Fix codecov: evidence: fix bug with hashes (backport #6375) (#6381)

Finschia · Jan 14, 2022 · 48a55ae · 48a55ae
1 parent 5d58fc3
commit 48a55ae
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 9 deletions.
diff --git a/evidence/verify.go b/evidence/verify.go
@@ -145,9 +145,9 @@ func VerifyLightClientAttack(
 	}
 
 	// Assert the correct amount of voting power of the validator set
-	if evTotal, valsTotal := e.TotalVotingPower, commonVoters.TotalVotingPower(); evTotal != valsTotal {
-		return fmt.Errorf("total voting power from the evidence and our validator set does not match (%d != %d)",
-			evTotal, valsTotal)
+	if evTotal, votersTotal := e.TotalVotingPower, commonVoters.TotalVotingPower(); evTotal != votersTotal {
+		return fmt.Errorf("total voting power from the evidence and our voter set does not match (%d != %d)",
+			evTotal, votersTotal)
 	}
 
 	// check in the case of a forward lunatic attack that monotonically increasing time has been violated
@@ -240,10 +240,6 @@ func validateABCIEvidence(
 	commonVoter *types.VoterSet,
 	trustedHeader *types.SignedHeader,
 ) error {
-	if evTotal, valsTotal := ev.TotalVotingPower, commonVoter.TotalVotingPower(); evTotal != valsTotal {
-		return fmt.Errorf("total voting power from the evidence and our validator set does not match (%d != %d)",
-			evTotal, valsTotal)
-	}
 
 	// Find out what type of attack this was and thus extract the malicious
 	// validators. Note, in the case of an Amnesia attack we don't have any

diff --git a/evidence/verify_test.go b/evidence/verify_test.go
@@ -75,6 +75,85 @@ func TestVerifyLightClientAttack_Lunatic(t *testing.T) {
 	assert.Error(t, err)
 }
 
+func TestVerifyLightClientAttack_validateABCIEvidence(t *testing.T) {
+	const (
+		height             = int64(10)
+		commonHeight int64 = 4
+		totalVals          = 10
+		byzVals            = 4
+		votingPower        = defaultVotingPower
+	)
+	attackTime := defaultEvidenceTime.Add(1 * time.Hour)
+	// create valid lunatic evidence
+	ev, trusted, common := makeLunaticEvidence(
+		t, height, commonHeight, totalVals, byzVals, totalVals-byzVals, defaultEvidenceTime, attackTime)
+	require.NoError(t, ev.ValidateBasic())
+
+	// good pass -> no error
+	err := evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader,
+		common.ValidatorSet,
+		ev.ConflictingBlock.VoterSet, // Should use correct VoterSet for bls.VerifyAggregatedSignature
+		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour, types.DefaultVoterParams())
+	assert.NoError(t, err)
+
+	// illegal nil validators
+	validator, _ := types.RandValidator(false, votingPower)
+	ev.ByzantineValidators = []*types.Validator{validator}
+	amnesiaHeader, err := types.SignedHeaderFromProto(ev.ConflictingBlock.SignedHeader.ToProto())
+	require.NoError(t, err)
+	amnesiaHeader.ProposerAddress = nil
+	amnesiaHeader.Commit.Round = 2
+	err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, amnesiaHeader, // illegal header
+		common.ValidatorSet,
+		ev.ConflictingBlock.VoterSet, // Should use correct VoterSet for bls.VerifyAggregatedSignature
+		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour, types.DefaultVoterParams())
+	require.Error(t, err)
+	require.Equal(t, "expected nil validators from an amnesia light client attack but got 1", err.Error())
+
+	// illegal byzantine validators
+	equivocationHeader, err := types.SignedHeaderFromProto(ev.ConflictingBlock.SignedHeader.ToProto())
+	require.NoError(t, err)
+	equivocationHeader.ProposerAddress = nil
+	err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, equivocationHeader, // illegal header
+		common.ValidatorSet,
+		ev.ConflictingBlock.VoterSet, // Should use correct VoterSet for bls.VerifyAggregatedSignature
+		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour, types.DefaultVoterParams())
+	require.Error(t, err)
+	require.Equal(t, "expected 10 byzantine validators from evidence but got 1", err.Error())
+
+	// illegal byzantine validator address
+	_, phantomVoterSet, _ := types.RandVoterSet(totalVals, defaultVotingPower)
+	ev.ByzantineValidators = phantomVoterSet.Voters
+	err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader,
+		common.ValidatorSet,
+		ev.ConflictingBlock.VoterSet, // Should use correct VoterSet for bls.VerifyAggregatedSignature
+		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour, types.DefaultVoterParams())
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "evidence contained an unexpected byzantine validator address;")
+
+	// illegal byzantine validator staking power
+	phantomVoterSet = types.ToVoterAll(ev.ConflictingBlock.VoterSet.Voters)
+	phantomVoterSet.Voters[0].StakingPower = votingPower + 1
+	ev.ByzantineValidators = phantomVoterSet.Voters
+	err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader,
+		common.ValidatorSet,
+		ev.ConflictingBlock.VoterSet, // Should use correct VoterSet for bls.VerifyAggregatedSignature
+		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour, types.DefaultVoterParams())
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "evidence contained unexpected byzantine validator staking power;")
+
+	// illegal byzantine validator voting power
+	phantomVoterSet = types.ToVoterAll(ev.ConflictingBlock.VoterSet.Voters)
+	phantomVoterSet.Voters[0].VotingPower = votingPower + 1
+	ev.ByzantineValidators = phantomVoterSet.Voters
+	err = evidence.VerifyLightClientAttack(ev, common.SignedHeader, trusted.SignedHeader,
+		common.ValidatorSet,
+		ev.ConflictingBlock.VoterSet, // Should use correct VoterSet for bls.VerifyAggregatedSignature
+		defaultEvidenceTime.Add(2*time.Hour), 3*time.Hour, types.DefaultVoterParams())
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "evidence contained unexpected byzantine validator voting power;")
+}
+
 func TestVerify_LunaticAttackAgainstState(t *testing.T) {
 	const (
 		height       int64 = 10

diff --git a/types/voter_set.go b/types/voter_set.go
@@ -241,10 +241,13 @@ func (voters *VoterSet) VerifyCommitLight(chainID string, blockID BlockID,
 			continue
 		}
 
-		// The vals and commit have a 1-to-1 correspondance.
+		// The voters and commit have a 1-to-1 correspondence.
 		// This means we don't need the voter address or to do any lookup.
 		// voter := voters.Voters[idx]
-		_, voter := voters.GetByAddress(commitSig.ValidatorAddress)
+		index, voter := voters.GetByAddress(commitSig.ValidatorAddress)
+		if index == -1 && voter == nil {
+			continue
+		}
 
 		// Validate signature.
 		voteSignBytes := commit.VoteSignBytes(chainID, int32(idx))