Skip to content

Commit 9104350

Browse files
alpealpe
authored
fix: Store authority in AttesterInfo and check for authz; proto-gen (#362)
* feat: Store `authority` in `AttesterInfo` and check for authz; proto-gen * Fix tests * Review feedback * Remove attester info on leave * Update test
1 parent 4bc23ab commit 9104350

8 files changed

Lines changed: 445 additions & 151 deletions

File tree

modules/network/keeper/msg_server.go

Lines changed: 26 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -38,12 +38,13 @@ func (k msgServer) Attest(goCtx context.Context, msg *types.MsgAttest) (*types.M
3838
!k.IsCheckpointHeight(ctx, msg.Height) {
3939
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "height %d is not a checkpoint", msg.Height)
4040
}
41-
has, err := k.IsInAttesterSet(ctx, msg.ConsensusAddress)
42-
if err != nil {
43-
return nil, sdkerr.Wrapf(err, "in attester set")
41+
42+
if len(msg.Vote) < MinVoteLen {
43+
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "vote payload too short: got %d bytes, minimum %d", len(msg.Vote), MinVoteLen)
4444
}
45-
if !has {
46-
return nil, sdkerr.Wrapf(sdkerrors.ErrUnauthorized, "consensus address %s not in attester set", msg.ConsensusAddress)
45+
46+
if err := k.assertValidValidatorAuthority(ctx, msg.ConsensusAddress, msg.Authority); err != nil {
47+
return nil, err
4748
}
4849

4950
index, found := k.GetValidatorIndex(ctx, msg.ConsensusAddress)
@@ -91,15 +92,6 @@ func (k msgServer) Attest(goCtx context.Context, msg *types.MsgAttest) (*types.M
9192
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "consensus address %s already attested for height %d", msg.ConsensusAddress, msg.Height)
9293
}
9394

94-
// Validate vote payload meets minimum signature length.
95-
// A valid vote must contain at least a cryptographic signature (
96-
// 64 bytes for Ed25519). We enforce the minimum here; full cryptographic
97-
// verification of the signature against the block data should be added once
98-
// the vote format is finalized.
99-
if len(msg.Vote) < MinVoteLen {
100-
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "vote payload too short: got %d bytes, minimum %d", len(msg.Vote), MinVoteLen)
101-
}
102-
10395
// Set the bit
10496
k.bitmapHelper.SetBit(bitmap, int(index))
10597
if err := k.SetAttestationBitmap(ctx, msg.Height, bitmap); err != nil {
@@ -200,15 +192,14 @@ func (k msgServer) JoinAttesterSet(goCtx context.Context, msg *types.MsgJoinAtte
200192

201193
// Store the attester information including pubkey (key by consensus address)
202194
attesterInfo := &types.AttesterInfo{
203-
Validator: msg.ConsensusAddress, // Use consensus address as primary key
195+
Authority: msg.Authority,
204196
Pubkey: msg.Pubkey,
205197
JoinedHeight: ctx.BlockHeight(),
206198
}
207199

208200
if err := k.SetAttesterInfo(ctx, msg.ConsensusAddress, attesterInfo); err != nil {
209201
return nil, sdkerr.Wrap(err, "set attester info")
210202
}
211-
212203
// TODO (Alex): the valset should be updated at the end of an epoch only
213204
if err := k.SetAttesterSetMember(ctx, msg.ConsensusAddress); err != nil {
214205
return nil, sdkerr.Wrap(err, "set attester set member")
@@ -229,14 +220,13 @@ func (k msgServer) JoinAttesterSet(goCtx context.Context, msg *types.MsgJoinAtte
229220
func (k msgServer) LeaveAttesterSet(goCtx context.Context, msg *types.MsgLeaveAttesterSet) (*types.MsgLeaveAttesterSetResponse, error) {
230221
ctx := sdk.UnwrapSDKContext(goCtx)
231222

232-
has, err := k.IsInAttesterSet(ctx, msg.ConsensusAddress)
233-
if err != nil {
234-
return nil, sdkerr.Wrapf(err, "in attester set")
235-
}
236-
if !has {
237-
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "consensus address not in attester set")
223+
if err := k.assertValidValidatorAuthority(ctx, msg.ConsensusAddress, msg.Authority); err != nil {
224+
return nil, err
238225
}
239226

227+
if err := k.AttesterInfo.Remove(ctx, msg.ConsensusAddress); err != nil {
228+
return nil, sdkerr.Wrap(err, "remove attester info")
229+
}
240230
// TODO (Alex): the valset should be updated at the end of an epoch only
241231
if err := k.RemoveAttesterSetMember(ctx, msg.ConsensusAddress); err != nil {
242232
return nil, sdkerr.Wrap(err, "remove attester set member")
@@ -253,6 +243,20 @@ func (k msgServer) LeaveAttesterSet(goCtx context.Context, msg *types.MsgLeaveAt
253243
return &types.MsgLeaveAttesterSetResponse{}, nil
254244
}
255245

246+
func (k msgServer) assertValidValidatorAuthority(ctx sdk.Context, consensusAddress, authority string) error {
247+
v, err := k.AttesterInfo.Get(ctx, consensusAddress)
248+
if err != nil {
249+
if errors.Is(err, collections.ErrNotFound) {
250+
return sdkerr.Wrapf(sdkerrors.ErrUnauthorized, "consensus address %s not in attester set", consensusAddress)
251+
}
252+
return sdkerr.Wrapf(err, "attester set")
253+
}
254+
if v.Authority != authority {
255+
return sdkerr.Wrapf(sdkerrors.ErrUnauthorized, "address %s", authority)
256+
}
257+
return nil
258+
}
259+
256260
// UpdateParams handles MsgUpdateParams
257261
func (k msgServer) UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) {
258262
ctx := sdk.UnwrapSDKContext(goCtx)

0 commit comments

Comments
 (0)