Re-arrange coordinator/

coordinator/tributary was tributary-chain. This crate has been renamed
tributary-sdk and moved to coordinator/tributary-sdk.

coordinator/src/tributary was our instantion of a Tributary, the Transaction
type and scan task. This has been moved to coordinator/tributary.

The main reason for this was due to coordinator/main.rs becoming untidy. There
is now a collection of clean, independent APIs present in the codebase.
coordinator/main.rs is to compose them. Sometimes, these compositions are a bit
silly (reading from a channel just to forward the message to a distinct
channel). That's more than fine as the code is still readable and the value
from the cleanliness of the APIs composed far exceeds the nits from having
these odd compositions.

This breaks down a bit as we now define a global database, and have some APIs
interact with multiple other APIs.

coordinator/src/tributary was a self-contained, clean API. The recently added
task present in coordinator/tributary/mod.rs, which bound it to the rest of the
Coordinator, wasn't.

Now, coordinator/src is solely the API compositions, and all self-contained
APIs are their own crates.

coordinator/tributary-sdk/src/tests/block.rs

@@ -0,0 +1,140 @@
+use std::{sync::Arc, io, collections::HashMap, fmt::Debug};
+
+use blake2::{Digest, Blake2s256};
+use ciphersuite::{
+  group::{ff::Field, Group},
+  Ciphersuite, Ristretto,
+};
+use schnorr::SchnorrSignature;
+
+use serai_db::MemDb;
+use tendermint::ext::Commit;
+
+use crate::{
+  ReadWrite, BlockError, Block, Transaction,
+  tests::p2p::DummyP2p,
+  transaction::{TransactionError, Signed, TransactionKind, Transaction as TransactionTrait},
+  tendermint::{TendermintNetwork, Validators},
+};
+
+type N = TendermintNetwork<MemDb, NonceTransaction, DummyP2p>;
+
+// A transaction solely defined by its nonce and a distinguisher (to allow creating distinct TXs
+// sharing a nonce).
+#[derive(Clone, PartialEq, Eq, Debug)]
+struct NonceTransaction(u32, u8, Signed);
+
+impl NonceTransaction {
+  fn new(nonce: u32, distinguisher: u8) -> Self {
+    NonceTransaction(
+      nonce,
+      distinguisher,
+      Signed {
+        signer: <Ristretto as Ciphersuite>::G::identity(),
+        nonce,
+        signature: SchnorrSignature::<Ristretto> {
+          R: <Ristretto as Ciphersuite>::G::identity(),
+          s: <Ristretto as Ciphersuite>::F::ZERO,
+        },
+      },
+    )
+  }
+}
+
+impl ReadWrite for NonceTransaction {
+  fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
+    let mut nonce = [0; 4];
+    reader.read_exact(&mut nonce)?;
+    let nonce = u32::from_le_bytes(nonce);
+
+    let mut distinguisher = [0];
+    reader.read_exact(&mut distinguisher)?;
+
+    Ok(NonceTransaction::new(nonce, distinguisher[0]))
+  }
+
+  fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
+    writer.write_all(&self.0.to_le_bytes())?;
+    writer.write_all(&[self.1])
+  }
+}
+
+impl TransactionTrait for NonceTransaction {
+  fn kind(&self) -> TransactionKind {
+    TransactionKind::Signed(vec![], self.2.clone())
+  }
+
+  fn hash(&self) -> [u8; 32] {
+    Blake2s256::digest([self.0.to_le_bytes().as_ref(), &[self.1]].concat()).into()
+  }
+
+  fn verify(&self) -> Result<(), TransactionError> {
+    Ok(())
+  }
+}
+
+#[test]
+fn empty_block() {
+  const GENESIS: [u8; 32] = [0xff; 32];
+  const LAST: [u8; 32] = [0x01; 32];
+  let validators = Arc::new(Validators::new(GENESIS, vec![]).unwrap());
+  let commit = |_: u64| -> Option<Commit<Arc<Validators>>> {
+    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
+  };
+  let provided_or_unsigned_in_chain = |_: [u8; 32]| false;
+  Block::<NonceTransaction>::new(LAST, vec![], vec![])
+    .verify::<N, _>(
+      GENESIS,
+      LAST,
+      HashMap::new(),
+      &mut |_, _| None,
+      &validators,
+      commit,
+      provided_or_unsigned_in_chain,
+      false,
+    )
+    .unwrap();
+}
+
+#[test]
+fn duplicate_nonces() {
+  const GENESIS: [u8; 32] = [0xff; 32];
+  const LAST: [u8; 32] = [0x01; 32];
+
+  let validators = Arc::new(Validators::new(GENESIS, vec![]).unwrap());
+
+  // Run once without duplicating a nonce, and once with, so that's confirmed to be the faulty
+  // component
+  for i in [1, 0] {
+    let mut mempool = vec![];
+    let mut insert = |tx: NonceTransaction| mempool.push(Transaction::Application(tx));
+    insert(NonceTransaction::new(0, 0));
+    insert(NonceTransaction::new(i, 1));
+
+    let commit = |_: u64| -> Option<Commit<Arc<Validators>>> {
+      Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
+    };
+    let provided_or_unsigned_in_chain = |_: [u8; 32]| false;
+
+    let mut last_nonce = 0;
+    let res = Block::new(LAST, vec![], mempool).verify::<N, _>(
+      GENESIS,
+      LAST,
+      HashMap::new(),
+      &mut |_, _| {
+        let res = last_nonce;
+        last_nonce += 1;
+        Some(res)
+      },
+      &validators,
+      commit,
+      provided_or_unsigned_in_chain,
+      false,
+    );
+    if i == 1 {
+      res.unwrap();
+    } else {
+      assert_eq!(res, Err(BlockError::TransactionError(TransactionError::InvalidNonce)));
+    }
+  }
+}

coordinator/tributary-sdk/src/tests/blockchain.rs

@@ -0,0 +1,540 @@
+use core::ops::Deref;
+use std::{
+  collections::{VecDeque, HashMap},
+  sync::Arc,
+  io,
+};
+
+use zeroize::Zeroizing;
+use rand::rngs::OsRng;
+
+use blake2::{Digest, Blake2s256};
+
+use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+
+use serai_db::{DbTxn, Db, MemDb};
+
+use crate::{
+  ReadWrite, TransactionKind,
+  transaction::Transaction as TransactionTrait,
+  TransactionError, Transaction, ProvidedError, ProvidedTransactions, merkle, BlockError, Block,
+  Blockchain,
+  tendermint::{TendermintNetwork, Validators, Signer, TendermintBlock},
+  tests::{
+    ProvidedTransaction, SignedTransaction, random_provided_transaction, p2p::DummyP2p,
+    new_genesis, random_evidence_tx,
+  },
+};
+
+type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
+
+fn new_blockchain<T: TransactionTrait>(
+  genesis: [u8; 32],
+  participants: &[<Ristretto as Ciphersuite>::G],
+) -> (MemDb, Blockchain<MemDb, T>) {
+  let db = MemDb::new();
+  let blockchain = Blockchain::new(db.clone(), genesis, participants);
+  assert_eq!(blockchain.tip(), genesis);
+  assert_eq!(blockchain.block_number(), 0);
+  (db, blockchain)
+}
+
+#[test]
+fn block_addition() {
+  let genesis = new_genesis();
+  let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
+  let (db, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
+  let block = blockchain.build_block::<N>(&validators);
+
+  assert_eq!(block.header.parent, genesis);
+  assert_eq!(block.header.transactions, [0; 32]);
+  blockchain.verify_block::<N>(&block, &validators, false).unwrap();
+  assert!(blockchain.add_block::<N>(&block, vec![], &validators).is_ok());
+  assert_eq!(blockchain.tip(), block.hash());
+  assert_eq!(blockchain.block_number(), 1);
+  assert_eq!(
+    Blockchain::<MemDb, SignedTransaction>::block_after(&db, genesis, &block.parent()).unwrap(),
+    block.hash()
+  );
+}
+
+#[test]
+fn invalid_block() {
+  let genesis = new_genesis();
+  let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
+  let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
+
+  let block = blockchain.build_block::<N>(&validators);
+
+  // Mutate parent
+  {
+    #[allow(clippy::redundant_clone)] // False positive
+    let mut block = block.clone();
+    block.header.parent = Blake2s256::digest(block.header.parent).into();
+    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
+  }
+
+  // Mutate transactions merkle
+  {
+    let mut block = block;
+    block.header.transactions = Blake2s256::digest(block.header.transactions).into();
+    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
+  }
+
+  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
+
+  // Not a participant
+  {
+    // Manually create the block to bypass build_block's checks
+    let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx.clone())]);
+    assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
+    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
+  }
+
+  // Run the rest of the tests with them as a participant
+  let (_, blockchain) = new_blockchain(genesis, &[tx.1.signer]);
+
+  // Re-run the not a participant block to make sure it now works
+  {
+    let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx.clone())]);
+    assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
+    blockchain.verify_block::<N>(&block, &validators, false).unwrap();
+  }
+
+  {
+    // Add a valid transaction
+    let (_, mut blockchain) = new_blockchain(genesis, &[tx.1.signer]);
+    blockchain
+      .add_transaction::<N>(true, Transaction::Application(tx.clone()), &validators)
+      .unwrap();
+    let mut block = blockchain.build_block::<N>(&validators);
+    assert_eq!(block.header.transactions, merkle(&[tx.hash()]));
+    blockchain.verify_block::<N>(&block, &validators, false).unwrap();
+
+    // And verify mutating the transactions merkle now causes a failure
+    block.header.transactions = merkle(&[]);
+    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
+  }
+
+  {
+    // Invalid nonce
+    let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 5);
+    // Manually create the block to bypass build_block's checks
+    let block = Block::new(blockchain.tip(), vec![], vec![Transaction::Application(tx)]);
+    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
+  }
+
+  {
+    // Invalid signature
+    let (_, mut blockchain) = new_blockchain(genesis, &[tx.1.signer]);
+    blockchain.add_transaction::<N>(true, Transaction::Application(tx), &validators).unwrap();
+    let mut block = blockchain.build_block::<N>(&validators);
+    blockchain.verify_block::<N>(&block, &validators, false).unwrap();
+    match &mut block.transactions[0] {
+      Transaction::Application(tx) => {
+        tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
+      }
+      _ => panic!("non-signed tx found"),
+    }
+    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
+
+    // Make sure this isn't because the merkle changed due to the transaction hash including the
+    // signature (which it explicitly isn't allowed to anyways)
+    assert_eq!(block.header.transactions, merkle(&[block.transactions[0].hash()]));
+  }
+}
+
+#[test]
+fn signed_transaction() {
+  let genesis = new_genesis();
+  let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
+  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let tx = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0);
+  let signer = tx.1.signer;
+
+  let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[signer]);
+  assert_eq!(blockchain.next_nonce(&signer, &[]), Some(0));
+
+  let test = |blockchain: &mut Blockchain<MemDb, SignedTransaction>,
+              mempool: Vec<Transaction<SignedTransaction>>| {
+    let tip = blockchain.tip();
+    for tx in mempool.clone() {
+      let Transaction::Application(tx) = tx else {
+        panic!("tendermint tx found");
+      };
+      let next_nonce = blockchain.next_nonce(&signer, &[]).unwrap();
+      blockchain.add_transaction::<N>(true, Transaction::Application(tx), &validators).unwrap();
+      assert_eq!(next_nonce + 1, blockchain.next_nonce(&signer, &[]).unwrap());
+    }
+    let block = blockchain.build_block::<N>(&validators);
+    assert_eq!(block, Block::new(blockchain.tip(), vec![], mempool.clone()));
+    assert_eq!(blockchain.tip(), tip);
+    assert_eq!(block.header.parent, tip);
+
+    // Make sure all transactions were included
+    assert_eq!(block.transactions, mempool);
+    // Make sure the merkle was correct
+    assert_eq!(
+      block.header.transactions,
+      merkle(&mempool.iter().map(Transaction::hash).collect::<Vec<_>>())
+    );
+
+    // Verify and add the block
+    blockchain.verify_block::<N>(&block, &validators, false).unwrap();
+    assert!(blockchain.add_block::<N>(&block, vec![], &validators).is_ok());
+    assert_eq!(blockchain.tip(), block.hash());
+  };
+
+  // Test with a single nonce
+  test(&mut blockchain, vec![Transaction::Application(tx)]);
+  assert_eq!(blockchain.next_nonce(&signer, &[]), Some(1));
+
+  // Test with a flood of nonces
+  let mut mempool = vec![];
+  for nonce in 1 .. 64 {
+    mempool.push(Transaction::Application(crate::tests::signed_transaction(
+      &mut OsRng, genesis, &key, nonce,
+    )));
+  }
+  test(&mut blockchain, mempool);
+  assert_eq!(blockchain.next_nonce(&signer, &[]), Some(64));
+}
+
+#[test]
+fn provided_transaction() {
+  let genesis = new_genesis();
+  let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
+  let (db, mut blockchain) = new_blockchain::<ProvidedTransaction>(genesis, &[]);
+
+  let tx = random_provided_transaction(&mut OsRng, "order1");
+
+  // This should be providable
+  let mut temp_db = MemDb::new();
+  let mut txs = ProvidedTransactions::<_, ProvidedTransaction>::new(temp_db.clone(), genesis);
+  txs.provide(tx.clone()).unwrap();
+  assert_eq!(txs.provide(tx.clone()), Err(ProvidedError::AlreadyProvided));
+  assert_eq!(
+    ProvidedTransactions::<_, ProvidedTransaction>::new(temp_db.clone(), genesis).transactions,
+    HashMap::from([("order1", VecDeque::from([tx.clone()]))]),
+  );
+  let mut txn = temp_db.txn();
+  txs.complete(&mut txn, "order1", [0u8; 32], tx.hash());
+  txn.commit();
+  assert!(ProvidedTransactions::<_, ProvidedTransaction>::new(db.clone(), genesis)
+    .transactions
+    .is_empty());
+
+  // case we have the block's provided txs in our local as well
+  {
+    // Non-provided transactions should fail verification because we don't have them locally.
+    let block = Block::new(blockchain.tip(), vec![tx.clone()], vec![]);
+    assert!(blockchain.verify_block::<N>(&block, &validators, false).is_err());
+
+    // Provided transactions should pass verification
+    blockchain.provide_transaction(tx.clone()).unwrap();
+    blockchain.verify_block::<N>(&block, &validators, false).unwrap();
+
+    // add_block should work for verified blocks
+    assert!(blockchain.add_block::<N>(&block, vec![], &validators).is_ok());
+
+    let block = Block::new(blockchain.tip(), vec![tx.clone()], vec![]);
+
+    // The provided transaction should no longer considered provided but added to chain,
+    // causing this error
+    assert_eq!(
+      blockchain.verify_block::<N>(&block, &validators, false),
+      Err(BlockError::ProvidedAlreadyIncluded)
+    );
+  }
+
+  // case we don't have the block's provided txs in our local
+  {
+    let tx1 = random_provided_transaction(&mut OsRng, "order1");
+    let tx2 = random_provided_transaction(&mut OsRng, "order1");
+    let tx3 = random_provided_transaction(&mut OsRng, "order2");
+    let tx4 = random_provided_transaction(&mut OsRng, "order2");
+
+    // add_block DOES NOT fail for unverified provided transactions if told to add them,
+    // since now we can have them later.
+    let block1 = Block::new(blockchain.tip(), vec![tx1.clone(), tx3.clone()], vec![]);
+    assert!(blockchain.add_block::<N>(&block1, vec![], &validators).is_ok());
+
+    // in fact, we can have many blocks that have provided txs that we don't have locally.
+    let block2 = Block::new(blockchain.tip(), vec![tx2.clone(), tx4.clone()], vec![]);
+    assert!(blockchain.add_block::<N>(&block2, vec![], &validators).is_ok());
+
+    // make sure we won't return ok for the block before we actually got the txs
+    let TransactionKind::Provided(order) = tx1.kind() else { panic!("tx wasn't provided") };
+    assert!(!Blockchain::<MemDb, ProvidedTransaction>::locally_provided_txs_in_block(
+      &db,
+      &genesis,
+      &block1.hash(),
+      order
+    ));
+    // provide the first tx
+    blockchain.provide_transaction(tx1).unwrap();
+    // it should be ok for this order now, since the second tx has different order.
+    assert!(Blockchain::<MemDb, ProvidedTransaction>::locally_provided_txs_in_block(
+      &db,
+      &genesis,
+      &block1.hash(),
+      order
+    ));
+
+    // give the second tx
+    let TransactionKind::Provided(order) = tx3.kind() else { panic!("tx wasn't provided") };
+    assert!(!Blockchain::<MemDb, ProvidedTransaction>::locally_provided_txs_in_block(
+      &db,
+      &genesis,
+      &block1.hash(),
+      order
+    ));
+    blockchain.provide_transaction(tx3).unwrap();
+    // it should be ok now for the first block
+    assert!(Blockchain::<MemDb, ProvidedTransaction>::locally_provided_txs_in_block(
+      &db,
+      &genesis,
+      &block1.hash(),
+      order
+    ));
+
+    // provide the second block txs
+    let TransactionKind::Provided(order) = tx4.kind() else { panic!("tx wasn't provided") };
+    // not ok yet
+    assert!(!Blockchain::<MemDb, ProvidedTransaction>::locally_provided_txs_in_block(
+      &db,
+      &genesis,
+      &block2.hash(),
+      order
+    ));
+    blockchain.provide_transaction(tx4).unwrap();
+    // ok now
+    assert!(Blockchain::<MemDb, ProvidedTransaction>::locally_provided_txs_in_block(
+      &db,
+      &genesis,
+      &block2.hash(),
+      order
+    ));
+
+    // provide the second block txs
+    let TransactionKind::Provided(order) = tx2.kind() else { panic!("tx wasn't provided") };
+    assert!(!Blockchain::<MemDb, ProvidedTransaction>::locally_provided_txs_in_block(
+      &db,
+      &genesis,
+      &block2.hash(),
+      order
+    ));
+    blockchain.provide_transaction(tx2).unwrap();
+    assert!(Blockchain::<MemDb, ProvidedTransaction>::locally_provided_txs_in_block(
+      &db,
+      &genesis,
+      &block2.hash(),
+      order
+    ));
+  }
+}
+
+#[tokio::test]
+async fn tendermint_evidence_tx() {
+  let genesis = new_genesis();
+  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let signer = Signer::new(genesis, key.clone());
+  let signer_id = Ristretto::generator() * key.deref();
+  let validators = Arc::new(Validators::new(genesis, vec![(signer_id, 1)]).unwrap());
+
+  let (_, mut blockchain) = new_blockchain::<SignedTransaction>(genesis, &[]);
+
+  let test = |blockchain: &mut Blockchain<MemDb, SignedTransaction>,
+              mempool: Vec<Transaction<SignedTransaction>>,
+              validators: Arc<Validators>| {
+    let tip = blockchain.tip();
+    for tx in mempool.clone() {
+      let Transaction::Tendermint(tx) = tx else {
+        panic!("non-tendermint tx found");
+      };
+      blockchain.add_transaction::<N>(true, Transaction::Tendermint(tx), &validators).unwrap();
+    }
+    let block = blockchain.build_block::<N>(&validators);
+    assert_eq!(blockchain.tip(), tip);
+    assert_eq!(block.header.parent, tip);
+
+    // Make sure all transactions were included
+    for bt in &block.transactions {
+      assert!(mempool.contains(bt));
+    }
+
+    // Verify and add the block
+    blockchain.verify_block::<N>(&block, &validators, false).unwrap();
+    assert!(blockchain.add_block::<N>(&block, vec![], &validators).is_ok());
+    assert_eq!(blockchain.tip(), block.hash());
+  };
+
+  // test with single tx
+  let tx = random_evidence_tx::<N>(signer.into(), TendermintBlock(vec![0x12])).await;
+  test(&mut blockchain, vec![Transaction::Tendermint(tx)], validators);
+
+  // test with multiple txs
+  let mut mempool: Vec<Transaction<SignedTransaction>> = vec![];
+  let mut signers = vec![];
+  for _ in 0 .. 5 {
+    let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+    let signer = Signer::new(genesis, key.clone());
+    let signer_id = Ristretto::generator() * key.deref();
+    signers.push((signer_id, 1));
+    mempool.push(Transaction::Tendermint(
+      random_evidence_tx::<N>(signer.into(), TendermintBlock(vec![0x12])).await,
+    ));
+  }
+
+  // update validators
+  let validators = Arc::new(Validators::new(genesis, signers).unwrap());
+  test(&mut blockchain, mempool, validators);
+}
+
+#[tokio::test]
+async fn block_tx_ordering() {
+  #[derive(Debug, PartialEq, Eq, Clone)]
+  enum SignedTx {
+    Signed(Box<SignedTransaction>),
+    Provided(Box<ProvidedTransaction>),
+  }
+  impl ReadWrite for SignedTx {
+    fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
+      let mut kind = [0];
+      reader.read_exact(&mut kind)?;
+      match kind[0] {
+        0 => Ok(SignedTx::Signed(Box::new(SignedTransaction::read(reader)?))),
+        1 => Ok(SignedTx::Provided(Box::new(ProvidedTransaction::read(reader)?))),
+        _ => Err(io::Error::other("invalid transaction type")),
+      }
+    }
+
+    fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
+      match self {
+        SignedTx::Signed(signed) => {
+          writer.write_all(&[0])?;
+          signed.write(writer)
+        }
+        SignedTx::Provided(pro) => {
+          writer.write_all(&[1])?;
+          pro.write(writer)
+        }
+      }
+    }
+  }
+
+  impl TransactionTrait for SignedTx {
+    fn kind(&self) -> TransactionKind {
+      match self {
+        SignedTx::Signed(signed) => signed.kind(),
+        SignedTx::Provided(pro) => pro.kind(),
+      }
+    }
+
+    fn hash(&self) -> [u8; 32] {
+      match self {
+        SignedTx::Signed(signed) => signed.hash(),
+        SignedTx::Provided(pro) => pro.hash(),
+      }
+    }
+
+    fn verify(&self) -> Result<(), TransactionError> {
+      Ok(())
+    }
+  }
+
+  let genesis = new_genesis();
+  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+
+  // signer
+  let signer = crate::tests::signed_transaction(&mut OsRng, genesis, &key, 0).1.signer;
+  let validators = Arc::new(Validators::new(genesis, vec![(signer, 1)]).unwrap());
+
+  let (_, mut blockchain) = new_blockchain::<SignedTx>(genesis, &[signer]);
+  let tip = blockchain.tip();
+
+  // add txs
+  let mut mempool = vec![];
+  let mut provided_txs = vec![];
+  for i in 0 .. 128 {
+    let signed_tx = Transaction::Application(SignedTx::Signed(Box::new(
+      crate::tests::signed_transaction(&mut OsRng, genesis, &key, i),
+    )));
+    blockchain.add_transaction::<N>(true, signed_tx.clone(), &validators).unwrap();
+    mempool.push(signed_tx);
+
+    let unsigned_tx = Transaction::Tendermint(
+      random_evidence_tx::<N>(
+        Signer::new(genesis, key.clone()).into(),
+        TendermintBlock(vec![u8::try_from(i).unwrap()]),
+      )
+      .await,
+    );
+    blockchain.add_transaction::<N>(true, unsigned_tx.clone(), &validators).unwrap();
+    mempool.push(unsigned_tx);
+
+    let provided_tx =
+      SignedTx::Provided(Box::new(random_provided_transaction(&mut OsRng, "order1")));
+    blockchain.provide_transaction(provided_tx.clone()).unwrap();
+    provided_txs.push(provided_tx);
+  }
+  let block = blockchain.build_block::<N>(&validators);
+
+  assert_eq!(blockchain.tip(), tip);
+  assert_eq!(block.header.parent, tip);
+
+  // Make sure all transactions were included
+  assert_eq!(block.transactions.len(), 3 * 128);
+  for bt in &block.transactions[128 ..] {
+    assert!(mempool.contains(bt));
+  }
+
+  // check the tx order
+  let txs = &block.transactions;
+  for tx in txs.iter().take(128) {
+    assert!(matches!(tx.kind(), TransactionKind::Provided(..)));
+  }
+  for tx in txs.iter().take(128).skip(128) {
+    assert!(matches!(tx.kind(), TransactionKind::Unsigned));
+  }
+  for tx in txs.iter().take(128).skip(256) {
+    assert!(matches!(tx.kind(), TransactionKind::Signed(..)));
+  }
+
+  // should be a valid block
+  blockchain.verify_block::<N>(&block, &validators, false).unwrap();
+
+  // Unsigned before Provided
+  {
+    let mut block = block.clone();
+    // Doesn't use swap to preserve the order of Provided, as that's checked before kind ordering
+    let unsigned = block.transactions.remove(128);
+    block.transactions.insert(0, unsigned);
+    assert_eq!(
+      blockchain.verify_block::<N>(&block, &validators, false).unwrap_err(),
+      BlockError::WrongTransactionOrder
+    );
+  }
+
+  // Signed before Provided
+  {
+    let mut block = block.clone();
+    let signed = block.transactions.remove(256);
+    block.transactions.insert(0, signed);
+    assert_eq!(
+      blockchain.verify_block::<N>(&block, &validators, false).unwrap_err(),
+      BlockError::WrongTransactionOrder
+    );
+  }
+
+  // Signed before Unsigned
+  {
+    let mut block = block;
+    block.transactions.swap(128, 256);
+    assert_eq!(
+      blockchain.verify_block::<N>(&block, &validators, false).unwrap_err(),
+      BlockError::WrongTransactionOrder
+    );
+  }
+}

coordinator/tributary-sdk/src/tests/mempool.rs

@@ -0,0 +1,199 @@
+use std::{sync::Arc, collections::HashMap};
+
+use zeroize::Zeroizing;
+use rand::{RngCore, rngs::OsRng};
+
+use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+
+use tendermint::ext::Commit;
+
+use serai_db::MemDb;
+
+use crate::{
+  transaction::{TransactionError, Transaction as TransactionTrait},
+  tendermint::{TendermintBlock, Validators, Signer, TendermintNetwork},
+  ACCOUNT_MEMPOOL_LIMIT, Transaction, Mempool,
+  tests::{SignedTransaction, signed_transaction, p2p::DummyP2p, random_evidence_tx},
+};
+
+type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
+
+fn new_mempool<T: TransactionTrait>() -> ([u8; 32], MemDb, Mempool<MemDb, T>) {
+  let mut genesis = [0; 32];
+  OsRng.fill_bytes(&mut genesis);
+  let db = MemDb::new();
+  (genesis, db.clone(), Mempool::new(db, genesis))
+}
+
+#[tokio::test]
+async fn mempool_addition() {
+  let (genesis, db, mut mempool) = new_mempool::<SignedTransaction>();
+  let commit = |_: u64| -> Option<Commit<Arc<Validators>>> {
+    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
+  };
+  let unsigned_in_chain = |_: [u8; 32]| false;
+  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+
+  let first_tx = signed_transaction(&mut OsRng, genesis, &key, 0);
+  let signer = first_tx.1.signer;
+  assert_eq!(mempool.next_nonce_in_mempool(&signer, vec![]), None);
+
+  // validators
+  let validators = Arc::new(Validators::new(genesis, vec![(signer, 1)]).unwrap());
+
+  // Add TX 0
+  assert!(mempool
+    .add::<N, _>(
+      &|_, _| Some(0),
+      true,
+      Transaction::Application(first_tx.clone()),
+      &validators,
+      unsigned_in_chain,
+      commit,
+    )
+    .unwrap());
+  assert_eq!(mempool.next_nonce_in_mempool(&signer, vec![]), Some(1));
+
+  // add a tendermint evidence tx
+  let evidence_tx =
+    random_evidence_tx::<N>(Signer::new(genesis, key.clone()).into(), TendermintBlock(vec![]))
+      .await;
+  assert!(mempool
+    .add::<N, _>(
+      &|_, _| None,
+      true,
+      Transaction::Tendermint(evidence_tx.clone()),
+      &validators,
+      unsigned_in_chain,
+      commit,
+    )
+    .unwrap());
+
+  // Test reloading works
+  assert_eq!(mempool, Mempool::new(db, genesis));
+
+  // Adding them again should fail
+  assert_eq!(
+    mempool.add::<N, _>(
+      &|_, _| Some(0),
+      true,
+      Transaction::Application(first_tx.clone()),
+      &validators,
+      unsigned_in_chain,
+      commit,
+    ),
+    Err(TransactionError::InvalidNonce)
+  );
+  assert_eq!(
+    mempool.add::<N, _>(
+      &|_, _| None,
+      true,
+      Transaction::Tendermint(evidence_tx.clone()),
+      &validators,
+      unsigned_in_chain,
+      commit,
+    ),
+    Ok(false)
+  );
+
+  // Do the same with the next nonce
+  let second_tx = signed_transaction(&mut OsRng, genesis, &key, 1);
+  assert_eq!(
+    mempool.add::<N, _>(
+      &|_, _| Some(0),
+      true,
+      Transaction::Application(second_tx.clone()),
+      &validators,
+      unsigned_in_chain,
+      commit,
+    ),
+    Ok(true)
+  );
+  assert_eq!(mempool.next_nonce_in_mempool(&signer, vec![]), Some(2));
+  assert_eq!(
+    mempool.add::<N, _>(
+      &|_, _| Some(0),
+      true,
+      Transaction::Application(second_tx.clone()),
+      &validators,
+      unsigned_in_chain,
+      commit,
+    ),
+    Err(TransactionError::InvalidNonce)
+  );
+
+  // If the mempool doesn't have a nonce for an account, it should successfully use the
+  // blockchain's
+  let second_key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+  let tx = signed_transaction(&mut OsRng, genesis, &second_key, 2);
+  let second_signer = tx.1.signer;
+  assert_eq!(mempool.next_nonce_in_mempool(&second_signer, vec![]), None);
+  assert!(mempool
+    .add::<N, _>(
+      &|_, _| Some(2),
+      true,
+      Transaction::Application(tx.clone()),
+      &validators,
+      unsigned_in_chain,
+      commit
+    )
+    .unwrap());
+  assert_eq!(mempool.next_nonce_in_mempool(&second_signer, vec![]), Some(3));
+
+  // Getting a block should work
+  assert_eq!(mempool.block().len(), 4);
+
+  // Removing should successfully prune
+  mempool.remove(&tx.hash());
+
+  assert_eq!(
+    mempool.txs(),
+    &HashMap::from([
+      (first_tx.hash(), Transaction::Application(first_tx)),
+      (second_tx.hash(), Transaction::Application(second_tx)),
+      (evidence_tx.hash(), Transaction::Tendermint(evidence_tx))
+    ])
+  );
+}
+
+#[test]
+fn too_many_mempool() {
+  let (genesis, _, mut mempool) = new_mempool::<SignedTransaction>();
+  let validators = Arc::new(Validators::new(genesis, vec![]).unwrap());
+  let commit = |_: u64| -> Option<Commit<Arc<Validators>>> {
+    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
+  };
+  let unsigned_in_chain = |_: [u8; 32]| false;
+  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng));
+
+  // We should be able to add transactions up to the limit
+  for i in 0 .. ACCOUNT_MEMPOOL_LIMIT {
+    assert!(mempool
+      .add::<N, _>(
+        &|_, _| Some(0),
+        false,
+        Transaction::Application(signed_transaction(&mut OsRng, genesis, &key, i)),
+        &validators,
+        unsigned_in_chain,
+        commit,
+      )
+      .unwrap());
+  }
+  // Yet adding more should fail
+  assert_eq!(
+    mempool.add::<N, _>(
+      &|_, _| Some(0),
+      false,
+      Transaction::Application(signed_transaction(
+        &mut OsRng,
+        genesis,
+        &key,
+        ACCOUNT_MEMPOOL_LIMIT
+      )),
+      &validators,
+      unsigned_in_chain,
+      commit,
+    ),
+    Err(TransactionError::TooManyInMempool)
+  );
+}

coordinator/tributary-sdk/src/tests/merkle.rs

@@ -0,0 +1,34 @@
+use std::collections::HashSet;
+
+use rand::{RngCore, rngs::OsRng};
+
+#[test]
+fn merkle() {
+  let mut used = HashSet::new();
+  // Test this produces a unique root
+  let mut test = |hashes: &[[u8; 32]]| {
+    let hash = crate::merkle(hashes);
+    assert!(!used.contains(&hash));
+    used.insert(hash);
+  };
+
+  // Zero should be a special case which return 0
+  assert_eq!(crate::merkle(&[]), [0; 32]);
+  test(&[]);
+
+  let mut one = [0; 32];
+  OsRng.fill_bytes(&mut one);
+  let mut two = [0; 32];
+  OsRng.fill_bytes(&mut two);
+  let mut three = [0; 32];
+  OsRng.fill_bytes(&mut three);
+
+  // Make sure it's deterministic
+  assert_eq!(crate::merkle(&[one]), crate::merkle(&[one]));
+
+  // Test a few basic structures
+  test(&[one]);
+  test(&[one, two]);
+  test(&[one, two, three]);
+  test(&[one, three]);
+}

coordinator/tributary-sdk/src/tests/mod.rs

@@ -0,0 +1,17 @@
+#[cfg(test)]
+mod tendermint;
+
+mod transaction;
+pub use transaction::*;
+
+#[cfg(test)]
+mod merkle;
+
+#[cfg(test)]
+mod block;
+#[cfg(test)]
+mod blockchain;
+#[cfg(test)]
+mod mempool;
+#[cfg(test)]
+mod p2p;

coordinator/tributary-sdk/src/tests/p2p.rs

@@ -0,0 +1,12 @@
+use core::future::Future;
+
+pub use crate::P2p;
+
+#[derive(Clone, Debug)]
+pub struct DummyP2p;
+
+impl P2p for DummyP2p {
+  fn broadcast(&self, _: [u8; 32], _: Vec<u8>) -> impl Send + Future<Output = ()> {
+    async move { unimplemented!() }
+  }
+}

coordinator/tributary-sdk/src/tests/tendermint.rs

@@ -0,0 +1,30 @@
+use core::future::Future;
+
+use tendermint::ext::Network;
+
+use crate::{
+  P2p, TendermintTx,
+  tendermint::{TARGET_BLOCK_TIME, TendermintNetwork},
+};
+
+#[test]
+fn assert_target_block_time() {
+  use serai_db::MemDb;
+
+  #[derive(Clone, Debug)]
+  pub struct DummyP2p;
+
+  impl P2p for DummyP2p {
+    fn broadcast(&self, _: [u8; 32], _: Vec<u8>) -> impl Send + Future<Output = ()> {
+      async move { unimplemented!() }
+    }
+  }
+
+  // Type paremeters don't matter here since we only need to call the block_time()
+  // and it only relies on the constants of the trait implementation. block_time() is in seconds,
+  // TARGET_BLOCK_TIME is in milliseconds.
+  assert_eq!(
+    <TendermintNetwork<MemDb, TendermintTx, DummyP2p> as Network>::block_time(),
+    TARGET_BLOCK_TIME / 1000
+  )
+}

coordinator/tributary-sdk/src/tests/transaction/mod.rs

@@ -0,0 +1,220 @@
+use core::ops::Deref;
+use std::{sync::Arc, io};
+
+use zeroize::Zeroizing;
+use rand::{RngCore, CryptoRng, rngs::OsRng};
+
+use blake2::{Digest, Blake2s256};
+
+use ciphersuite::{
+  group::{ff::Field, Group},
+  Ciphersuite, Ristretto,
+};
+use schnorr::SchnorrSignature;
+
+use scale::Encode;
+
+use ::tendermint::{
+  ext::{Network, Signer as SignerTrait, SignatureScheme, BlockNumber, RoundNumber},
+  SignedMessageFor, DataFor, Message, SignedMessage, Data, Evidence,
+};
+
+use crate::{
+  transaction::{Signed, TransactionError, TransactionKind, Transaction, verify_transaction},
+  ReadWrite,
+  tendermint::{tx::TendermintTx, Validators, Signer},
+};
+
+#[cfg(test)]
+mod signed;
+
+#[cfg(test)]
+mod tendermint;
+
+pub fn random_signed<R: RngCore + CryptoRng>(rng: &mut R) -> Signed {
+  Signed {
+    signer: <Ristretto as Ciphersuite>::G::random(&mut *rng),
+    nonce: u32::try_from(rng.next_u64() >> 32 >> 1).unwrap(),
+    signature: SchnorrSignature::<Ristretto> {
+      R: <Ristretto as Ciphersuite>::G::random(&mut *rng),
+      s: <Ristretto as Ciphersuite>::F::random(rng),
+    },
+  }
+}
+
+pub fn random_signed_with_nonce<R: RngCore + CryptoRng>(rng: &mut R, nonce: u32) -> Signed {
+  let mut signed = random_signed(rng);
+  signed.nonce = nonce;
+  signed
+}
+
+#[derive(Clone, PartialEq, Eq, Debug)]
+pub struct ProvidedTransaction(pub Vec<u8>);
+
+impl ReadWrite for ProvidedTransaction {
+  fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
+    let mut len = [0; 4];
+    reader.read_exact(&mut len)?;
+    let mut data = vec![0; usize::try_from(u32::from_le_bytes(len)).unwrap()];
+    reader.read_exact(&mut data)?;
+    Ok(ProvidedTransaction(data))
+  }
+
+  fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
+    writer.write_all(&u32::try_from(self.0.len()).unwrap().to_le_bytes())?;
+    writer.write_all(&self.0)
+  }
+}
+
+impl Transaction for ProvidedTransaction {
+  fn kind(&self) -> TransactionKind {
+    match self.0[0] {
+      1 => TransactionKind::Provided("order1"),
+      2 => TransactionKind::Provided("order2"),
+      _ => panic!("unknown order"),
+    }
+  }
+
+  fn hash(&self) -> [u8; 32] {
+    Blake2s256::digest(self.serialize()).into()
+  }
+
+  fn verify(&self) -> Result<(), TransactionError> {
+    Ok(())
+  }
+}
+
+pub fn random_provided_transaction<R: RngCore + CryptoRng>(
+  rng: &mut R,
+  order: &str,
+) -> ProvidedTransaction {
+  let mut data = vec![0; 512];
+  rng.fill_bytes(&mut data);
+  data[0] = match order {
+    "order1" => 1,
+    "order2" => 2,
+    _ => panic!("unknown order"),
+  };
+  ProvidedTransaction(data)
+}
+
+#[derive(Clone, PartialEq, Eq, Debug)]
+pub struct SignedTransaction(pub Vec<u8>, pub Signed);
+
+impl ReadWrite for SignedTransaction {
+  fn read<R: io::Read>(reader: &mut R) -> io::Result<Self> {
+    let mut len = [0; 4];
+    reader.read_exact(&mut len)?;
+    let mut data = vec![0; usize::try_from(u32::from_le_bytes(len)).unwrap()];
+    reader.read_exact(&mut data)?;
+
+    Ok(SignedTransaction(data, Signed::read(reader)?))
+  }
+
+  fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
+    writer.write_all(&u32::try_from(self.0.len()).unwrap().to_le_bytes())?;
+    writer.write_all(&self.0)?;
+    self.1.write(writer)
+  }
+}
+
+impl Transaction for SignedTransaction {
+  fn kind(&self) -> TransactionKind {
+    TransactionKind::Signed(vec![], self.1.clone())
+  }
+
+  fn hash(&self) -> [u8; 32] {
+    let serialized = self.serialize();
+    Blake2s256::digest(&serialized[.. (serialized.len() - 64)]).into()
+  }
+
+  fn verify(&self) -> Result<(), TransactionError> {
+    Ok(())
+  }
+}
+
+pub fn signed_transaction<R: RngCore + CryptoRng>(
+  rng: &mut R,
+  genesis: [u8; 32],
+  key: &Zeroizing<<Ristretto as Ciphersuite>::F>,
+  nonce: u32,
+) -> SignedTransaction {
+  let mut data = vec![0; 512];
+  rng.fill_bytes(&mut data);
+
+  let signer = <Ristretto as Ciphersuite>::generator() * **key;
+
+  let mut tx =
+    SignedTransaction(data, Signed { signer, nonce, signature: random_signed(rng).signature });
+
+  let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
+  tx.1.signature.R = Ristretto::generator() * sig_nonce.deref();
+  tx.1.signature = SchnorrSignature::sign(key, sig_nonce, tx.sig_hash(genesis));
+
+  verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).unwrap();
+
+  tx
+}
+
+pub fn random_signed_transaction<R: RngCore + CryptoRng>(
+  rng: &mut R,
+) -> ([u8; 32], SignedTransaction) {
+  let mut genesis = [0; 32];
+  rng.fill_bytes(&mut genesis);
+
+  let key = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut *rng));
+  // Shift over an additional bit to ensure it won't overflow when incremented
+  let nonce = u32::try_from(rng.next_u64() >> 32 >> 1).unwrap();
+
+  (genesis, signed_transaction(rng, genesis, &key, nonce))
+}
+
+pub fn new_genesis() -> [u8; 32] {
+  let mut genesis = [0; 32];
+  OsRng.fill_bytes(&mut genesis);
+  genesis
+}
+
+pub async fn tendermint_meta() -> ([u8; 32], Signer, [u8; 32], Arc<Validators>) {
+  // signer
+  let genesis = new_genesis();
+  let signer =
+    Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
+  let validator_id = signer.validator_id().await.unwrap();
+
+  // schema
+  let signer_pub =
+    <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut validator_id.as_slice()).unwrap();
+  let validators = Arc::new(Validators::new(genesis, vec![(signer_pub, 1)]).unwrap());
+
+  (genesis, signer, validator_id, validators)
+}
+
+pub async fn signed_from_data<N: Network>(
+  signer: <N::SignatureScheme as SignatureScheme>::Signer,
+  signer_id: N::ValidatorId,
+  block_number: u64,
+  round_number: u32,
+  data: DataFor<N>,
+) -> SignedMessageFor<N> {
+  let msg = Message {
+    sender: signer_id,
+    block: BlockNumber(block_number),
+    round: RoundNumber(round_number),
+    data,
+  };
+  let sig = signer.sign(&msg.encode()).await;
+  SignedMessage { msg, sig }
+}
+
+pub async fn random_evidence_tx<N: Network>(
+  signer: <N::SignatureScheme as SignatureScheme>::Signer,
+  b: N::Block,
+) -> TendermintTx {
+  // Creates a TX with an invalid valid round number
+  // TODO: Use a random failure reason
+  let data = Data::Proposal(Some(RoundNumber(0)), b);
+  let signer_id = signer.validator_id().await.unwrap();
+  let signed = signed_from_data::<N>(signer, signer_id, 0, 0, data).await;
+  TendermintTx::SlashEvidence(Evidence::InvalidValidRound(signed.encode()))
+}

coordinator/tributary-sdk/src/tests/transaction/signed.rs

@@ -0,0 +1,84 @@
+use rand::rngs::OsRng;
+
+use blake2::{Digest, Blake2s256};
+
+use ciphersuite::{group::ff::Field, Ciphersuite, Ristretto};
+
+use crate::{
+  ReadWrite,
+  transaction::{Signed, Transaction, verify_transaction},
+  tests::{random_signed, random_signed_transaction},
+};
+
+#[test]
+fn serialize_signed() {
+  let signed = random_signed(&mut rand::rngs::OsRng);
+  assert_eq!(Signed::read::<&[u8]>(&mut signed.serialize().as_ref()).unwrap(), signed);
+}
+
+#[test]
+fn sig_hash() {
+  let (genesis, tx1) = random_signed_transaction(&mut OsRng);
+  assert!(tx1.sig_hash(genesis) != tx1.sig_hash(Blake2s256::digest(genesis).into()));
+
+  let (_, tx2) = random_signed_transaction(&mut OsRng);
+  assert!(tx1.hash() != tx2.hash());
+  assert!(tx1.sig_hash(genesis) != tx2.sig_hash(genesis));
+}
+
+#[test]
+fn signed_transaction() {
+  let (genesis, tx) = random_signed_transaction(&mut OsRng);
+
+  // Mutate various properties and verify it no longer works
+
+  // Different genesis
+  assert!(verify_transaction(&tx, Blake2s256::digest(genesis).into(), &mut |_, _| Some(
+    tx.1.nonce
+  ))
+  .is_err());
+
+  // Different data
+  {
+    let mut tx = tx.clone();
+    tx.0 = Blake2s256::digest(tx.0).to_vec();
+    assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
+  }
+
+  // Different signer
+  {
+    let mut tx = tx.clone();
+    tx.1.signer += Ristretto::generator();
+    assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
+  }
+
+  // Different nonce
+  {
+    #[allow(clippy::redundant_clone)] // False positive?
+    let mut tx = tx.clone();
+    tx.1.nonce = tx.1.nonce.wrapping_add(1);
+    assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
+  }
+
+  // Different signature
+  {
+    let mut tx = tx.clone();
+    tx.1.signature.R += Ristretto::generator();
+    assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
+  }
+  {
+    let mut tx = tx.clone();
+    tx.1.signature.s += <Ristretto as Ciphersuite>::F::ONE;
+    assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).is_err());
+  }
+
+  // Sanity check the original TX was never mutated and is valid
+  verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce)).unwrap();
+}
+
+#[test]
+fn invalid_nonce() {
+  let (genesis, tx) = random_signed_transaction(&mut OsRng);
+
+  assert!(verify_transaction(&tx, genesis, &mut |_, _| Some(tx.1.nonce.wrapping_add(1)),).is_err());
+}

coordinator/tributary-sdk/src/tests/transaction/tendermint.rs

@@ -0,0 +1,300 @@
+use std::sync::Arc;
+
+use zeroize::Zeroizing;
+use rand::{RngCore, rngs::OsRng};
+
+use ciphersuite::{Ristretto, Ciphersuite, group::ff::Field};
+
+use scale::Encode;
+
+use tendermint::{
+  time::CanonicalInstant,
+  round::RoundData,
+  Data, commit_msg, Evidence,
+  ext::{RoundNumber, Commit, Signer as SignerTrait},
+};
+
+use serai_db::MemDb;
+
+use crate::{
+  ReadWrite,
+  tendermint::{
+    tx::{TendermintTx, verify_tendermint_tx},
+    TendermintBlock, Signer, Validators, TendermintNetwork,
+  },
+  tests::{
+    p2p::DummyP2p, SignedTransaction, random_evidence_tx, tendermint_meta, signed_from_data,
+  },
+};
+
+type N = TendermintNetwork<MemDb, SignedTransaction, DummyP2p>;
+
+#[tokio::test]
+async fn serialize_tendermint() {
+  // make a tendermint tx with random evidence
+  let (_, signer, _, _) = tendermint_meta().await;
+  let tx = random_evidence_tx::<N>(signer.into(), TendermintBlock(vec![])).await;
+  let res = TendermintTx::read::<&[u8]>(&mut tx.serialize().as_ref()).unwrap();
+  assert_eq!(res, tx);
+}
+
+#[tokio::test]
+async fn invalid_valid_round() {
+  // signer
+  let (_, signer, signer_id, validators) = tendermint_meta().await;
+  let commit = |_: u64| -> Option<Commit<Arc<Validators>>> {
+    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
+  };
+
+  let valid_round_tx = |valid_round| {
+    let signer = signer.clone();
+    async move {
+      let data = Data::Proposal(valid_round, TendermintBlock(vec![]));
+      let signed = signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, data).await;
+      (signed.clone(), TendermintTx::SlashEvidence(Evidence::InvalidValidRound(signed.encode())))
+    }
+  };
+
+  // This should be invalid evidence if a valid valid round is specified
+  let (_, tx) = valid_round_tx(None).await;
+  assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
+
+  // If an invalid valid round is specified (>= current), this should be invalid evidence
+  let (mut signed, tx) = valid_round_tx(Some(RoundNumber(0))).await;
+
+  // should pass
+  verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap();
+
+  // change the signature
+  let mut random_sig = [0u8; 64];
+  OsRng.fill_bytes(&mut random_sig);
+  signed.sig = random_sig;
+  let tx = TendermintTx::SlashEvidence(Evidence::InvalidValidRound(signed.encode()));
+
+  // should fail
+  assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
+}
+
+#[tokio::test]
+async fn invalid_precommit_signature() {
+  let (_, signer, signer_id, validators) = tendermint_meta().await;
+  let commit = |i: u64| -> Option<Commit<Arc<Validators>>> {
+    assert_eq!(i, 0);
+    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
+  };
+
+  let precommit = |precommit| {
+    let signer = signer.clone();
+    async move {
+      let signed =
+        signed_from_data::<N>(signer.clone().into(), signer_id, 1, 0, Data::Precommit(precommit))
+          .await;
+      (signed.clone(), TendermintTx::SlashEvidence(Evidence::InvalidPrecommit(signed.encode())))
+    }
+  };
+
+  // Empty Precommit should fail.
+  assert!(verify_tendermint_tx::<N>(&precommit(None).await.1, &validators, commit).is_err());
+
+  // valid precommit signature should fail.
+  let block_id = [0x22u8; 32];
+  let last_end_time =
+    RoundData::<N>::new(RoundNumber(0), CanonicalInstant::new(commit(0).unwrap().end_time))
+      .end_time();
+  let commit_msg = commit_msg(last_end_time.canonical(), block_id.as_ref());
+
+  assert!(verify_tendermint_tx::<N>(
+    &precommit(Some((block_id, signer.clone().sign(&commit_msg).await))).await.1,
+    &validators,
+    commit
+  )
+  .is_err());
+
+  // any other signature can be used as evidence.
+  {
+    let (mut signed, tx) = precommit(Some((block_id, signer.sign(&[]).await))).await;
+    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap();
+
+    // So long as we can authenticate where it came from
+    let mut random_sig = [0u8; 64];
+    OsRng.fill_bytes(&mut random_sig);
+    signed.sig = random_sig;
+    let tx = TendermintTx::SlashEvidence(Evidence::InvalidPrecommit(signed.encode()));
+    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
+  }
+}
+
+#[tokio::test]
+async fn evidence_with_prevote() {
+  let (_, signer, signer_id, validators) = tendermint_meta().await;
+  let commit = |_: u64| -> Option<Commit<Arc<Validators>>> {
+    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
+  };
+
+  let prevote = |block_id| {
+    let signer = signer.clone();
+    async move {
+      // it should fail for all reasons.
+      let mut txs = vec![];
+      txs.push(TendermintTx::SlashEvidence(Evidence::InvalidPrecommit(
+        signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
+          .await
+          .encode(),
+      )));
+      txs.push(TendermintTx::SlashEvidence(Evidence::InvalidValidRound(
+        signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
+          .await
+          .encode(),
+      )));
+      // Since these require a second message, provide this one again
+      // ConflictingMessages can be fired for actually conflicting Prevotes however
+      txs.push(TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+        signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
+          .await
+          .encode(),
+        signed_from_data::<N>(signer.clone().into(), signer_id, 0, 0, Data::Prevote(block_id))
+          .await
+          .encode(),
+      )));
+      txs
+    }
+  };
+
+  // No prevote message alone should be valid as slash evidence at this time
+  for prevote in prevote(None).await {
+    assert!(verify_tendermint_tx::<N>(&prevote, &validators, commit).is_err());
+  }
+  for prevote in prevote(Some([0x22u8; 32])).await {
+    assert!(verify_tendermint_tx::<N>(&prevote, &validators, commit).is_err());
+  }
+}
+
+#[tokio::test]
+async fn conflicting_msgs_evidence_tx() {
+  let (genesis, signer, signer_id, validators) = tendermint_meta().await;
+  let commit = |i: u64| -> Option<Commit<Arc<Validators>>> {
+    assert_eq!(i, 0);
+    Some(Commit::<Arc<Validators>> { end_time: 0, validators: vec![], signature: vec![] })
+  };
+
+  // Block b, round n
+  let signed_for_b_r = |block, round, data| {
+    let signer = signer.clone();
+    async move { signed_from_data::<N>(signer.clone().into(), signer_id, block, round, data).await }
+  };
+
+  // Proposal
+  {
+    // non-conflicting data should fail
+    let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_1.encode(),
+    ));
+    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
+
+    // conflicting data should pass
+    let signed_2 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_2.encode(),
+    ));
+    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap();
+
+    // Except if it has a distinct round number, as we don't check cross-round conflicts
+    // (except for Precommit)
+    let signed_2 = signed_for_b_r(0, 1, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_2.encode(),
+    ));
+    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap_err();
+
+    // Proposals for different block numbers should also fail as evidence
+    let signed_2 = signed_for_b_r(1, 0, Data::Proposal(None, TendermintBlock(vec![0x22]))).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_2.encode(),
+    ));
+    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap_err();
+  }
+
+  // Prevote
+  {
+    // non-conflicting data should fail
+    let signed_1 = signed_for_b_r(0, 0, Data::Prevote(Some([0x11; 32]))).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_1.encode(),
+    ));
+    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
+
+    // conflicting data should pass
+    let signed_2 = signed_for_b_r(0, 0, Data::Prevote(Some([0x22; 32]))).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_2.encode(),
+    ));
+    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap();
+
+    // Except if it has a distinct round number, as we don't check cross-round conflicts
+    // (except for Precommit)
+    let signed_2 = signed_for_b_r(0, 1, Data::Prevote(Some([0x22; 32]))).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_2.encode(),
+    ));
+    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap_err();
+
+    // Proposals for different block numbers should also fail as evidence
+    let signed_2 = signed_for_b_r(1, 0, Data::Prevote(Some([0x22; 32]))).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_2.encode(),
+    ));
+    verify_tendermint_tx::<N>(&tx, &validators, commit).unwrap_err();
+  }
+
+  // msgs from different senders should fail
+  {
+    let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![0x11]))).await;
+
+    let signer_2 =
+      Signer::new(genesis, Zeroizing::new(<Ristretto as Ciphersuite>::F::random(&mut OsRng)));
+    let signed_id_2 = signer_2.validator_id().await.unwrap();
+    let signed_2 = signed_from_data::<N>(
+      signer_2.into(),
+      signed_id_2,
+      0,
+      0,
+      Data::Proposal(None, TendermintBlock(vec![0x22])),
+    )
+    .await;
+
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_2.encode(),
+    ));
+
+    // update schema so that we don't fail due to invalid signature
+    let signer_pub =
+      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signer_id.as_slice()).unwrap();
+    let signer_pub_2 =
+      <Ristretto as Ciphersuite>::read_G::<&[u8]>(&mut signed_id_2.as_slice()).unwrap();
+    let validators =
+      Arc::new(Validators::new(genesis, vec![(signer_pub, 1), (signer_pub_2, 1)]).unwrap());
+
+    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
+  }
+
+  // msgs with different steps should fail
+  {
+    let signed_1 = signed_for_b_r(0, 0, Data::Proposal(None, TendermintBlock(vec![]))).await;
+    let signed_2 = signed_for_b_r(0, 0, Data::Prevote(None)).await;
+    let tx = TendermintTx::SlashEvidence(Evidence::ConflictingMessages(
+      signed_1.encode(),
+      signed_2.encode(),
+    ));
+    assert!(verify_tendermint_tx::<N>(&tx, &validators, commit).is_err());
+  }
+}