[1.0.4] Finality violation tests 1.0.0 #610
Conversation
…savanna contract for clarity
…_policy_generation in savanna smart contracts and tests for clarity
generation used in finality violation tests
… collected by the light client is used
…nction with full policies
…scenarios where the fake block's timestamp is lower vs higher than block with conflicting range
unittests/test-contracts/savanna/finality_violation/finality_violation.cpp
Show resolved
Hide resolved
unittests/test-contracts/savanna/finality_violation/finality_violation.cpp
Outdated
Show resolved
Hide resolved
unittests/test-contracts/savanna/finality_violation/finality_violation.cpp
Outdated
Show resolved
Hide resolved
unittests/test-contracts/savanna/finality_violation/finality_violation.cpp
Outdated
Show resolved
Hide resolved
unittests/test-contracts/savanna/finality_violation/finality_violation.cpp
Outdated
Show resolved
Hide resolved
unittests/test-contracts/savanna/finality_violation/finality_violation.cpp
Outdated
Show resolved
Hide resolved
…ty_violation contract
…uorum threshold has been met
|
Note:start |
heifner
changed the title
arhag
changed the title
arhag
changed the title
spoonincode
changed the title
…na bitset and ibc tests
… merging of strong and weak votes when evaluating responsibility in finality violation proofs
… ancestor of the high proof block
| //verify that the quorum certificate over the finality digest is valid | ||
| void _check_qc(const quorum_certificate_input& qc, const checksum256& finality_digest, const finalizer_policy_input& finalizer_policy){ | ||
|
|
||
| uint64_t aggregate_keys(const savanna::bitset& votes, const finalizer_policy_input& finalizer_policy, bls_g1& agg_pub_key){ |
There was a problem hiding this comment.
It would be better to return a pair of the aggregate key and the total weight.
| if (qc.is_weak.has_value() && qc.is_weak.value() == true) message = create_weak_digest(finality_digest); | ||
| for (size_t i = 0 ; i < messages.size(); i++){ | ||
| //verify signature validity | ||
| check(bls_signature_verify(agg_pub_keys[i], decode_bls_signature_to_g2(agg_sig), messages[i]), "signature verification failed"); |
There was a problem hiding this comment.
This doesn't make sense as a way to check the aggregate signature. See how Spring does it.
Lines 205 to 208 in d89dc9f
| check(qc.strong_votes.has_value(), "required strong votes are missing"); | ||
| savanna::bitset strong_b(finalizer_count, qc.strong_votes.value()); | ||
| weight = aggregate_keys(strong_b, finalizer_policy, agg_pub_key); | ||
| _verify({create_strong_digest(finality_digest)}, {agg_pub_key}, qc.signature); |
There was a problem hiding this comment.
This only works if the weak bitset is empty. If it is not empty, then the QC signature would be an aggregate signature formed from the aggregate public key of the strong votes (calculated here) corresponding to the strong digest AND the aggregate public key to the weak votes corresponding to the weak digest.
I think Spring will never bother generating a QC with mixed strong and weak votes when the strong votes are sufficient to meet the threshold. But as far as the protocol is concerned, if weak votes are present, the QC is treated as a weak QC and the aggregate signature must incorporate the effect of those weak votes.
I think these contracts should not necessarily assume that and be able to handle validating the signature with count_strong_only == true even if weak votes are present in the QC.
| weight = aggregate_keys(strong_b, finalizer_policy, agg_pub_key); | ||
| _verify({create_strong_digest(finality_digest)}, {agg_pub_key}, qc.signature); | ||
| } | ||
|
|
There was a problem hiding this comment.
Basically you just need the three cases within the largest else branch here. Although there is a cleaner way of structuring this code See:
Lines 168 to 209 in d89dc9f
I don't think there is even a reason to have the count_strong_only boolean. You may just want to add a bool is_strong() const member function to quorum_certificate_input so that the IBC contract can do a separate check to see if the submitted QC is strong.
| @@ -666,43 +666,43 @@ BOOST_AUTO_TEST_SUITE(svnn_ibc) | |||
| ); | |||
|
|
|||
| chain.push_action("ibc"_n, "testbitset"_n, "ibc"_n, mvo() | |||
| ("bitset_string", "30") //bitset bytes are reversed, so we do the same to test | |||
| ("bitset_string", "03") | |||
There was a problem hiding this comment.
This still does not look correct to me.
If I want to check whether the third finalizer (i == 2) is present, I would expect to look at the i/4 == 0 nibble (using 0-based indexing and counting from left to right, i.e. most significant nibble to least significant nibble). Then converting that nibble into bits, I would expect the i%4 == 2 bit in that nibble (using 0-based indexing and counting from MSB to LSB) to represent the presence of that finalizer.
So, given a bit string of 011:
I would expect the 3rd most significant bit of the first nibble to be 1. Similarly for the 2nd most significant bit of the first nibble. But, I would expect the 1st most significant bit of the first nibble to be 0. Furthermore, I would expect all other bits that are needed for padding purposes to be 0.
So the first nibble should be the hex digit 6 (which has binary representation 0110). And if we need an even number of nibbles in the hex string, then we can pad with a 0 nibble at the end to get the hex representation 60 in this case.
|
|
||
| check(time_range_conflict, "proofs must demonstrate a conflicting time range"); |
There was a problem hiding this comment.
You still need to keep this time range conflict check: the one that verifies that the low_proof_timestamp is between the high_proof_last_claim_timestamp and the high_proof_timestamp. That is independent of the other time checks that you do below.
| //Verify that the computed digest for the low proof doesn't appear in the list of reversible block digests committed to by the high proof | ||
| auto f_itr = std::find(reversible_blocks_digests.begin(), reversible_blocks_digests.end(), computed_digest); | ||
| //A time range conflict has occured if the high proof timestamp is greater than or equal to the low proof timestamp and the high proof parent timestamp is less than the low proof timestamp | ||
| bool time_range_conflict = high_proof_parent_timestamp < low_proof_timestamp && high_proof_timestamp >= low_proof_timestamp; |
There was a problem hiding this comment.
I think the time check here is trying to validate the assumptions of a valid rule 2 proof that I outline in:
First, the user must submit the contents of the leaf node in the reversible block Merkle tree (along with the proof of inclusion up to the reversible blocks root) for the block that has a timestamp greater than or equal to low_proof_timestamp and a parent_timestamp strictly less than low_proof_timestamp. Both of those inequalities must be validated otherwise the submitted proof is not correct.
But the checks on this line does not do that.
You want to make sure that (proof_of_inclusion.target.parent_timestamp < low_proof_timestamp) && (low_proof_timestamp <= proof_of_inclusion.target.timestamp) is true. If this is not true, then the proof is invalid and the action should abort.
| //If the timestamp for the submitted reversible blocks leaf node is strictly greater than low_proof_timestamp, we know that the low proof block is not an ancestor of the high proof block | ||
| //and therefore, a rule 2 violation has occurred. | ||
| if(proof_of_inclusion.target.timestamp > low_proof_timestamp) finality_violation = true; | ||
| else if(proof_of_inclusion.target.timestamp == low_proof_timestamp) { |
There was a problem hiding this comment.
You don't need to have a finality_violation boolean.
Given that you will check the low_proof_timestamp is in the interval (proof_of_inclusion.target.parent_timestamp, proof_of_inclusion.target.timestamp] earlier above, you can simplify this if else to just the following if statement:
if (proof_of_inclusion.target.timestamp == low_proof_timestamp) {
// If the timestamp for the submitted reversible blocks leaf node is exactly equal to low_proof_timestamp,
// we need to compare the finality digest of the low proof block to the finality digest of the
// submitted reversible blocks leaf node to check that they are not the same.
// If they are the same, the submitted proof is not correct.
// But if they are different, then we know that the low proof block is not an ancestor of the high proof block.
check(finalizer_digests.second != proof_of_inclusion.target.finality_digest, "finality digest of low proof must be different from the finality digest of the submitted reversible blocks leaf node");
}| block_timestamp low_proof_last_claim_timestamp = low_proof.qc_block.level_3_commitments.value().latest_qc_claim_timestamp; | ||
| block_timestamp high_proof_last_claim_timestamp = high_proof.qc_block.level_3_commitments.value().latest_qc_claim_timestamp; |
There was a problem hiding this comment.
All of these timestamps are still needed.
We still need to verify one of the timestamp assumptions of rule 3 violations:
bool lock_violation =
(high_proof_last_claim_timestamp <= low_proof_last_claim_timestamp) &&
(low_proof_timestamp < high_proof_timestamp);
check(lock_violation, "proofs must demonstrate a lock violation");This is independent of verifying that the target reversible block also satisfies the timestamp requirements:
bool appropriate_target_reversible_block =
(proof_of_inclusion.target.parent_timestamp < low_proof_last_claim_timestamp) &&
(low_proof_last_claim_timestamp <= proof_of_inclusion.target.timestamp);
check(appropriate_target_reversible_block, "proofs must include appropriate reversible target block");| finality_violation = true; | ||
| } | ||
|
|
||
| check(finality_violation, "proofs must demonstrate a finality violation"); |
There was a problem hiding this comment.
Again no need for finality_violation boolean.
If the appropriate time checks have been done earlier, then all that is needed is to handle the case where proof_of_inclusion.target.timestamp exactly equals low_proof_last_claim_timestamp:
if (proof_of_inclusion.target.timestamp == low_proof_last_claim_timestamp) {
// If the timestamp for the submitted reversible blocks leaf node is exactly equal to low_proof_last_claim_timestamp,
// we need to compare the finality digest of the block claimed by the low proof block to the finality digest of the
// submitted reversible blocks leaf node to check that they are not the same.
// If they are the same, the submitted proof is not correct.
// But if they are different, then we know that the block claimed by the low proof block is not an ancestor of the high proof block.
check(low_proof.qc_block.level_3_commitments.value().latest_qc_claim_finality_digest != proof_of_inclusion.target.finality_digest, "finality digest of block claimed by low proof block must be different from the finality digest of the submitted reversible blocks leaf node");
}
This PR adds tests to cover violation of finality rules #1, #2 and #3 and addresses issue : #91