Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Epoch Sync] Add tests for epoch sync proof verification #12260

Open
Tracked by #73
staffik opened this issue Oct 18, 2024 · 1 comment
Open
Tracked by #73

[Epoch Sync] Add tests for epoch sync proof verification #12260

staffik opened this issue Oct 18, 2024 · 1 comment

Comments

@staffik
Copy link
Contributor

staffik commented Oct 18, 2024
edited
Loading

Description

Follow-up task to #12020.

Comment:
Add some tests (can add some to the testloop test) that messing with the proof will result in a failing verification.
We could, e.g. check that tweaking every byte of a valid serialized proof will cause a failure one way or another.
It doesn't cover all possible attacks but at least makes sure that we aren't forgetting any fields.
This was referenced Oct 18, 2024
Open
Merged
github-merge-queue bot pushed a commit that referenced this issue Oct 18, 2024
@staffik
[Epoch Sync] EpochSyncProof validation (#12020)
2c40e53 
Issue: #11932

Implements EpochSyncProof validation, according to:
- [design
doc](https://docs.google.com/document/d/14Itc9Hs7ewTRmcGANid9UCaYcJzaLzzM7FsvYYIFKDY/edit#heading=h.p2oiicluwd6o)
-
[`epoch_sync.rs`](https://github.com/near/nearcore/blob/d6d6e4782f7d57a7b7acc2894e1668355012ff74/core/primitives/src/epoch_sync.rs)

Summary:
- Move block merkle proof retrieval logic from `Chain` to a separate
trait (`MerkleProofAccess`). Make `Store` implements this trait so that
we can `get_block_proof` while serving `EpochSyncRequest` from a
separate thread and having no access to `Chain`.
- Refactor `verify_approval` and `compute_bp_hash` so that we can use it
for proof validation.
- Derive `first_block_info_in_epoch` from block header.
- Implement the validation logic.
- Add 2 more fields to the proof
  - `EpochSyncProofPastEpochData::protocol_version`
- `merkle_proof_for_first_block` generated at height of final block of
current epoch.
- Apparently, we need to add even more to enable generating
`merkle_proof_for_first_block` at the bootstrapped node. That will be
done as a follow-up issue:
#12255.
- Create a bunch of follow-up issues (added to the [tracking
issue](near/near-one-project-tracking#73)):
  - #12255
  - #12256
  - #12258
  - #12259
  - #12260
@robin-near
Copy link
Contributor

Some things to check for:

  • Messing with the proof arbitrarily (flipping every bit perhaps)
  • Making a test case where every epoch the block producers change (to check that we don't have any off-by-one errors in verifying handoff and signatures)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@staffik @robin-near