From 8949feb4d3364f20331655a7d61ded9a69e129d3 Mon Sep 17 00:00:00 2001 From: tkernell Date: Wed, 5 Jun 2024 13:36:10 -0500 Subject: [PATCH 1/4] verify vote ext --- app/extend_vote.go | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/app/extend_vote.go b/app/extend_vote.go index 36f28e63e..8edae5c17 100644 --- a/app/extend_vote.go +++ b/app/extend_vote.go @@ -65,7 +65,6 @@ type VoteExtHandler struct { oracleKeeper OracleKeeper bridgeKeeper BridgeKeeper codec codec.Codec - // cosmosCtx sdk.Context } type OracleAttestation struct { @@ -168,7 +167,36 @@ func (h *VoteExtHandler) ExtendVoteHandler(ctx sdk.Context, req *abci.RequestExt } func (h *VoteExtHandler) VerifyVoteExtensionHandler(ctx sdk.Context, req *abci.RequestVerifyVoteExtension) (*abci.ResponseVerifyVoteExtension, error) { - // TODO: implement the logic to verify the vote extension + var voteExt BridgeVoteExtension + err := json.Unmarshal(req.VoteExtension, &voteExt) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal vote extension: %w", err) + } + // ensure oracle attestations length is less than or equal to the number of attestation requests + attestationRequests, err := h.bridgeKeeper.GetAttestationRequestsByHeight(ctx, uint64(ctx.BlockHeight()-1)) + if err != nil { + if !errors.Is(err, collections.ErrNotFound) { + return nil, err + } else { + if len(voteExt.OracleAttestations) > 0 { + return nil, fmt.Errorf("too many oracle attestations") + } + } + } else { + // verify length of oracle attestations + if len(voteExt.OracleAttestations) > len(attestationRequests.Requests) { + return nil, fmt.Errorf("too many oracle attestations") + } + } + // verify the initial signature size + if len(voteExt.InitialSignature.SignatureA) > 65 || len(voteExt.InitialSignature.SignatureB) > 65 { + return nil, fmt.Errorf("invalid initial signature size") + } + // verify the valset signature size + if len(voteExt.ValsetSignature.Signature) > 65 { + return nil, fmt.Errorf("invalid valset signature size") + } + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_ACCEPT}, nil } From 00f93f20a94df600c111134fe4603e12b61339c2 Mon Sep 17 00:00:00 2001 From: tkernell Date: Wed, 5 Jun 2024 14:48:26 -0500 Subject: [PATCH 2/4] proposal handler --- app/proposal_handler.go | 71 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 4 deletions(-) diff --git a/app/proposal_handler.go b/app/proposal_handler.go index fa3b79377..e990c94f2 100644 --- a/app/proposal_handler.go +++ b/app/proposal_handler.go @@ -4,6 +4,7 @@ import ( "encoding/hex" "encoding/json" "errors" + "reflect" abci "github.com/cometbft/cometbft/abci/types" "github.com/ethereum/go-ethereum/common" @@ -42,10 +43,11 @@ type OracleAttestations struct { } type VoteExtTx struct { - BlockHeight int64 `json:"block_height"` - OpAndEVMAddrs OperatorAndEVM `json:"op_and_evm_addrs"` - ValsetSigs ValsetSignatures `json:"valset_sigs"` - OracleAttestations OracleAttestations `json:"oracle_attestations"` + BlockHeight int64 `json:"block_height"` + OpAndEVMAddrs OperatorAndEVM `json:"op_and_evm_addrs"` + ValsetSigs ValsetSignatures `json:"valset_sigs"` + OracleAttestations OracleAttestations `json:"oracle_attestations"` + ExtendedCommitInfo abci.ExtendedCommitInfo `json:"extended_commit_info"` } func NewProposalHandler(logger log.Logger, valStore baseapp.ValidatorStore, appCodec codec.Codec, oracleKeeper OracleKeeper, bridgeKeeper BridgeKeeper, stakingKeeper StakingKeeper) *ProposalHandler { @@ -122,6 +124,7 @@ func (h *ProposalHandler) PrepareProposalHandler(ctx sdk.Context, req *abci.Requ OpAndEVMAddrs: operatorAndEvm, ValsetSigs: valsetSigs, OracleAttestations: oracleAttestations, + ExtendedCommitInfo: req.LocalLastCommit, } bz, err := json.Marshal(injectedVoteExtTx) @@ -139,6 +142,66 @@ func (h *ProposalHandler) PrepareProposalHandler(ctx sdk.Context, req *abci.Requ } func (h *ProposalHandler) ProcessProposalHandler(ctx sdk.Context, req *abci.RequestProcessProposal) (*abci.ResponseProcessProposal, error) { + h.logger.Info("@ProcessProposalHandler", "height", req.Height, "voteExtEnableHeight", ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight) + if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight { + var injectedVoteExtTx VoteExtTx + if err := json.Unmarshal(req.Txs[0], &injectedVoteExtTx); err != nil { + h.logger.Error("failed to decode injected vote extension tx", "err", err) + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + err := baseapp.ValidateVoteExtensions(ctx, h.valStore, req.Height, ctx.ChainID(), injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return nil, err + } + + operatorAddresses, evmAddresses, err := h.CheckInitialSignaturesFromLastCommit(ctx, injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if !reflect.DeepEqual(operatorAddresses, injectedVoteExtTx.OpAndEVMAddrs.OperatorAddresses) { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if !reflect.DeepEqual(evmAddresses, injectedVoteExtTx.OpAndEVMAddrs.EVMAddresses) { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + valsetOperatorAddresses, valsetTimestamps, valsetSignatures, err := h.CheckValsetSignaturesFromLastCommit(ctx, injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if !reflect.DeepEqual(valsetOperatorAddresses, injectedVoteExtTx.ValsetSigs.OperatorAddresses) { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if !reflect.DeepEqual(valsetTimestamps, injectedVoteExtTx.ValsetSigs.Timestamps) { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if !reflect.DeepEqual(valsetSignatures, injectedVoteExtTx.ValsetSigs.Signatures) { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + oracleSigs, oracleSnapshots, oracleOperatorAddresses, err := h.CheckOracleAttestationsFromLastCommit(ctx, injectedVoteExtTx.ExtendedCommitInfo) + if err != nil { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if !reflect.DeepEqual(oracleSigs, injectedVoteExtTx.OracleAttestations.Attestations) { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if !reflect.DeepEqual(oracleSnapshots, injectedVoteExtTx.OracleAttestations.Snapshots) { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + + if !reflect.DeepEqual(oracleOperatorAddresses, injectedVoteExtTx.OracleAttestations.OperatorAddresses) { + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT}, nil + } + } + return &abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT}, nil } From fa8b41bb159c5ef0b0b6fb66d4e71b387e1a804e Mon Sep 17 00:00:00 2001 From: tkernell Date: Wed, 5 Jun 2024 15:22:04 -0500 Subject: [PATCH 3/4] return reject --- app/extend_vote.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/extend_vote.go b/app/extend_vote.go index 8edae5c17..cb5aff2f5 100644 --- a/app/extend_vote.go +++ b/app/extend_vote.go @@ -179,22 +179,22 @@ func (h *VoteExtHandler) VerifyVoteExtensionHandler(ctx sdk.Context, req *abci.R return nil, err } else { if len(voteExt.OracleAttestations) > 0 { - return nil, fmt.Errorf("too many oracle attestations") + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_REJECT}, nil } } } else { // verify length of oracle attestations if len(voteExt.OracleAttestations) > len(attestationRequests.Requests) { - return nil, fmt.Errorf("too many oracle attestations") + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_REJECT}, nil } } // verify the initial signature size if len(voteExt.InitialSignature.SignatureA) > 65 || len(voteExt.InitialSignature.SignatureB) > 65 { - return nil, fmt.Errorf("invalid initial signature size") + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_REJECT}, nil } // verify the valset signature size if len(voteExt.ValsetSignature.Signature) > 65 { - return nil, fmt.Errorf("invalid valset signature size") + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_REJECT}, nil } return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_ACCEPT}, nil From 6a8dbc5ea2d241e5b355b0afd113917cb7e01e93 Mon Sep 17 00:00:00 2001 From: tkernell Date: Wed, 5 Jun 2024 18:06:55 -0500 Subject: [PATCH 4/4] linting --- app/extend_vote.go | 11 +++-------- start_scripts/start_bill.sh | 2 +- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/app/extend_vote.go b/app/extend_vote.go index cb5aff2f5..8ca2c512b 100644 --- a/app/extend_vote.go +++ b/app/extend_vote.go @@ -177,16 +177,11 @@ func (h *VoteExtHandler) VerifyVoteExtensionHandler(ctx sdk.Context, req *abci.R if err != nil { if !errors.Is(err, collections.ErrNotFound) { return nil, err - } else { - if len(voteExt.OracleAttestations) > 0 { - return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_REJECT}, nil - } - } - } else { - // verify length of oracle attestations - if len(voteExt.OracleAttestations) > len(attestationRequests.Requests) { + } else if len(voteExt.OracleAttestations) > 0 { return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_REJECT}, nil } + } else if len(voteExt.OracleAttestations) > len(attestationRequests.Requests) { + return &abci.ResponseVerifyVoteExtension{Status: abci.ResponseVerifyVoteExtension_REJECT}, nil } // verify the initial signature size if len(voteExt.InitialSignature.SignatureA) > 65 || len(voteExt.InitialSignature.SignatureB) > 65 { diff --git a/start_scripts/start_bill.sh b/start_scripts/start_bill.sh index b88c1859e..a088be444 100755 --- a/start_scripts/start_bill.sh +++ b/start_scripts/start_bill.sh @@ -94,7 +94,7 @@ echo "$VALIDATOR_JSON" > $NODE2_HOME_DIR/config/validator.json # Stake Bill as a validator echo "Staking bill as a validator..." -./layerd tx staking create-validator ~/.layer/bill/config/validator.json --from bill --keyring-backend $KEYRING_BACKEND --keyring-dir ~/.layer/bill --chain-id layer --home ~/.layer/bill +./layerd tx staking create-validator ~/.layer/bill/config/validator.json --from bill --keyring-backend $KEYRING_BACKEND --keyring-dir ~/.layer/bill --chain-id layer --home ~/.layer/bill --gas 300000 # Modify keyring-backend in client.toml for bill echo "Modifying keyring-backend in client.toml for bill..."