2023-08-21 07:28:23 +03:00
committed by GitHub
parent 8973eb8ac4
commit 39ce819876
31 changed files with 2646 additions and 910 deletions
Download Patch File Download Diff File Expand all files Collapse all files

408
coordinator/tributary/src/tests/blockchain.rs
View File

@@ -1,7 +1,12 @@
use std::collections::{VecDeque, HashMap};
use core::ops::Deref;
use std::{
collections::{VecDeque, HashMap},
sync::Arc,
io,
};
use zeroize::Zeroizing;
use rand::{RngCore, rngs::OsRng};
use rand::rngs::OsRng;
use blake2::{Digest, Blake2s256};
@@ -10,17 +15,20 @@ use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
use serai_db::{DbTxn, Db, MemDb};
use crate::{
merkle, Transaction, ProvidedError, ProvidedTransactions, Block, Blockchain,
tests::{ProvidedTransaction, SignedTransaction, random_provided_transaction},
ReadWrite, TransactionKind,
transaction::Transaction as TransactionTrait,
TransactionError, Transaction, ProvidedError, ProvidedTransactions, merkle, BlockError, Block,
Blockchain,
tendermint::{TendermintNetwork, Validators, tx::TendermintTx, Signer, TendermintBlock},
tests::{
ProvidedTransaction, SignedTransaction, random_provided_transaction, p2p::DummyP2p,
new_genesis, random_vote_tx, random_evidence_tx,
},
};
fn new_genesis() -> [u8; 32] {
let mut genesis = [0; 32];
OsRng.fill_bytes(&mut genesis);
genesis
}
type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
fn new_blockchain<T: Transaction>(
fn new_blockchain<T: TransactionTrait>(
genesis: [u8; 32],
participants: &[<Ristretto as Ciphersuite>::G],
) -> (MemDb, Blockchain<MemDb, T>) {
@@ -34,12 +42,14 @@ fn new_blockchain<T: Transaction>(
#[test]
fn block_addition() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let (db, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
let block = blockchain.build_block();
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(block.header.parent, genesis);
assert_eq!(block.header.transactions, [0; 32]);
blockchain.verify_block(&block).unwrap();
assert!(blockchain.add_block(&block, vec![]).is_ok());
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
assert!(blockchain.add_block::<N>(&block, vec![], validators).is_ok());
assert_eq!(blockchain.tip(), block.hash());
assert_eq!(blockchain.block_number(), 1);
assert_eq!(
@@ -51,23 +61,24 @@ fn block_addition() {
#[test]
fn invalid_block() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
let block = blockchain.build_block();
let block = blockchain.build_block::<N>(validators.clone());
// Mutate parent
{
#[allow(clippy::redundant_clone)] // False positive
let mut block = block.clone();
block.header.parent = Blake2s256::digest(block.header.parent).into();
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
// Mutate tranactions merkle
{
let mut block = block;
block.header.transactions = Blake2s256::digest(block.header.transactions).into();
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
@@ -76,9 +87,9 @@ fn invalid_block() {
// Not a participant
{
// Manually create the block to bypass build_block's checks
let block = Block::new(blockchain.tip(), vec![], vec![tx.clone()]);
let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx.clone())]);
assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
// Run the rest of the tests with them as a participant
@@ -86,40 +97,81 @@ fn invalid_block() {
// Re-run the not a participant block to make sure it now works
{
let block = Block::new(blockchain.tip(), vec![], vec![tx.clone()]);
let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx.clone())]);
assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
blockchain.verify_block(&block).unwrap();
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
}
{
// Add a valid transaction
let mut blockchain = blockchain.clone();
assert!(blockchain.add_transaction(true, tx.clone()));
let mut block = blockchain.build_block();
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Application(tx.clone()),
validators.clone()
));
let mut block = blockchain.build_block::<N>(validators.clone());
assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
blockchain.verify_block(&block).unwrap();
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
// And verify mutating the transactions merkle now causes a failure
block.header.transactions = merkle(&[]);
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
{
// Invalid nonce
let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 5);
// Manually create the block to bypass build_block's checks
let block = Block::new(blockchain.tip(), vec![], vec![tx]);
assert!(blockchain.verify_block(&block).is_err());
let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx)]);
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
}
{
// Invalid signature
let mut blockchain = blockchain;
assert!(blockchain.add_transaction(true, tx));
let mut block = blockchain.build_block();
blockchain.verify_block(&block).unwrap();
block.transactions[0].1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
assert!(blockchain.verify_block(&block).is_err());
let mut blockchain = blockchain.clone();
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Application(tx),
validators.clone()
));
let mut block = blockchain.build_block::<N>(validators.clone());
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
match &mut block.transactions[0] {
Transaction::Application(tx) => {
tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
}
_ => panic!("non-signed tx found"),
}
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
// Make sure this isn't because the merkle changed due to the transaction hash including the
// signature (which it explicitly isn't allowed to anyways)
assert_eq!(block.header.transactions, merkle(&[block.transactions[0].hash()]));
}
{
// Invalid vote signature
let mut blockchain = blockchain.clone();
let vote_tx = random_vote_tx(&mut OsRng, genesis);
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Tendermint(vote_tx),
validators.clone()
));
let mut block = blockchain.build_block::<N>(validators.clone());
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
match &mut block.transactions[0] {
Transaction::Tendermint(tx) => match tx {
TendermintTx::SlashVote(vote) => {
vote.sig.signature.s += <Ristretto as Ciphersuite>::F::ONE;
}
_ => panic!("non-vote tx found"),
},
_ => panic!("non-tendermint tx found"),
}
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
// Make sure this isn't because the merkle changed due to the transaction hash including the
// signature (which it explicitly isn't allowed to anyways)
@@ -130,7 +182,7 @@ fn invalid_block() {
#[test]
fn signed_transaction() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
let signer = tx.1.signer;
@@ -139,14 +191,21 @@ fn signed_transaction() {
assert_eq!(blockchain.next_nonce(signer), Some(0));
let test = |blockchain: &mut Blockchain<MemDb, SignedTransaction>,
mempool: Vec<SignedTransaction>| {
mempool: Vec<Transaction<SignedTransaction>>| {
let tip = blockchain.tip();
for tx in mempool.clone() {
let Transaction::Application(tx) = tx else {
panic!("tendermint tx found");
};
let next_nonce = blockchain.next_nonce(signer).unwrap();
assert!(blockchain.add_transaction(true, tx));
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Application(tx),
validators.clone()
));
assert_eq!(next_nonce + 1, blockchain.next_nonce(signer).unwrap());
}
let block = blockchain.build_block();
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(block, Block::new(blockchain.tip(), vec![], mempool.clone()));
assert_eq!(blockchain.tip(), tip);
assert_eq!(block.header.parent, tip);
@@ -160,19 +219,21 @@ fn signed_transaction() {
);
// Verify and add the block
blockchain.verify_block(&block).unwrap();
assert!(blockchain.add_block(&block, vec![]).is_ok());
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_ok());
assert_eq!(blockchain.tip(), block.hash());
};
// Test with a single nonce
test(&mut blockchain, vec![tx]);
test(&mut blockchain, vec![Transaction::Application(tx)]);
assert_eq!(blockchain.next_nonce(signer), Some(1));
// Test with a flood of nonces
let mut mempool = vec![];
for nonce in 1 .. 64 {
mempool.push(crate::tests::signed_transaction(&mut OsRng, genesis, &key, nonce));
mempool.push(Transaction::Application(crate::tests::signed_transaction(
&mut OsRng, genesis, &key, nonce,
)));
}
test(&mut blockchain, mempool);
assert_eq!(blockchain.next_nonce(signer), Some(64));
@@ -181,6 +242,7 @@ fn signed_transaction() {
#[test]
fn provided_transaction() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let (_, mut blockchain) = new_blockchain::<ProvidedTransaction>(genesis, &[]);
let tx = random_provided_transaction(&mut OsRng);
@@ -203,18 +265,274 @@ fn provided_transaction() {
// Non-provided transactions should fail verification
let block = Block::new(blockchain.tip(), vec![tx.clone()], vec![]);
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
// Provided transactions should pass verification
blockchain.provide_transaction(tx.clone()).unwrap();
blockchain.verify_block(&block).unwrap();
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
// add_block should work for verified blocks
assert!(blockchain.add_block(&block, vec![]).is_ok());
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_ok());
let block = Block::new(blockchain.tip(), vec![tx], vec![]);
// The provided transaction should no longer considered provided, causing this error
assert!(blockchain.verify_block(&block).is_err());
assert!(blockchain.verify_block::<N>(&block, validators.clone()).is_err());
// add_block should fail for unverified provided transactions if told to add them
assert!(blockchain.add_block(&block, vec![]).is_err());
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_err());
}
#[test]
fn tendermint_vote_tx() {
let genesis = new_genesis();
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
let test = |blockchain: &mut Blockchain<MemDb, SignedTransaction>,
mempool: Vec<Transaction<SignedTransaction>>| {
let tip = blockchain.tip();
for tx in mempool.clone() {
let Transaction::Tendermint(tx) = tx else {
panic!("non-tendermint tx found");
};
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Tendermint(tx),
validators.clone()
));
}
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(blockchain.tip(), tip);
assert_eq!(block.header.parent, tip);
// Make sure all transactions were included
for bt in &block.transactions {
assert!(mempool.contains(bt));
}
// Make sure the merkle was correct
// Uses block.transactions instead of mempool as order may differ between the two
assert_eq!(
block.header.transactions,
merkle(&block.transactions.iter().map(Transaction::hash).collect::<Vec<_>>()),
);
// Verify and add the block
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_ok());
assert_eq!(blockchain.tip(), block.hash());
};
// test with single tx
let tx = random_vote_tx(&mut OsRng, genesis);
test(&mut blockchain, vec![Transaction::Tendermint(tx)]);
// test with multiple txs
let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
for _ in 0 .. 5 {
mempool.push(Transaction::Tendermint(random_vote_tx(&mut OsRng, genesis)));
}
test(&mut blockchain, mempool);
}
#[tokio::test]
async fn tendermint_evidence_tx() {
let genesis = new_genesis();
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let signer = Signer::new(genesis, key.clone());
let signer_id = Ristretto::generator() * key.deref();
let validators = Arc::new(Validators::new(genesis, vec![(signer_id, 1)]).unwrap());
let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
let test = |blockchain: &mut Blockchain<MemDb, SignedTransaction>,
mempool: Vec<Transaction<SignedTransaction>>,
validators: Arc<Validators>| {
let tip = blockchain.tip();
for tx in mempool.clone() {
let Transaction::Tendermint(tx) = tx else {
panic!("non-tendermint tx found");
};
assert!(blockchain.add_transaction::<N>(
true,
Transaction::Tendermint(tx),
validators.clone()
));
}
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(blockchain.tip(), tip);
assert_eq!(block.header.parent, tip);
// Make sure all transactions were included
for bt in &block.transactions {
assert!(mempool.contains(bt));
}
// Verify and add the block
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
assert!(blockchain.add_block::<N>(&block, vec![], validators.clone()).is_ok());
assert_eq!(blockchain.tip(), block.hash());
};
// test with single tx
let tx = random_evidence_tx::<N>(signer.into(), TendermintBlock(vec![0x12])).await;
test(&mut blockchain, vec![Transaction::Tendermint(tx)], validators);
// test with multiple txs
let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
let mut signers = vec![];
for _ in 0 .. 5 {
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let signer = Signer::new(genesis, key.clone());
let signer_id = Ristretto::generator() * key.deref();
signers.push((signer_id, 1));
mempool.push(Transaction::Tendermint(
random_evidence_tx::<N>(signer.into(), TendermintBlock(vec![0x12])).await,
));
}
// update validators
let validators = Arc::new(Validators::new(genesis, signers).unwrap());
test(&mut blockchain, mempool, validators);
}
#[test]
fn block_tx_ordering() {
#[derive(Debug, PartialEq, Eq, Clone)]
enum SignedTx {
Signed(Box<SignedTransaction>),
Provided(Box<ProvidedTransaction>),
}
impl ReadWrite for SignedTx {
fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
let mut kind = [0];
reader.read_exact(&mut kind)?;
match kind[0] {
0 => Ok(SignedTx::Signed(Box::new(SignedTransaction::read(reader)?))),
1 => Ok(SignedTx::Provided(Box::new(ProvidedTransaction::read(reader)?))),
_ => Err(io::Error::new(io::ErrorKind::Other, "invalid transaction type")),
}
}
fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
match self {
SignedTx::Signed(signed) => {
writer.write_all(&[0])?;
signed.write(writer)
}
SignedTx::Provided(pro) => {
writer.write_all(&[1])?;
pro.write(writer)
}
}
}
}
impl TransactionTrait for SignedTx {
fn kind(&self) -> TransactionKind<'_> {
match self {
SignedTx::Signed(signed) => signed.kind(),
SignedTx::Provided(pro) => pro.kind(),
}
}
fn hash(&self) -> [u8; 32] {
match self {
SignedTx::Signed(signed) => signed.hash(),
SignedTx::Provided(pro) => pro.hash(),
}
}
fn verify(&self) -> Result<(), TransactionError> {
Ok(())
}
}
let genesis = new_genesis();
let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
// signer
let signer = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0).1.signer;
let (_, mut blockchain) = new_blockchain::<SignedTx>(genesis, &[signer]);
let tip = blockchain.tip();
// add txs
let mut mempool = vec![];
let mut provided_txs = vec![];
for i in 0 .. 128 {
let signed_tx = Transaction::Application(SignedTx::Signed(Box::new(
crate::tests::signed_transaction(&mut OsRng, genesis, &key, i),
)));
assert!(blockchain.add_transaction::<N>(true, signed_tx.clone(), validators.clone()));
mempool.push(signed_tx);
let unsigned_tx = Transaction::Tendermint(random_vote_tx(&mut OsRng, genesis));
assert!(blockchain.add_transaction::<N>(true, unsigned_tx.clone(), validators.clone()));
mempool.push(unsigned_tx);
let provided_tx = SignedTx::Provided(Box::new(random_provided_transaction(&mut OsRng)));
blockchain.provide_transaction(provided_tx.clone()).unwrap();
provided_txs.push(provided_tx);
}
let block = blockchain.build_block::<N>(validators.clone());
assert_eq!(blockchain.tip(), tip);
assert_eq!(block.header.parent, tip);
// Make sure all transactions were included
assert_eq!(block.transactions.len(), 3 * 128);
for bt in &block.transactions[128 ..] {
assert!(mempool.contains(bt));
}
// check the tx order
let txs = &block.transactions;
for tx in txs.iter().take(128) {
assert!(matches!(tx.kind(), TransactionKind::Provided(..)));
}
for tx in txs.iter().take(128).skip(128) {
assert!(matches!(tx.kind(), TransactionKind::Unsigned));
}
for tx in txs.iter().take(128).skip(256) {
assert!(matches!(tx.kind(), TransactionKind::Signed(..)));
}
// should be a valid block
blockchain.verify_block::<N>(&block, validators.clone()).unwrap();
// Unsigned before Provided
{
let mut block = block.clone();
// Doesn't use swap to preserve the order of Provided, as that's checked before kind ordering
let unsigned = block.transactions.remove(128);
block.transactions.insert(0, unsigned);
assert_eq!(
blockchain.verify_block::<N>(&block, validators.clone()).unwrap_err(),
BlockError::WrongTransactionOrder
);
}
// Signed before Provided
{
let mut block = block.clone();
let signed = block.transactions.remove(256);
block.transactions.insert(0, signed);
assert_eq!(
blockchain.verify_block::<N>(&block, validators.clone()).unwrap_err(),
BlockError::WrongTransactionOrder
);
}
// Signed before Unsigned
{
let mut block = block;
block.transactions.swap(128, 256);
assert_eq!(
blockchain.verify_block::<N>(&block, validators.clone()).unwrap_err(),
BlockError::WrongTransactionOrder
);
}
}