From 91db6fb3b9ee1998d186fba3bbb57c970d8e4c5c Mon Sep 17 00:00:00 2001
From: SW van Heerden <swvheerden@gmail.com>
Date: Wed, 9 Aug 2023 20:21:48 +0200
Subject: [PATCH] fix!: add validator mr to mining hash (#5615)

Description
---
add validator mr to mining hash
Re-ordered structs/hashes to match each other

Motivation and Context
---
This field is not covered by mining, making it mutable and changeable by
any node.
Reordering was done to make auditing easier now and in future so that
the two match each other

Audit Finding Number
---
TARI-013
---
 base_layer/core/src/blocks/block_header.rs          | 13 +++++++------
 base_layer/core/src/blocks/genesis_block.rs         |  4 ++--
 base_layer/core/src/proof_of_work/sha3x_pow.rs      |  4 ++--
 .../src/transactions/transaction_components/mod.rs  | 12 ++++++------
 .../transaction_components/transaction_input.rs     |  6 +++---
 .../transaction_components/transaction_output.rs    |  6 +++---
 .../transaction_components/wallet_output.rs         |  6 +++---
 base_layer/tari_mining_helper_ffi/src/lib.rs        |  4 ++--
 8 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/base_layer/core/src/blocks/block_header.rs b/base_layer/core/src/blocks/block_header.rs
index e3308c3557..1bc9afa887 100644
--- a/base_layer/core/src/blocks/block_header.rs
+++ b/base_layer/core/src/blocks/block_header.rs
@@ -94,6 +94,8 @@ pub struct BlockHeader {
     pub prev_hash: BlockHash,
     /// Timestamp at which the block was built.
     pub timestamp: EpochTime,
+    /// This is the Merkle root of the inputs in this block
+    pub input_mr: FixedHash,
     /// This is the UTXO merkle root of the outputs
     /// This is calculated as Hash (txo MMR root  || roaring bitmap hash of UTXO indices)
     pub output_mr: FixedHash,
@@ -103,18 +105,16 @@ pub struct BlockHeader {
     pub kernel_mr: FixedHash,
     /// The number of MMR leaves in the kernel MMR
     pub kernel_mmr_size: u64,
-    /// This is the Merkle root of the inputs in this block
-    pub input_mr: FixedHash,
     /// Sum of kernel offsets for all kernels in this block.
     pub total_kernel_offset: PrivateKey,
     /// Sum of script offsets for all kernels in this block.
     pub total_script_offset: PrivateKey,
-    /// Nonce increment used to mine this block.
-    pub nonce: u64,
-    /// Proof of work summary
-    pub pow: ProofOfWork,
     /// Merkle root of all active validator node.
     pub validator_node_mr: FixedHash,
+    /// Proof of work summary
+    pub pow: ProofOfWork,
+    /// Nonce increment used to mine this block.
+    pub nonce: u64,
 }
 
 impl BlockHeader {
@@ -228,6 +228,7 @@ impl BlockHeader {
             .chain(&self.kernel_mmr_size)
             .chain(&self.total_kernel_offset)
             .chain(&self.total_script_offset)
+            .chain(&self.validator_node_mr)
             .finalize()
             .into()
     }
diff --git a/base_layer/core/src/blocks/genesis_block.rs b/base_layer/core/src/blocks/genesis_block.rs
index b10858e723..69bf6c0fd6 100644
--- a/base_layer/core/src/blocks/genesis_block.rs
+++ b/base_layer/core/src/blocks/genesis_block.rs
@@ -223,7 +223,7 @@ pub fn get_igor_genesis_block() -> ChainBlock {
         block.header.kernel_mr =
             FixedHash::from_hex("c71386fe8d30e1dbc5e9729ba6375630b78ae0fc8d1c26d6c4e02d250426d9a5").unwrap();
         block.header.output_mr =
-            FixedHash::from_hex("4d0e15c79d49c2cb4758cb7cb5a1d6ca28acf45ca87720ff2224e2340f171c1b").unwrap();
+            FixedHash::from_hex("2e828a1aaa2263cec1c25be053a63b021fddee3a32bdc28035134331d9c194de").unwrap();
         block.header.validator_node_mr =
             FixedHash::from_hex("277da65c40b2cf99db86baedb903a3f0a38540f3a94d40c826eecac7e27d5dfc").unwrap();
     }
@@ -277,7 +277,7 @@ pub fn get_esmeralda_genesis_block() -> ChainBlock {
         block.header.kernel_mr =
             FixedHash::from_hex("f81830934480825e9289e00e45de3ce8e21744e629a2b49e12f1963a8e53d542").unwrap();
         block.header.output_mr =
-            FixedHash::from_hex("9a2172068cedda92629111c0a76250900cba9b3c553943536f9e388df35effba").unwrap();
+            FixedHash::from_hex("877825d5f58127dd6319a9b852dc0d785e6a951f3fd62b6e3f7c306d65541c82").unwrap();
         block.header.validator_node_mr =
             FixedHash::from_hex("277da65c40b2cf99db86baedb903a3f0a38540f3a94d40c826eecac7e27d5dfc").unwrap();
     }
diff --git a/base_layer/core/src/proof_of_work/sha3x_pow.rs b/base_layer/core/src/proof_of_work/sha3x_pow.rs
index ce3745480c..4be110c2fa 100644
--- a/base_layer/core/src/proof_of_work/sha3x_pow.rs
+++ b/base_layer/core/src/proof_of_work/sha3x_pow.rs
@@ -98,8 +98,8 @@ pub mod test {
     #[test]
     fn validate_max_target() {
         let mut header = get_header();
-        header.nonce = 6;
+        header.nonce = 154;
         println!("{:?}", header);
-        assert_eq!(sha3x_difficulty(&header).unwrap(), Difficulty::from_u64(899).unwrap());
+        assert_eq!(sha3x_difficulty(&header).unwrap(), Difficulty::from_u64(6564).unwrap());
     }
 }
diff --git a/base_layer/core/src/transactions/transaction_components/mod.rs b/base_layer/core/src/transactions/transaction_components/mod.rs
index e93d30e6c3..5661f11e10 100644
--- a/base_layer/core/src/transactions/transaction_components/mod.rs
+++ b/base_layer/core/src/transactions/transaction_components/mod.rs
@@ -101,24 +101,24 @@ pub(super) fn hash_output(
     version: TransactionOutputVersion,
     features: &OutputFeatures,
     commitment: &Commitment,
+    rangeproof_hash: &FixedHash,
     script: &TariScript,
-    covenant: &Covenant,
-    encrypted_data: &EncryptedData,
     sender_offset_public_key: &PublicKey,
     metadata_signature: &ComAndPubSignature,
-    rangeproof_hash: &FixedHash,
+    covenant: &Covenant,
+    encrypted_data: &EncryptedData,
     minimum_value_promise: MicroMinotari,
 ) -> FixedHash {
     let common_hash = DomainSeparatedConsensusHasher::<TransactionHashDomain>::new("transaction_output")
         .chain(&version)
         .chain(features)
         .chain(commitment)
+        .chain(rangeproof_hash)
         .chain(script)
-        .chain(covenant)
-        .chain(encrypted_data)
         .chain(sender_offset_public_key)
-        .chain(rangeproof_hash)
         .chain(metadata_signature)
+        .chain(covenant)
+        .chain(encrypted_data)
         .chain(&minimum_value_promise);
 
     match version {
diff --git a/base_layer/core/src/transactions/transaction_components/transaction_input.rs b/base_layer/core/src/transactions/transaction_components/transaction_input.rs
index df277aee02..383b953e61 100644
--- a/base_layer/core/src/transactions/transaction_components/transaction_input.rs
+++ b/base_layer/core/src/transactions/transaction_components/transaction_input.rs
@@ -430,12 +430,12 @@ impl TransactionInput {
                 *version,
                 features,
                 commitment,
+                rangeproof_hash,
                 script,
-                covenant,
-                encrypted_data,
                 sender_offset_public_key,
                 metadata_signature,
-                rangeproof_hash,
+                covenant,
+                encrypted_data,
                 *minimum_value_promise,
             ),
         }
diff --git a/base_layer/core/src/transactions/transaction_components/transaction_output.rs b/base_layer/core/src/transactions/transaction_components/transaction_output.rs
index 2d56063ac3..d949b2f926 100644
--- a/base_layer/core/src/transactions/transaction_components/transaction_output.rs
+++ b/base_layer/core/src/transactions/transaction_components/transaction_output.rs
@@ -209,12 +209,12 @@ impl TransactionOutput {
             self.version,
             &self.features,
             &self.commitment,
+            &rp_hash,
             &self.script,
-            &self.covenant,
-            &self.encrypted_data,
             &self.sender_offset_public_key,
             &self.metadata_signature,
-            &rp_hash,
+            &self.covenant,
+            &self.encrypted_data,
             self.minimum_value_promise,
         )
     }
diff --git a/base_layer/core/src/transactions/transaction_components/wallet_output.rs b/base_layer/core/src/transactions/transaction_components/wallet_output.rs
index 0eca0386ea..f4a5c6a380 100644
--- a/base_layer/core/src/transactions/transaction_components/wallet_output.rs
+++ b/base_layer/core/src/transactions/transaction_components/wallet_output.rs
@@ -296,12 +296,12 @@ impl WalletOutput {
             self.version,
             &self.features,
             &output.commitment,
+            &rp_hash,
             &self.script,
-            &self.covenant,
-            &self.encrypted_data,
             &self.sender_offset_public_key,
             &self.metadata_signature,
-            &rp_hash,
+            &self.covenant,
+            &self.encrypted_data,
             self.minimum_value_promise,
         ))
     }
diff --git a/base_layer/tari_mining_helper_ffi/src/lib.rs b/base_layer/tari_mining_helper_ffi/src/lib.rs
index f773cd8bc2..3e998f0215 100644
--- a/base_layer/tari_mining_helper_ffi/src/lib.rs
+++ b/base_layer/tari_mining_helper_ffi/src/lib.rs
@@ -386,8 +386,8 @@ mod tests {
 
     #[test]
     fn detect_change_in_consensus_encoding() {
-        const NONCE: u64 = 17490136304365714239;
-        let difficulty = Difficulty::from_u64(1913).expect("Failed to create difficulty");
+        const NONCE: u64 = 15177346899007969885;
+        let difficulty = Difficulty::from_u64(10695).expect("Failed to create difficulty");
         unsafe {
             let mut error = -1;
             let error_ptr = &mut error as *mut c_int;