Enforce proper check of ParentAgregatedSeal during preprepare phase (1.5.x release) #1830
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hbandura
requested review from
mcortesi and
37ng
and removed request for
a team
|
Coverage from tests in coverage: 44.7% of statements across all listed packagescoverage: 54.1% of statements in consensus/istanbul coverage: 45.0% of statements in consensus/istanbul/backend coverage: 0.0% of statements in consensus/istanbul/backend/backendtest coverage: 43.3% of statements in consensus/istanbul/backend/internal/db coverage: 24.1% of statements in consensus/istanbul/backend/internal/enodes coverage: 22.4% of statements in consensus/istanbul/backend/internal/replica coverage: 63.9% of statements in consensus/istanbul/core coverage: 0.0% of statements in consensus/istanbul/proxy coverage: 75.3% of statements in consensus/istanbul/uptime coverage: 100.0% of statements in consensus/istanbul/uptime/store coverage: 51.8% of statements in consensus/istanbul/validator coverage: 79.2% of statements in consensus/istanbul/validator/randomCommentID: 076f09b18d |
mcortesi
approved these changes
Feb 2, 2022
|
This PR has been merged manually ( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
During consensus, when a validator has to verify that a proposed block is valid, the validators are not checking the
ParentAggregatedSeal. Thus, they can potentially accept an invalid block as valid.Full Nodes during regular block syncing don't have the same problem, and thus reject the block. In a scenario with validators depending on proxies (full nodes) this also implies that after such a block, network connections between validators and proxies will break, thus the network will stall.
How?
To verify a block, validators have to check the header, but ignore the
AggreatedSealsince this field is the result of consensus and will only be added as the final step of it.To achieve this,
backend.VerifyProposal()callsengine.VerifyHeaderand it will mark the block as invalid if this call fails, unless the error is related to the AggregatedSeal. This is incorrect, since ifengine.VerifyHeader()fails due to the missing AggregatedSeal it does not imply that the rest of the header is valid, just that the first error on it found is that.In particular,
engine.VerifyHeader()will not verify theParentAggregatedSealifAggreatedSealis missing.Fix
In this PR, instead of calling
VerifyHeaderwe call a new functionverifyHeaderFromProposalthat checks that theAggregatedSeal's signature is empty, and checks all others fields. As expected from a consensus proposal.This PR is applied on top of the 1.5.x version branch