Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Dedup Vote Extensions in ValidateVoteExtensions #18895

Merged
merged 5 commits into from
Dec 27, 2023
Merged

fix: Dedup Vote Extensions in ValidateVoteExtensions #18895

merged 5 commits into from
Dec 27, 2023
+65 −9

Conversation

davidterpay
Copy link
Contributor

@davidterpay davidterpay commented Dec 26, 2023
edited
Loading

Description

Closes: #18893

This PR resolves issue opened in #18893. This PR adds a validator address cache to ValidateVoteExtensions which ensure's that multiple of the same vote extensions cannot be included in the extended commit info.

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • updated the relevant documentation or specification, including comments for documenting Go code
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

@davidterpay davidterpay requested a review from a team as a code owner December 26, 2023 19:18
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 26, 2023
edited
Loading

Walkthrough

The change implements a mechanism to ensure vote extensions submitted by validators are not duplicated. This is achieved by introducing a cache to track submissions, which helps prevent the same vote extension from being processed more than once. This enhances the security of the voting process by enforcing the required quorum and preventing manipulation by malicious actors.

Changes

File(s) Change Summary
baseapp/abci_utils.go
baseapp/abci_utils_test.go		 Introduced a cache map to de-duplicate vote extensions in the ValidateVoteExtensions function.
Added a new test function TestValidateVoteExtensionsDuplicateVotes to the ABCIUtilsTestSuite struct.
CHANGELOG.md Modified the baseapp module to fix the de-duplication of vote extensions during validation in ValidateVoteExtensions.
baseapp/abci_test.go Significantly reworked the TestBaseApp_VoteExtensions function, including the generation of multiple private keys and corresponding public keys, handling of vote extensions and signatures, and adjustment of the processing of vote extensions from the previous block to include validator addresses.

Assessment against linked issues

Objective Addressed Explanation
Bug Fix for de-duplication of vote extensions in ValidateVoteExtensions (#18893)
Security Enhancement to prevent quorum bypassing (#18893)
Prevent manipulation of on-chain state (#18893)
Ensure proper validation of vote extensions (#18893)

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat with CodeRabbit Bot (@coderabbitai)

Note: Auto-reply has been disabled for this repository by the repository owner. The CodeRabbit bot will not respond to your comments unless it is explicitly tagged.

  • You can tag CodeRabbit on specific lines of code or entire files in the PR by tagging @coderabbitai in a comment. Examples:
    • @coderabbitai generate unit tests for this file
    • @coderabbitai modularize this function
  • You can tag @coderabbitai in a PR comment and ask questions about the PR and the codebase. Examples:
    • @coderabbitai gather interesting statistics about this repository and render them in a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai generate unit tests for the src/utils.ts file.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

@davidterpay davidterpay mentioned this pull request Dec 26, 2023
Closed
1 task
@facundomedica
Copy link
Member

What do you think if instead of de-duplicating we just return an error? That way the rest of the validators could reject the proposal during ProcessProposal, otherwise it could open up the possibility to lots of duplicate data going around

davidterpay
davidterpay commented Dec 26, 2023
View reviewed changes
baseapp/abci_utils.go Outdated Show resolved Hide resolved
coderabbitai[bot]
coderabbitai bot reviewed Dec 26, 2023
View reviewed changes
baseapp/abci_utils_test.go Outdated
Comment on lines 199 to 232
// check ValidateVoteExtensions works with duplicate votes
func (s *ABCIUtilsTestSuite) TestValidateVoteExtensionsDuplicateVotes() {
ext := []byte("vote-extension")
cve := cmtproto.CanonicalVoteExtension{
Extension: ext,
Height: 2,
Round: int64(0),
ChainId: chainID,
}

bz, err := marshalDelimitedFn(&cve)
s.Require().NoError(err)

extSig0, err := s.vals[0].privKey.Sign(bz)
s.Require().NoError(err)

ve := abci.ExtendedVoteInfo{
Validator: s.vals[0].toValidator(333),
VoteExtension: ext,
ExtensionSignature: extSig0,
BlockIdFlag: cmtproto.BlockIDFlagCommit,
}

llc := abci.ExtendedCommitInfo{
Round: 0,
Votes: []abci.ExtendedVoteInfo{
ve,
ve,
ve,
},
}
// expect fail (duplicate votes)
s.Require().Error(baseapp.ValidateVoteExtensions(s.ctx, s.valStore, 3, chainID, llc))
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new test function TestValidateVoteExtensionsDuplicateVotes correctly simulates the scenario of duplicate vote extensions and asserts that an error is expected. This aligns with the PR's objective to prevent duplicate vote extensions from being processed.

However, it would be beneficial to include a comment explaining why the error is expected and what specific error message or type is anticipated. This would improve the maintainability and clarity of the test for future developers.

+ // TestValidateVoteExtensionsDuplicateVotes ensures that an error is returned
+ // when duplicate vote extensions are detected. This is critical for preventing
+ // potential security vulnerabilities as described in issue #18893.
  func (s *ABCIUtilsTestSuite) TestValidateVoteExtensionsDuplicateVotes() {
      ...
+     // The error should specifically indicate the presence of duplicate vote extensions.
      s.Require().Error(baseapp.ValidateVoteExtensions(s.ctx, s.valStore, 3, chainID, llc))
  }
Committable suggestion

IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change
// check ValidateVoteExtensions works with duplicate votes
func (s *ABCIUtilsTestSuite) TestValidateVoteExtensionsDuplicateVotes() {
ext := []byte("vote-extension")
cve := cmtproto.CanonicalVoteExtension{
Extension: ext,
Height: 2,
Round: int64(0),
ChainId: chainID,
}
bz, err := marshalDelimitedFn(&cve)
s.Require().NoError(err)
extSig0, err := s.vals[0].privKey.Sign(bz)
s.Require().NoError(err)
ve := abci.ExtendedVoteInfo{
Validator: s.vals[0].toValidator(333),
VoteExtension: ext,
ExtensionSignature: extSig0,
BlockIdFlag: cmtproto.BlockIDFlagCommit,
}
llc := abci.ExtendedCommitInfo{
Round: 0,
Votes: []abci.ExtendedVoteInfo{
ve,
ve,
ve,
},
}
// expect fail (duplicate votes)
s.Require().Error(baseapp.ValidateVoteExtensions(s.ctx, s.valStore, 3, chainID, llc))
}
// TestValidateVoteExtensionsDuplicateVotes ensures that an error is returned
// when duplicate vote extensions are detected. This is critical for preventing
// potential security vulnerabilities as described in issue #18893.
func (s *ABCIUtilsTestSuite) TestValidateVoteExtensionsDuplicateVotes() {
ext := []byte("vote-extension")
cve := cmtproto.CanonicalVoteExtension{
Extension: ext,
Height: 2,
Round: int64(0),
ChainId: chainID,
}
bz, err := marshalDelimitedFn(&cve)
s.Require().NoError(err)
extSig0, err := s.vals[0].privKey.Sign(bz)
s.Require().NoError(err)
ve := abci.ExtendedVoteInfo{
Validator: s.vals[0].toValidator(333),
VoteExtension: ext,
ExtensionSignature: extSig0,
BlockIdFlag: cmtproto.BlockIDFlagCommit,
}
llc := abci.ExtendedCommitInfo{
Round: 0,
Votes: []abci.ExtendedVoteInfo{
ve,
ve,
ve,
},
}
// The error should specifically indicate the presence of duplicate vote extensions.
s.Require().Error(baseapp.ValidateVoteExtensions(s.ctx, s.valStore, 3, chainID, llc))
}

@davidterpay
Copy link
Contributor Author

davidterpay commented Dec 26, 2023
edited
Loading

What do you think if instead of de-duplicating we just return an error? That way the rest of the validators could reject the proposal during ProcessProposal, otherwise it could open up the possibility to lots of duplicate data going around

I'm not fully sure if there is an scenario where duplicate VEs in the extended commit info could be included under normal conditions - which is why minimally continuing and ignoring the vote extension is definitely necessary. If duplicate vote extensions can only be included by proposers, then erroring does make more sense.

update:
per @facundomedica, it'll throw an error.

alexanderbez
alexanderbez approved these changes Dec 26, 2023
View reviewed changes
Copy link
Contributor

@alexanderbez alexanderbez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK. Thanks!

@alexanderbez
Copy link
Contributor

Let's backport this to 0.50.x

cc @facundomedica

facundomedica
facundomedica approved these changes Dec 27, 2023
View reviewed changes
Copy link
Member

@facundomedica facundomedica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you!
Here's the code that creates the vote extensions on CometBFT btw: https://github.com/cometbft/cometbft/blob/f72d930a68386f6139838449d0653ef0621f7b29/internal/state/execution.go#L504

@facundomedica facundomedica added the backport/v0.50.x PR scheduled for inclusion in the v0.50's next stable release label Dec 27, 2023
@facundomedica facundomedica added this pull request to the merge queue Dec 27, 2023
Merged via the queue into cosmos:main with commit 5166c9f Dec 27, 2023
55 of 57 checks passed
mergify bot pushed a commit that referenced this pull request Dec 27, 2023
@davidterpay @mergify
fix: Dedup Vote Extensions in ValidateVoteExtensions (#18895)
1a4cad1 
(cherry picked from commit 5166c9f)

# Conflicts:
#	CHANGELOG.md
This was referenced Dec 27, 2023
Merged
Closed
tac0turtle pushed a commit that referenced this pull request Dec 27, 2023
@mergify @davidterpay @facundomedica
fix: Dedup Vote Extensions in ValidateVoteExtensions (backport #18895
96a33dd 
…) (#18900)

Co-authored-by: David Terpay <35130517+davidterpay@users.noreply.github.com>
Co-authored-by: Facundo <facundomedica@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai coderabbitai left review comments

@alexanderbez alexanderbez alexanderbez approved these changes

@facundomedica facundomedica facundomedica approved these changes

Assignees
No one assigned
Labels
backport/v0.50.x PR scheduled for inclusion in the v0.50's next stable release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: De-dup Vote Extensions in ValidateVoteExtensions
3 participants
@davidterpay @facundomedica @alexanderbez