check the round on returned beacons (#74)

* check the round on returned beacons * account for passed in round number Co-authored-by: Louis Bettens <[email protected]> * removed ununsed import * updated a dependency that dependabot complained about * fixed some broken tests * linter --------- Co-authored-by: Louis Bettens <[email protected]>
drand · Jan 26, 2024 · 074d2cb · 074d2cb
1 parent 5d7faa5
commit 074d2cb
Show file tree

Hide file tree

Showing 6 changed files with 169 additions and 127 deletions.
diff --git a/lib/beacon-verification.ts b/lib/beacon-verification.ts
@@ -2,11 +2,6 @@ import { bls12_381 as bls } from '@noble/curves/bls12-381'
 import { sha256 } from '@noble/hashes/sha256'
 import { ensureBytes }  from '@noble/curves/abstract/utils'
 import {Buffer} from 'buffer'
-
-
-type PointG1 = typeof bls.G1.ProjectivePoint.ZERO
-type PointG2 = typeof bls.G2.ProjectivePoint.ZERO
-
 import {
     G2ChainedBeacon,
     ChainInfo,
@@ -19,9 +14,16 @@ import {
     isG1Rfc9380
 } from './index'
 
-async function verifyBeacon(chainInfo: ChainInfo, beacon: RandomnessBeacon): Promise<boolean> {
+type PointG1 = typeof bls.G1.ProjectivePoint.ZERO
+type PointG2 = typeof bls.G2.ProjectivePoint.ZERO
+
+async function verifyBeacon(chainInfo: ChainInfo, beacon: RandomnessBeacon, expectedRound: number): Promise<boolean> {
     const publicKey = chainInfo.public_key
 
+    if (beacon.round !== expectedRound) {
+        return false
+    }
+
     if (!await randomnessIsValid(beacon)) {
         return false
     }

diff --git a/lib/index.ts b/lib/index.ts
@@ -77,7 +77,9 @@ export async function fetchBeacon(client: ChainClient, roundNumber?: number): Pr
         beacon = await client.get(roundNumber)
     }
 
-    return validatedBeacon(client, beacon)
+    const expectedRound = roundNumber || roundAt(Date.now(), await client.chain().info())
+
+    return validatedBeacon(client, beacon, expectedRound)
 }
 
 // fetch the most recent beacon to have been emitted at a given `time` in epoch ms
@@ -101,7 +103,7 @@ export async function* watch(
         await sleep(roundTime(info, currentRound) - now)
 
         const beacon = await retryOnError(async () => client.get(currentRound), options.retriesOnFailure)
-        yield validatedBeacon(client, beacon)
+        yield validatedBeacon(client, beacon, currentRound)
         currentRound = currentRound + 1
     }
 }
@@ -118,12 +120,12 @@ const defaultWatchOptions = {
 }
 
 // internal function for validating a beacon if validation has not been disabled in the client options
-async function validatedBeacon(client: ChainClient, beacon: RandomnessBeacon): Promise<RandomnessBeacon> {
+async function validatedBeacon(client: ChainClient, beacon: RandomnessBeacon, expectedRound: number): Promise<RandomnessBeacon> {
     if (client.options.disableBeaconVerification) {
         return beacon
     }
     const info = await client.chain().info()
-    if (!await verifyBeacon(info, beacon)) {
+    if (!await verifyBeacon(info, beacon, expectedRound)) {
         throw Error('The beacon retrieved was not valid!')
     }