Merge pull request #77 from datachainlab/audit_BELC1

BELC1
datachainlab · Nov 27, 2024 · 3bf2a1c · 3bf2a1c
2 parents 2952ced + 675c40e
commit 3bf2a1c
Show file tree

Hide file tree

Showing 6 changed files with 272 additions and 126 deletions.
diff --git a/light-client/src/client.rs b/light-client/src/client.rs
@@ -571,7 +571,7 @@ mod test {
     fn test_success_create_client() {
         let client_state = hex!("0a272f6962632e6c69676874636c69656e74732e7061726c69612e76312e436c69656e745374617465124d08381214151f3951fa218cac426edfe078fa9e5c6dcea5001a2000000000000000000000000000000000000000000000000000000000000000002205109b9ea90f2a040880a305320410c0843d").to_vec();
         let consensus_state = hex!("0a2a2f6962632e6c69676874636c69656e74732e7061726c69612e76312e436f6e73656e7375735374617465126c0a2056e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b42110de82d5a8061a209c59cf0b5717cb6e2bd8620b7f3481605c8abcd45636bdf45c86db06338f0c5e22207a1dede35f5c835fecdc768324928cd0d9d9161e8529e1ba1e60451f3a9d088a").to_vec();
-        let client = ParliaLightClient::default();
+        let client = ParliaLightClient;
         let mock_consensus_state = BTreeMap::new();
         let ctx = MockClientReader {
             client_state: None,
@@ -673,7 +673,7 @@ mod test {
     ) {
         let any: Any = header.try_into().unwrap();
         let header = Header::try_from(any.clone()).unwrap();
-        let client = ParliaLightClient::default();
+        let client = ParliaLightClient;
         let client_id = ClientId::new(&client.client_type(), 1).unwrap();
         let mut mock_consensus_state = BTreeMap::new();
         let trusted_cs = ConsensusState {
@@ -743,7 +743,7 @@ mod test {
     #[rstest]
     #[case::localnet(localnet())]
     fn test_success_update_state_continuous(#[case] hp: Box<dyn Network>) {
-        let client = ParliaLightClient::default();
+        let client = ParliaLightClient;
         let client_id = ClientId::new(&client.client_type(), 1).unwrap();
         let header_groups = hp.success_update_client_continuous_input();
 
@@ -800,7 +800,7 @@ mod test {
         let header = input.header;
         let any: Any = header.try_into().unwrap();
 
-        let client = ParliaLightClient::default();
+        let client = ParliaLightClient;
         let client_id = ClientId::new(&client.client_type(), 1).unwrap();
         let mut mock_consensus_state = BTreeMap::new();
 
@@ -877,7 +877,7 @@ mod test {
         let header = Header::try_from(input.clone()).unwrap();
         let trusted_height = header.trusted_height();
 
-        let client = ParliaLightClient::default();
+        let client = ParliaLightClient;
         let client_id = ClientId::new(&client.client_type(), 1).unwrap();
         let mut mock_consensus_state = BTreeMap::new();
         mock_consensus_state.insert(trusted_height, ConsensusState::default());
@@ -977,7 +977,7 @@ mod test {
         latest_height: Height,
         frozen: bool,
     ) -> Result<VerifyMembershipResult, light_client::Error> {
-        let client = ParliaLightClient::default();
+        let client = ParliaLightClient;
         let client_id = ClientId::new(client.client_type().as_str(), 0).unwrap();
         let mut mock_consensus_state = BTreeMap::new();
         mock_consensus_state.insert(
@@ -1008,7 +1008,7 @@ mod test {
 
     #[test]
     fn test_success_submit_misbehavior() {
-        let client = ParliaLightClient::default();
+        let client = ParliaLightClient;
         let client_id = ClientId::new(client.client_type().as_str(), 1).unwrap();
 
         // Detect misbehavior
@@ -1071,7 +1071,7 @@ mod test {
             consensus_state: BTreeMap::new(),
         };
 
-        let client = ParliaLightClient::default();
+        let client = ParliaLightClient;
         let client_id = ClientId::new(client.client_type().as_str(), 1).unwrap();
 
         // fail: exactly same block

diff --git a/light-client/src/errors.rs b/light-client/src/errors.rs
@@ -84,11 +84,10 @@ pub enum Error {
     MissingTurnLengthInEpochBlock(BlockNumber),
     MissingEpochInfoInEpochBlock(BlockNumber),
     MissingNextValidatorSet(BlockNumber),
-    MissingCurrentValidatorSet(BlockNumber),
     UnexpectedPreviousValidatorsHash(Height, Height, Hash, Hash),
     UnexpectedCurrentValidatorsHash(Height, Height, Hash, Hash),
     InvalidVerifyingHeaderLength(BlockNumber, usize),
-    InsufficientTrustedValidatorsInUntrustedValidators(Hash, usize, usize),
+    InsufficientHonestValidator(Hash, usize, usize),
     MissingValidatorToVerifySeal(BlockNumber),
     MissingValidatorToVerifyVote(BlockNumber),
     UnexpectedNextCheckpointHeader(BlockNumber, BlockNumber),
@@ -98,6 +97,7 @@ pub enum Error {
     UnexpectedDifficultyNoTurn(BlockNumber, u64, usize),
     UnexpectedUntrustedValidatorsHashInEpoch(Height, Height, Hash, Hash),
     UnexpectedCurrentValidatorsHashInEpoch(Height, Height, Hash, Hash),
+    UnexpectedUntrustedValidators(BlockNumber, BlockNumber),
 
     // Vote attestation
     UnexpectedTooManyHeadersToFinalize(BlockNumber, usize),
@@ -316,19 +316,12 @@ impl core::fmt::Display for Error {
             Error::UnexpectedVoteRelation(e1, e2, e3) => {
                 write!(f, "UnexpectedVoteRelation : {} {} {:?}", e1, e2, e3)
             }
-            Error::InsufficientTrustedValidatorsInUntrustedValidators(e1, e2, e3) => {
-                write!(
-                    f,
-                    "InsufficientTrustedValidatorsInUntrustedValidators : {:?} {} {}",
-                    e1, e2, e3
-                )
+            Error::InsufficientHonestValidator(e1, e2, e3) => {
+                write!(f, "InsufficientHonestValidator : {:?} {} {}", e1, e2, e3)
             }
             Error::MissingNextValidatorSet(e1) => {
                 write!(f, "MissingNextValidatorSet : {}", e1)
             }
-            Error::MissingCurrentValidatorSet(e1) => {
-                write!(f, "MissingCurrentValidatorSet : {}", e1)
-            }
             Error::MissingValidatorToVerifySeal(e1) => {
                 write!(f, "MissingValidatorToVerifySeal : {:?}", e1)
             }
@@ -379,6 +372,9 @@ impl core::fmt::Display for Error {
                     e1, e2, e3, e4
                 )
             }
+            Error::UnexpectedUntrustedValidators(e1, e2) => {
+                write!(f, "UnexpectedUntrustedValidators : {} {}", e1, e2)
+            }
             Error::UnsupportedMinimumTimestamp(e1) => {
                 write!(f, "UnsupportedMinimumTimestamp : {:?}", e1)
             }

diff --git a/light-client/src/header/epoch.rs b/light-client/src/header/epoch.rs
@@ -57,53 +57,56 @@ impl<'a> TrustedEpoch<'a> {
     pub fn new(inner: &'a Epoch) -> Self {
         Self { inner }
     }
-}
 
-#[derive(Clone, Debug, PartialEq)]
-pub struct UntrustedEpoch<'a> {
-    inner: &'a Epoch,
-}
-
-impl<'a> UntrustedEpoch<'a> {
-    pub fn new(inner: &'a Epoch) -> Self {
-        Self { inner }
-    }
-    pub fn checkpoint(&self) -> u64 {
-        self.inner.checkpoint()
-    }
-    pub fn try_borrow(&'a self, trusted_epoch: &TrustedEpoch) -> Result<&'a Epoch, Error> {
-        let (result, found, required) = self.contains(trusted_epoch);
+    pub fn verify_untrusted_voters(&self, untrusted_voter: &Validators) -> Result<(), Error> {
+        let (result, found, required) =
+            self.contains_at_least_one_honest_validator(untrusted_voter);
         if result {
-            return Ok(self.inner);
+            return Ok(());
         }
-        Err(Error::InsufficientTrustedValidatorsInUntrustedValidators(
+        Err(Error::InsufficientHonestValidator(
             self.inner.hash,
             found,
             required,
         ))
     }
 
-    fn contains(&self, trusted_epoch: &TrustedEpoch) -> (bool, usize, usize) {
-        let trusted_validators = trusted_epoch.validators();
+    pub fn contains_at_least_one_honest_validator(
+        &self,
+        untrusted_voters: &Validators,
+    ) -> (bool, usize, usize) {
         let mut trusted_validator_count = 0;
-        for x1 in self.inner.validators() {
-            if trusted_validators.contains(x1) {
+        for x1 in untrusted_voters {
+            if self.validators().contains(x1) {
                 trusted_validator_count += 1;
             }
         }
-        let required = Self::threshold(trusted_validators.len());
+        let required = Self::threshold(self.validators().len());
         (
             trusted_validator_count >= required,
             trusted_validator_count,
             required,
         )
     }
-
     fn threshold(validators_len: usize) -> usize {
         validators_len - ceil_div(validators_len * 2, 3) + 1
     }
 }
 
+#[derive(Clone, Debug, PartialEq)]
+pub struct UntrustedEpoch<'a> {
+    inner: &'a Epoch,
+}
+
+impl<'a> UntrustedEpoch<'a> {
+    pub fn new(inner: &'a Epoch) -> Self {
+        Self { inner }
+    }
+    pub fn checkpoint(&self) -> u64 {
+        self.inner.checkpoint()
+    }
+}
+
 #[derive(Clone, Debug, PartialEq)]
 pub enum EitherEpoch<'a> {
     Trusted(TrustedEpoch<'a>),
@@ -117,16 +120,23 @@ impl<'a> EitherEpoch<'a> {
             EitherEpoch::Untrusted(v) => v.checkpoint(),
         }
     }
+
+    pub fn epoch(&self) -> &'a Epoch {
+        match self {
+            EitherEpoch::Trusted(v) => v.inner,
+            EitherEpoch::Untrusted(v) => v.inner,
+        }
+    }
 }
 
 #[cfg(test)]
 mod test {
     use crate::errors::Error;
-    use crate::header::epoch::{Epoch, TrustedEpoch, UntrustedEpoch, ValidatorSet};
+    use crate::header::epoch::{Epoch, TrustedEpoch, ValidatorSet};
 
     #[test]
-    pub fn test_untrusted_epoch_try_borrow() {
-        let mut _assert_trusted = |x, y, c_val_borrowable| {
+    pub fn test_verify_voter() {
+        let mut _assert_trusted = |x, y, success: bool| {
             let trusted_validators: ValidatorSet = vec![
                 vec![1],
                 vec![2],
@@ -139,34 +149,18 @@ mod test {
             .into();
             let trusted_epoch = Epoch::new(trusted_validators, 1);
             let trusted_epoch = TrustedEpoch::new(&trusted_epoch);
-            let untrusted_epoch = Epoch::new(
-                ValidatorSet {
-                    validators: x,
-                    hash: [0; 32],
-                },
-                1,
-            );
-            let untrusted_epoch = UntrustedEpoch::new(&untrusted_epoch);
-            let (result, count, required) = untrusted_epoch.contains(&trusted_epoch);
-            assert_eq!(result, c_val_borrowable);
+            let (result, count, required) =
+                trusted_epoch.contains_at_least_one_honest_validator(&x);
+            assert_eq!(result, success);
             assert_eq!(count, y);
             assert_eq!(required, 3);
-            match untrusted_epoch.try_borrow(&trusted_epoch) {
-                Ok(borrowed) => {
-                    if c_val_borrowable {
-                        assert_eq!(borrowed, untrusted_epoch.inner);
-                    } else {
-                        unreachable!("unexpected borrowed")
-                    }
-                }
+            match trusted_epoch.verify_untrusted_voters(&x) {
+                Ok(_) => assert!(success),
                 Err(e) => {
-                    if c_val_borrowable {
-                        unreachable!("unexpected error {:?}", e);
-                    } else {
-                        match e {
-                            Error::InsufficientTrustedValidatorsInUntrustedValidators(_, _, _) => {}
-                            e => unreachable!("unexpected error type {:?}", e),
-                        }
+                    assert!(!success);
+                    match e {
+                        Error::InsufficientHonestValidator(_, _, _) => {}
+                        e => unreachable!("unexpected error type {:?}", e),
                     }
                 }
             }
@@ -302,15 +296,15 @@ mod test {
 
     #[test]
     pub fn test_trust_threshold() {
-        assert_eq!(1, UntrustedEpoch::threshold(1));
-        assert_eq!(1, UntrustedEpoch::threshold(2));
-        assert_eq!(2, UntrustedEpoch::threshold(3));
-        assert_eq!(2, UntrustedEpoch::threshold(4));
-        assert_eq!(2, UntrustedEpoch::threshold(5));
-        assert_eq!(3, UntrustedEpoch::threshold(6));
-        assert_eq!(3, UntrustedEpoch::threshold(7));
-        assert_eq!(3, UntrustedEpoch::threshold(8));
-        assert_eq!(4, UntrustedEpoch::threshold(9));
-        assert_eq!(8, UntrustedEpoch::threshold(21));
+        assert_eq!(1, TrustedEpoch::threshold(1));
+        assert_eq!(1, TrustedEpoch::threshold(2));
+        assert_eq!(2, TrustedEpoch::threshold(3));
+        assert_eq!(2, TrustedEpoch::threshold(4));
+        assert_eq!(2, TrustedEpoch::threshold(5));
+        assert_eq!(3, TrustedEpoch::threshold(6));
+        assert_eq!(3, TrustedEpoch::threshold(7));
+        assert_eq!(3, TrustedEpoch::threshold(8));
+        assert_eq!(4, TrustedEpoch::threshold(9));
+        assert_eq!(8, TrustedEpoch::threshold(21));
     }
 }