Skip to content

Commit

Permalink
Merge pull request from GHSA-95rx-m9m5-m94v
Browse files Browse the repository at this point in the history
* validate ExtendedCommit against LastCommit

* test cases

* lint

---------

Co-authored-by: Marko <marbar3778@yahoo.com>
  • Loading branch information
nivasan1 and tac0turtle authored Mar 1, 2024
1 parent 55370b0 commit 7155a1c
Show file tree
Hide file tree
Showing 3 changed files with 280 additions and 17 deletions.
10 changes: 8 additions & 2 deletions baseapp/abci_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1804,7 +1804,10 @@ func TestABCI_PrepareProposal_VoteExtensions(t *testing.T) {
// set up baseapp
prepareOpt := func(bapp *baseapp.BaseApp) {
bapp.SetPrepareProposal(func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) {
err := baseapp.ValidateVoteExtensions(ctx, valStore, req.Height, bapp.ChainID(), req.LocalLastCommit)
ctx = ctx.WithBlockHeight(req.Height).WithChainID(bapp.ChainID())
_, info := extendedCommitToLastCommit(req.LocalLastCommit)
ctx = ctx.WithCometInfo(info)
err := baseapp.ValidateVoteExtensions(ctx, valStore, req.LocalLastCommit)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -2111,7 +2114,10 @@ func TestBaseApp_VoteExtensions(t *testing.T) {

app.SetPrepareProposal(func(ctx sdk.Context, req *abci.RequestPrepareProposal) (*abci.ResponsePrepareProposal, error) {
txs := [][]byte{}
if err := baseapp.ValidateVoteExtensions(ctx, valStore, req.Height, app.ChainID(), req.LocalLastCommit); err != nil {
ctx = ctx.WithBlockHeight(req.Height).WithChainID(app.ChainID())
_, info := extendedCommitToLastCommit(req.LocalLastCommit)
ctx = ctx.WithCometInfo(info)
if err := baseapp.ValidateVoteExtensions(ctx, valStore, req.LocalLastCommit); err != nil {
return nil, err
}
// add all VE as txs (in a real scenario we would need to check signatures too)
Expand Down
65 changes: 57 additions & 8 deletions baseapp/abci_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"context"
"fmt"
"slices"

"github.com/cockroachdb/errors"
abci "github.com/cometbft/cometbft/abci/types"
Expand All @@ -14,6 +15,7 @@ import (
protoio "github.com/cosmos/gogoproto/io"
"github.com/cosmos/gogoproto/proto"

"cosmossdk.io/core/comet"
sdk "github.com/cosmos/cosmos-sdk/types"
"github.com/cosmos/cosmos-sdk/types/mempool"
)
Expand All @@ -40,11 +42,19 @@ type (
func ValidateVoteExtensions(
ctx sdk.Context,
valStore ValidatorStore,
currentHeight int64,
chainID string,
extCommit abci.ExtendedCommitInfo,
) error {
// Get values from context
cp := ctx.ConsensusParams()
currentHeight := ctx.BlockHeight()
chainID := ctx.BlockHeader().ChainID
commitInfo := ctx.CometInfo().LastCommit

// Check that both extCommit + commit are ordered in accordance with vp/address.
if err := validateExtendedCommitAgainstLastCommit(extCommit, commitInfo); err != nil {
return err
}

// Start checking vote extensions only **after** the vote extensions enable
// height, because when `currentHeight == VoteExtensionsEnableHeight`
// PrepareProposal doesn't get any vote extensions in its request.
Expand All @@ -65,7 +75,6 @@ func ValidateVoteExtensions(
sumVP int64
)

cache := make(map[string]struct{})
for _, vote := range extCommit.Votes {
totalVP += vote.Validator.Power

Expand All @@ -90,12 +99,7 @@ func ValidateVoteExtensions(
return fmt.Errorf("vote extensions enabled; received empty vote extension signature at height %d", currentHeight)
}

// Ensure that the validator has not already submitted a vote extension.
valConsAddr := sdk.ConsAddress(vote.Validator.Address)
if _, ok := cache[valConsAddr.String()]; ok {
return fmt.Errorf("duplicate validator; validator %s has already submitted a vote extension", valConsAddr.String())
}
cache[valConsAddr.String()] = struct{}{}

pubKeyProto, err := valStore.GetPubKeyByConsAddr(ctx, valConsAddr)
if err != nil {
Expand Down Expand Up @@ -141,6 +145,51 @@ func ValidateVoteExtensions(
return nil
}

// validateExtendedCommitAgainstLastCommit validates an ExtendedCommitInfo against a LastCommit. Specifically,
// it checks that the ExtendedCommit + LastCommit (for the same height), are consistent with each other + that
// they are ordered correctly (by voting power) in accordance with
// [comet](https://github.com/cometbft/cometbft/blob/4ce0277b35f31985bbf2c25d3806a184a4510010/types/validator_set.go#L784).
func validateExtendedCommitAgainstLastCommit(ec abci.ExtendedCommitInfo, lc comet.CommitInfo) error {
// check that the rounds are the same
if ec.Round != lc.Round {
return fmt.Errorf("extended commit round %d does not match last commit round %d", ec.Round, lc.Round)
}

// check that the # of votes are the same
if len(ec.Votes) != len(lc.Votes) {
return fmt.Errorf("extended commit votes length %d does not match last commit votes length %d", len(ec.Votes), len(lc.Votes))
}

// check sort order of extended commit votes
if !slices.IsSortedFunc(ec.Votes, func(vote1, vote2 abci.ExtendedVoteInfo) int {
if vote1.Validator.Power == vote2.Validator.Power {
return bytes.Compare(vote1.Validator.Address, vote2.Validator.Address) // addresses sorted in ascending order (used to break vp conflicts)
}
return -int(vote1.Validator.Power - vote2.Validator.Power) // vp sorted in descending order
}) {
return fmt.Errorf("extended commit votes are not sorted by voting power")
}

addressCache := make(map[string]struct{}, len(ec.Votes))
// check consistency between LastCommit and ExtendedCommit
for i, vote := range ec.Votes {
// cache addresses to check for duplicates
if _, ok := addressCache[string(vote.Validator.Address)]; ok {
return fmt.Errorf("extended commit vote address %X is duplicated", vote.Validator.Address)
}
addressCache[string(vote.Validator.Address)] = struct{}{}

if !bytes.Equal(vote.Validator.Address, lc.Votes[i].Validator.Address) {
return fmt.Errorf("extended commit vote address %X does not match last commit vote address %X", vote.Validator.Address, lc.Votes[i].Validator.Address)
}
if vote.Validator.Power != lc.Votes[i].Validator.Power {
return fmt.Errorf("extended commit vote power %d does not match last commit vote power %d", vote.Validator.Power, lc.Votes[i].Validator.Power)
}
}

return nil
}

type (
// ProposalTxVerifier defines the interface that is implemented by BaseApp,
// that any custom ABCI PrepareProposal and ProcessProposal handler can use
Expand Down
Loading

0 comments on commit 7155a1c

Please sign in to comment.