[BFT] ReceiptValidator ensures k receipts committing to the execution result

cmd/consensus/main.go

@@ -88,7 +88,6 @@ func main() {
 		chunkAlpha                            uint
 		requiredApprovalsForSealVerification  uint
 		requiredApprovalsForSealConstruction  uint
-		requiredReceiptsCommittingToResult    uint
 		emergencySealing                      bool
 		dkgControllerConfig                   dkgmodule.ControllerConfig
 		dkgMessagingEngineConfig              = dkgeng.DefaultMessagingEngineConfig()
@@ -159,7 +158,6 @@ func main() {
 		flags.UintVar(&chunkAlpha, "chunk-alpha", flow.DefaultChunkAssignmentAlpha, "number of verifiers that should be assigned to each chunk")
 		flags.UintVar(&requiredApprovalsForSealVerification, "required-verification-seal-approvals", flow.DefaultRequiredApprovalsForSealValidation, "minimum number of approvals that are required to verify a seal")
 		flags.UintVar(&requiredApprovalsForSealConstruction, "required-construction-seal-approvals", flow.DefaultRequiredApprovalsForSealConstruction, "minimum number of approvals that are required to construct a seal")
-		flags.UintVar(&requiredReceiptsCommittingToResult, "required-receipts-committing-to-result", flow.DefaultRequiredReceiptsCommittingToExecutionResult, "minimum number of receipts that are required to be included in the block for each execution result")
 		flags.BoolVar(&emergencySealing, "emergency-sealing-active", flow.DefaultEmergencySealingActive, "(de)activation of emergency sealing")
 		flags.BoolVar(&insecureAccessAPI, "insecure-access-api", false, "required if insecure GRPC connection should be used")
 		flags.StringSliceVar(&accessNodeIDS, "access-node-ids", []string{}, fmt.Sprintf("array of access node IDs sorted in priority order where the first ID in this array will get the first connection attempt and each subsequent ID after serves as a fallback. Minimum length %d. Use '*' for all IDs in protocol state.", common.DefaultAccessNodeIDSMinimum))
@@ -267,8 +265,7 @@ func main() {
 				node.Storage.Headers,
 				node.Storage.Index,
 				node.Storage.Results,
-				node.Storage.Seals,
-				requiredReceiptsCommittingToResult)
+				node.Storage.Seals)
 
 			sealValidator := validation.NewSealValidator(
 				node.State,

engine/testutil/nodes.go

@@ -463,7 +463,6 @@ func ConsensusNode(t *testing.T, hub *stub.Hub, identity *flow.Identity, identit
 		node.Index,
 		resultsDB,
 		node.Seals,
-		flow.DefaultRequiredReceiptsCommittingToExecutionResult,
 	)
 
 	sealingEngine, err := sealing.NewEngine(

model/flow/constants.go

@@ -61,13 +61,6 @@ const DefaultRequiredApprovalsForSealConstruction = uint(1)
 //   - Full protocol should be +2/3 of all currently authorized verifiers.
 const DefaultRequiredApprovalsForSealValidation = 0
 
-// DefaultRequiredReceiptsCommittingToExecutionResult is the default number of receipts that should be committing to an execution
-// result which is being incorporated into a candidate block.
-// ATTENTION:
-// For each result in the candidate block, there must be k receipts included in the candidate block, with k strictly larger than 0.
-// This value has to be strictly larger than 0, otherwise leader can incorporate a result which was not executed.
-const DefaultRequiredReceiptsCommittingToExecutionResult = 1
-
 // DefaultChunkAssignmentAlpha is the default number of verifiers that should be
 // assigned to each chunk.
 const DefaultChunkAssignmentAlpha = 3

module/validation/receipt_validator.go

@@ -18,13 +18,12 @@ import (
 // receiptValidator holds all needed context for checking
 // receipt validity against the current protocol state.
 type receiptValidator struct {
-	headers                                    storage.Headers
-	seals                                      storage.Seals
-	state                                      protocol.State
-	index                                      storage.Index
-	results                                    storage.ExecutionResults
-	signatureHasher                            hash.Hasher
-	requiredReceiptsIncludedForExecutionResult uint
+	headers         storage.Headers
+	seals           storage.Seals
+	state           protocol.State
+	index           storage.Index
+	results         storage.ExecutionResults
+	signatureHasher hash.Hasher
 }
 
 var _ module.ReceiptValidator = (*receiptValidator)(nil)
@@ -34,7 +33,6 @@ func NewReceiptValidator(state protocol.State,
 	index storage.Index,
 	results storage.ExecutionResults,
 	seals storage.Seals,
-	requiredReceiptsIncludedForExecutionResult uint,
 ) module.ReceiptValidator {
 	rv := &receiptValidator{
 		state:           state,
@@ -43,7 +41,6 @@ func NewReceiptValidator(state protocol.State,
 		results:         results,
 		signatureHasher: signature.NewBLSHasher(signature.ExecutionReceiptTag),
 		seals:           seals,
-		requiredReceiptsIncludedForExecutionResult: requiredReceiptsIncludedForExecutionResult,
 	}
 	return rv
 }
@@ -290,12 +287,7 @@ func (v *receiptValidator) ValidatePayload(candidate *flow.Block) error {
 
 		// check if there are enough execution receipts included in the payload corresponding to the execution result
 		receiptsForResult := uint(len(receiptsByResult.GetGroup(resultID)))
-		if receiptsForResult > 0 {
-			if receiptsForResult < v.requiredReceiptsIncludedForExecutionResult {
-				return engine.NewInvalidInputErrorf("execution result %v has only %d receipts, but at least %d are required",
-					resultID, receiptsForResult, v.requiredReceiptsIncludedForExecutionResult)
-			}
-		} else {
+		if receiptsForResult == 0 {
 			return engine.NewInvalidInputErrorf("no receipts for result %v at index %d", resultID, i)
 		}
 

module/validation/receipt_validator_test.go

@@ -35,7 +35,6 @@ func (s *ReceiptValidationSuite) SetupTest() {
 		s.IndexDB,
 		s.ResultsDB,
 		s.SealsDB,
-		1,
 	)
 }
 
@@ -794,66 +793,15 @@ func (s *ReceiptValidationSuite) TestValidateReceiptResultWithoutReceipt() {
 	s.Require().True(engine.IsInvalidInputError(err))
 }
 
-// TestValidateReceiptResultHasNotEnoughReceipts tests a case when a malicious leader incorporates an execution result
-// into their proposal, which has a receipt, but ReceiptValidator is configured to accept at least 2 receipts per execution result.
-func (s *ReceiptValidationSuite) TestValidateReceiptResultHasNotEnoughReceipts() {
-	s.receiptValidator = NewReceiptValidator(
-		s.State,
-		s.HeadersDB,
-		s.IndexDB,
-		s.ResultsDB,
-		s.SealsDB,
-		2, // at least 2 receipts per execution result
-	)
-	// assuming signatures are all good
-	s.publicKey.On("Verify", mock.Anything, mock.Anything, mock.Anything).Return(true, nil)
-
-	// G <- A <- B
-	blocks, result0, seal := unittest.ChainFixture(2)
-	s.SealsIndex[blocks[0].ID()] = seal
-
-	receipts := unittest.ReceiptChainFor(blocks, result0)
-	blockA, blockB := blocks[1], blocks[2]
-	receiptA, receiptB := receipts[1], receipts[2]
-
-	blockA.Payload.Receipts = []*flow.ExecutionReceiptMeta{}
-	blockB.Payload.Receipts = []*flow.ExecutionReceiptMeta{receiptA.Meta()}
-	blockB.Payload.Results = []*flow.ExecutionResult{&receiptA.ExecutionResult}
-	// update block header so that blocks are chained together
-	unittest.ReconnectBlocksAndReceipts(blocks, receipts)
-	// assuming all receipts are executed by the correct executor
-	for _, r := range receipts {
-		r.ExecutorID = s.ExeID
-	}
-
-	for _, b := range blocks {
-		s.Extend(b)
-	}
-	s.PersistedResults[result0.ID()] = result0
-
-	candidate := unittest.BlockWithParentFixture(blockB.Header)
-	candidate.Payload = &flow.Payload{
-		Receipts: []*flow.ExecutionReceiptMeta{receiptB.Meta()},
-		Results:  []*flow.ExecutionResult{&receiptB.ExecutionResult},
-	}
-
-	err := s.receiptValidator.ValidatePayload(candidate)
-	s.Require().Error(err)
-	s.Require().True(engine.IsInvalidInputError(err))
-}
-
 // TestValidateReceiptResultHasEnoughReceipts tests a case where a leader incorporates an execution result
-// into their proposal, which has multiple receipts and ReceiptValidator,
-// is configured to accept at least 2 receipts per execution result.
+// into their proposal, which has multiple receipts and ReceiptValidator.
 func (s *ReceiptValidationSuite) TestValidateReceiptResultHasEnoughReceipts() {
-	k := uint(5)
 	s.receiptValidator = NewReceiptValidator(
 		s.State,
 		s.HeadersDB,
 		s.IndexDB,
 		s.ResultsDB,
 		s.SealsDB,
-		k, // at least 2 receipts per execution result
 	)
 	// assuming signatures are all good
 	s.publicKey.On("Verify", mock.Anything, mock.Anything, mock.Anything).Return(true, nil)
@@ -881,22 +829,9 @@ func (s *ReceiptValidationSuite) TestValidateReceiptResultHasEnoughReceipts() {
 	}
 	s.PersistedResults[result0.ID()] = result0
 
-	candidateReceipts := []*flow.ExecutionReceiptMeta{receiptB.Meta()}
-	// add k-1 more receipts for the same execution result
-	for i := uint(1); i < k; i++ {
-		// use base receipt and change the executor ID, we don't care about signatures since we are not validating them
-		receipt := *receiptB.Meta()
-		// create a mock executor which submitted the receipt
-		executor := unittest.IdentityFixture(unittest.WithRole(flow.RoleExecution), unittest.WithStakingPubKey(s.publicKey))
-		receipt.ExecutorID = executor.NodeID
-		// update local identity table so the receipt is considered valid
-		s.Identities[executor.NodeID] = executor
-		candidateReceipts = append(candidateReceipts, &receipt)
-	}
-
 	candidate := unittest.BlockWithParentFixture(blockB.Header)
 	candidate.Payload = &flow.Payload{
-		Receipts: candidateReceipts,
+		Receipts: []*flow.ExecutionReceiptMeta{receiptB.Meta()},
 		Results:  []*flow.ExecutionResult{&receiptB.ExecutionResult},
 	}