Skip to content

Bugfix: Invalid blocks were produced in the presence of invalid deposits #3639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 17, 2022
Merged

Bugfix: Invalid blocks were produced in the presence of invalid deposits #3639

merged 1 commit into from
May 17, 2022

Conversation

zah
Copy link
Contributor

@zah zah commented May 16, 2022

Since we were not verifying BLS signature in blocks that we produce,
we were failing to notice that some deposits need to be ignored (due
to having an invalid signature). Processing these deposits resulted
in a different ending state after the state transition which caused
our blocks to be rejected by the network.

@zah zah mentioned this pull request May 16, 2022
Closed
@github-actions
Copy link

github-actions bot commented May 16, 2022
edited
Loading

Unit Test Results

     12 files  ±0     842 suites  ±0   50m 10s ⏱️ +42s
1 693 tests ±0  1 645 ✔️ ±0    48 💤 ±0  0 ±0 
9 853 runs  ±0  9 741 ✔️ ±0  112 💤 ±0  0 ±0 

Results for commit 2a9dd4f. ± Comparison against base commit 1177f33.

♻️ This comment has been updated with latest results.

arnetheduck
arnetheduck reviewed May 17, 2022
View reviewed changes
beacon_chain/spec/state_transition_block.nim
@@ -296,7 +296,7 @@ proc process_deposit*(cfg: RuntimeConfig,
else:
# Verify the deposit signature (proof of possession) which is not checked
# by the deposit contract
if skipBlsValidation in flags or verify_deposit_signature(cfg, deposit.data):
if verify_deposit_signature(cfg, deposit.data):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we have tests that don't create signatures for deposits but expect them to succeed

arnetheduck
arnetheduck reviewed May 17, 2022
View reviewed changes
beacon_chain/spec/state_transition_block.nim
@@ -296,7 +296,7 @@ proc process_deposit*(cfg: RuntimeConfig,
else:
# Verify the deposit signature (proof of possession) which is not checked
# by the deposit contract
if skipBlsValidation in flags or verify_deposit_signature(cfg, deposit.data):
if verify_deposit_signature(cfg, deposit.data):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we have tests that don't create signatures for deposits but expect them to succeed

@arnetheduck
Copy link
Member

good find 🎉

@zah zah force-pushed the invalid-deposits-min-fix branch from c80bf84 to 74c7d4d Compare May 17, 2022 12:12
@zah zah mentioned this pull request May 17, 2022
Open
@zah
Bugfix: Invalid blocks were produced in the presence of invalid deposits
2a9dd4f 
Since we were not verifying BLS signature in blocks that we produce,
we were failing to notice that some deposits need to be ignored (due
to having an invalid signature). Processing these deposits resulted
in a different ending state after the state transition which caused
our blocks to be rejected by the network.
@zah zah force-pushed the invalid-deposits-min-fix branch from 74c7d4d to 2a9dd4f Compare May 17, 2022 16:26
@zah zah merged commit 18968e9 into unstable May 17, 2022
@zah zah deleted the invalid-deposits-min-fix branch May 17, 2022 19:56
arnetheduck
arnetheduck reviewed May 17, 2022
View reviewed changes
tests/testblockutil.nim
@@ -124,9 +124,11 @@ proc addTestBlock*(
sync_aggregate,
default(ExecutionPayload),
noRollback,
cache)
cache,
verificationFlags = {skipBlsValidation})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ping @zah this should be flags

Copy link
Contributor Author

@zah zah May 17, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be removed, but there wasn't enough time before the release to investigate how the tests can be fixed. Otherwise, feel free to rename it although the flags name would be a bit misleading in a function called makeBeaconBlock (the flags don't affect how the block is created, but rather how it's executed (or verified), hence my name).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we use flags as a convention for this variable throughout the spec code which makes the code easier to read - it would be nice if this code adhered to it as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arnetheduck arnetheduck arnetheduck approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zah @arnetheduck