fix(network): add vote payload validation in Attest handler (#360)

* security: add vote payload validation in Attest handler

The Attest handler previously accepted any vote payload, including empty or
garbage data. This allowed attesters to submit meaningless votes that would
be counted toward quorum.

This commit adds vote payload validation:
- Rejects nil/empty vote payloads
- Enforces minimum 48-byte length (BLS signature size)
- Documents that full cryptographic verification should be added once
  the vote format is finalized

Adds 5 table-driven test cases for vote payload validation.

* fix: move minVoteLen to exported constant, remove redundant empty check

- MinVoteLen is now a package-level constant (48 bytes) shared between
  handler and tests to avoid drift
- Removed redundant len(msg.Vote) == 0 check since len < 48 covers it
- Check SetParams error return (errcheck)

Author: alpe

modules/network/keeper/msg_server.go

@@ -15,6 +15,10 @@ import (
 	"github.com/evstack/ev-abci/modules/network/types"
 )
 
+// MinVoteLen is the minimum vote payload length in bytes.
+// 64 is the size of a Ed25519 signature
+const MinVoteLen = 64
+
 type msgServer struct {
 	Keeper
 }
@@ -66,7 +70,14 @@ func (k msgServer) Attest(goCtx context.Context, msg *types.MsgAttest) (*types.M
 		return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "consensus address %s already attested for height %d", msg.ConsensusAddress, msg.Height)
 	}
 
-	// TODO: Verify the vote signature here once we implement vote parsing
+	// Validate vote payload meets minimum signature length.
+	// A valid vote must contain at least a cryptographic signature (
+	// 64 bytes for Ed25519). We enforce the minimum here; full cryptographic
+	// verification of the signature against the block data should be added once
+	// the vote format is finalized.
+	if len(msg.Vote) < MinVoteLen {
+		return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "vote payload too short: got %d bytes, minimum %d", len(msg.Vote), MinVoteLen)
+	}
 
 	// Set the bit
 	k.bitmapHelper.SetBit(bitmap, int(index))

modules/network/keeper/msg_server_test.go

@@ -159,6 +159,72 @@ func TestJoinAttesterSetMaxCap(t *testing.T) {
 	})
 }
 
+func TestAttestVotePayloadValidation(t *testing.T) {
+	myValAddr := sdk.ValAddress("validator1")
+
+	specs := map[string]struct {
+		vote   []byte
+		expErr error
+	}{
+		"empty vote rejected": {
+			vote:   []byte{},
+			expErr: sdkerrors.ErrInvalidRequest,
+		},
+		"nil vote rejected": {
+			vote:   nil,
+			expErr: sdkerrors.ErrInvalidRequest,
+		},
+		"short vote rejected": {
+			vote:   make([]byte, MinVoteLen-1),
+			expErr: sdkerrors.ErrInvalidRequest,
+		},
+		"min-length vote accepted": {
+			vote: make([]byte, MinVoteLen),
+		},
+		"valid-length vote accepted": {
+			vote: make([]byte, 96),
+		},
+	}
+
+	for name, spec := range specs {
+		t.Run(name, func(t *testing.T) {
+			sk := NewMockStakingKeeper()
+			cdc := moduletestutil.MakeTestEncodingConfig().Codec
+			keys := storetypes.NewKVStoreKeys(types.StoreKey)
+			logger := log.NewTestLogger(t)
+			cms := integration.CreateMultiStore(keys, logger)
+			authority := authtypes.NewModuleAddress("gov")
+			keeper := NewKeeper(cdc, runtime.NewKVStoreService(keys[types.StoreKey]), sk, nil, nil, authority.String())
+			server := msgServer{Keeper: keeper}
+			ctx := sdk.NewContext(cms, cmtproto.Header{
+				ChainID: "test-chain",
+				Time:    time.Now().UTC(),
+				Height:  10,
+			}, false, logger).WithContext(t.Context())
+
+			require.NoError(t, keeper.SetParams(ctx, types.DefaultParams()))
+			require.NoError(t, keeper.SetAttesterSetMember(ctx, myValAddr.String()))
+			require.NoError(t, keeper.BuildValidatorIndexMap(ctx))
+
+			msg := &types.MsgAttest{
+				Authority:        myValAddr.String(),
+				ConsensusAddress: myValAddr.String(),
+				Height:           10,
+				Vote:             spec.vote,
+			}
+
+			rsp, err := server.Attest(ctx, msg)
+			if spec.expErr != nil {
+				require.ErrorIs(t, err, spec.expErr)
+				require.Nil(t, rsp)
+				return
+			}
+			require.NoError(t, err)
+			require.NotNil(t, rsp)
+		})
+	}
+}
+
 var _ types.StakingKeeper = &MockStakingKeeper{}
 
 type MockStakingKeeper struct {