prysm-pulse/beacon-chain/sync/validate_blob.go
2023-08-31 08:41:57 -05:00

191 lines
6.8 KiB
Go

package sync
import (
"context"
"fmt"
"strings"
pubsub "github.com/libp2p/go-libp2p-pubsub"
"github.com/libp2p/go-libp2p/core/peer"
"github.com/pkg/errors"
"github.com/prysmaticlabs/prysm/v4/beacon-chain/core/helpers"
"github.com/prysmaticlabs/prysm/v4/beacon-chain/core/signing"
"github.com/prysmaticlabs/prysm/v4/beacon-chain/core/transition"
"github.com/prysmaticlabs/prysm/v4/beacon-chain/state"
"github.com/prysmaticlabs/prysm/v4/config/params"
"github.com/prysmaticlabs/prysm/v4/crypto/bls"
"github.com/prysmaticlabs/prysm/v4/encoding/bytesutil"
"github.com/prysmaticlabs/prysm/v4/network/forks"
eth "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
"github.com/prysmaticlabs/prysm/v4/time/slots"
"github.com/sirupsen/logrus"
)
func (s *Service) validateBlob(ctx context.Context, pid peer.ID, msg *pubsub.Message) (pubsub.ValidationResult, error) {
if pid == s.cfg.p2p.PeerID() {
return pubsub.ValidationAccept, nil
}
if s.cfg.initialSync.Syncing() {
return pubsub.ValidationIgnore, nil
}
if msg.Topic == nil {
return pubsub.ValidationReject, errInvalidTopic
}
m, err := s.decodePubsubMessage(msg)
if err != nil {
log.WithError(err).Error("Failed to decode message")
return pubsub.ValidationReject, err
}
sBlob, ok := m.(*eth.SignedBlobSidecar)
if !ok {
log.WithField("message", m).Error("Message is not of type *eth.SignedBlobSidecar")
return pubsub.ValidationReject, errWrongMessage
}
blob := sBlob.Message
// [REJECT] The sidecar is for the correct topic -- i.e. sidecar.index matches the topic {index}.
want := fmt.Sprintf("blob_sidecar_%d", blob.Index)
if !strings.Contains(*msg.Topic, want) {
log.WithFields(blobFields(blob)).Debug("Sidecar blob does not match topic")
return pubsub.ValidationReject, fmt.Errorf("wrong topic name: %s", *msg.Topic)
}
// [IGNORE] The sidecar is not from a future slot (with a MAXIMUM_GOSSIP_CLOCK_DISPARITY allowance) --
// i.e. validate that sidecar.slot <= current_slot (a client MAY queue future blocks for processing at the appropriate slot).
genesisTime := uint64(s.cfg.chain.GenesisTime().Unix())
if err := slots.VerifyTime(genesisTime, blob.Slot, earlyBlockProcessingTolerance); err != nil {
log.WithError(err).WithFields(blobFields(blob)).Debug("Ignored blob: too far into future")
return pubsub.ValidationIgnore, errors.Wrap(err, "blob too far into future")
}
// [IGNORE] The sidecar is from a slot greater than the latest finalized slot --
// i.e. validate that sidecar.slot > compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)
startSlot, err := slots.EpochStart(s.cfg.chain.FinalizedCheckpt().Epoch)
if err != nil {
return pubsub.ValidationIgnore, err
}
if startSlot >= blob.Slot {
err := fmt.Errorf("finalized slot %d greater or equal to blob slot %d", startSlot, blob.Slot)
log.WithFields(blobFields(blob)).Debug(err)
return pubsub.ValidationIgnore, err
}
// [IGNORE] The sidecar's block's parent (defined by sidecar.block_parent_root) has been seen (via both gossip and non-gossip sources)
parentRoot := bytesutil.ToBytes32(blob.BlockParentRoot)
if !s.cfg.chain.HasBlock(ctx, parentRoot) {
if err := s.addPendingBlobToCache(sBlob); err != nil {
log.WithError(err).WithFields(blobFields(blob)).Error("Failed to add blob to cache")
return pubsub.ValidationIgnore, err
}
log.WithFields(blobFields(blob)).Debug("Ignored blob: parent block not found")
return pubsub.ValidationIgnore, nil
}
// [REJECT] The sidecar's block's parent (defined by sidecar.block_parent_root) passes validation.
parentSlot, err := s.cfg.chain.RecentBlockSlot(parentRoot)
if err != nil {
return pubsub.ValidationIgnore, err
}
// [REJECT] The sidecar is from a higher slot than the sidecar's block's parent (defined by sidecar.block_parent_root).
if parentSlot >= blob.Slot {
err := fmt.Errorf("parent block slot %d greater or equal to blob slot %d", parentSlot, blob.Slot)
log.WithFields(blobFields(blob)).Debug(err)
return pubsub.ValidationReject, err
}
// [REJECT] The proposer signature, signed_blob_sidecar.signature,
// is valid with respect to the sidecar.proposer_index pubkey.
parentState, err := s.cfg.stateGen.StateByRoot(ctx, parentRoot)
if err != nil {
return pubsub.ValidationIgnore, err
}
if err := verifyBlobSignature(parentState, sBlob); err != nil {
log.WithError(err).WithFields(blobFields(blob)).Debug("Failed to verify blob signature")
return pubsub.ValidationReject, err
}
// [IGNORE] The sidecar is the only sidecar with valid signature received for the tuple (sidecar.block_root, sidecar.index).
if s.hasSeenBlobIndex(blob.BlockRoot, blob.Index) {
return pubsub.ValidationIgnore, nil
}
// [REJECT] The sidecar is proposed by the expected proposer_index for the block's slot in the context of the current shuffling (defined by block_parent_root/slot)
parentState, err = transition.ProcessSlotsUsingNextSlotCache(ctx, parentState, parentRoot[:], blob.Slot)
if err != nil {
return pubsub.ValidationIgnore, err
}
idx, err := helpers.BeaconProposerIndex(ctx, parentState)
if err != nil {
return pubsub.ValidationIgnore, err
}
if blob.ProposerIndex != idx {
err := fmt.Errorf("expected proposer index %d, got %d", idx, blob.ProposerIndex)
log.WithFields(blobFields(blob)).Debug(err)
return pubsub.ValidationReject, err
}
msg.ValidatorData = sBlob
return pubsub.ValidationAccept, nil
}
func verifyBlobSignature(st state.BeaconState, blob *eth.SignedBlobSidecar) error {
currentEpoch := slots.ToEpoch(blob.Message.Slot)
fork, err := forks.Fork(currentEpoch)
if err != nil {
return err
}
domain, err := signing.Domain(fork, currentEpoch, params.BeaconConfig().DomainBlobSidecar, st.GenesisValidatorsRoot())
if err != nil {
return err
}
proposer, err := st.ValidatorAtIndex(blob.Message.ProposerIndex)
if err != nil {
return err
}
pb, err := bls.PublicKeyFromBytes(proposer.PublicKey)
if err != nil {
return err
}
sig, err := bls.SignatureFromBytes(blob.Signature)
if err != nil {
return err
}
sr, err := signing.ComputeSigningRoot(blob.Message, domain)
if err != nil {
return err
}
if !sig.Verify(pb, sr[:]) {
return signing.ErrSigFailedToVerify
}
return nil
}
// Returns true if the blob with the same root and index has been seen before.
func (s *Service) hasSeenBlobIndex(root []byte, index uint64) bool {
s.seenBlobLock.RLock()
defer s.seenBlobLock.RUnlock()
b := append(root, bytesutil.Bytes32(index)...)
_, seen := s.seenBlobCache.Get(string(b))
return seen
}
// Set blob index and root as seen.
func (s *Service) setSeenBlobIndex(root []byte, index uint64) {
s.seenBlobLock.Lock()
defer s.seenBlobLock.Unlock()
b := append(root, bytesutil.Bytes32(index)...)
s.seenBlobCache.Add(string(b), true)
}
func blobFields(b *eth.BlobSidecar) logrus.Fields {
return logrus.Fields{
"slot": b.Slot,
"proposerIndex": b.ProposerIndex,
"blockRoot": fmt.Sprintf("%#x", b.BlockRoot),
"index": b.Index,
}
}