Skip to content

Commit

Permalink
Add basic key sanity checks. Don't produce blocks if keys don't match.
Browse files Browse the repository at this point in the history
  • Loading branch information
@nibhar
nibhar committed Nov 17, 2024
1 parent b8ed402 commit c016f48
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 14 deletions.
14 changes: 13 additions & 1 deletion blockchain/src/block_production/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ impl BlockProducer {
let seed = if skip_block_proof.is_some() {
// VRF seed of a skip block is carried over since a new VRF seed would require a new
// leader.
prev_seed
prev_seed.clone()
} else {
prev_seed.sign_next_with_rng(&self.signing_key, block_number, rng)
};
Expand Down Expand Up @@ -225,6 +225,18 @@ impl BlockProducer {
let justification = if let Some(skip_block_proof) = skip_block_proof {
MicroJustification::Skip(skip_block_proof)
} else {
// Sanity check the signing key
let validators = blockchain
.current_validators()
.expect("current validators must be accessible.");
let epoch_validator = validators.get_validator_by_slot_number(
blockchain
.get_proposer(block_number, block_number, prev_seed.entropy(), None)
.expect("should find producer")
.number,
);
assert_eq!(self.signing_key.public, epoch_validator.signing_key);

// Signs the block header using the signing key.
let hash = header.hash();
let signature = self.signing_key.sign(hash.as_slice());
Expand Down
12 changes: 12 additions & 0 deletions validator/src/tendermint.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,18 @@ where
id: id.clone(),
};

let one_of_our_slots = self
.validator_registry
.get_slots(self.validator_slot_band)
.start;

let public_key = self
.validator_registry
.public_key(one_of_our_slots as usize)
.expect("Key must be be present");

assert_eq!(self.block_producer.voting_key.public_key, public_key);

let own_contribution = TendermintContribution::from_vote(
tendermint_vote,
&self.block_producer.voting_key.secret_key,
Expand Down
26 changes: 13 additions & 13 deletions validator/src/validator.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,19 @@ where
epoch_number = blockchain.epoch_number(),
"We are ACTIVE in this epoch"
);

// Find the entry for this validator in the epochs validators.
let epoch_validator = validators.get_validator_by_slot_band(slot_band);

// Compare configured validator voting key to the one in the current epoch to make sure it is the same.
if *epoch_validator.voting_key.compressed() != self.voting_key().public_key.compress() {
panic!("Invalid validator configuration: Configured voting key does not match voting key in this epoch");
}

// Compare configured validator signing key to the one in the current epoch to make sure it is the same.
if epoch_validator.signing_key != self.signing_key().public {
panic!("Invalid validator configuration: Configured signing key does not match signing key in this epoch");
}
} else {
log::debug!(
validator_address = %self.validator_address(),
Expand All @@ -355,19 +368,6 @@ where

// Set the elected validators of the current epoch in the network as well.
self.network.set_validators(validators);

// Check validator configuration
if let Some(validator) = self.get_validator(&blockchain) {
// Compare configured validator voting key to the one in the contract to make sure it is the same.
if validator.voting_key != self.voting_key().public_key.compress() {
error!("Invalid validator configuration: Configured voting key does not match voting key in staking contract");
}

// Compare configured validator signing key to the one in the contract to make sure it is the same.
if validator.signing_key != self.signing_key().public {
error!("Invalid validator configuration: Configured signing key does not match signing key in staking contract");
}
}
}

fn init_block_producer(&mut self, head_hash: Option<&Blake2bHash>) {
Expand Down

0 comments on commit c016f48

Please sign in to comment.