From 42acec9bd370eab6f4acfefc65cc0f3e93a40fa3 Mon Sep 17 00:00:00 2001 From: pdrobnjak Date: Fri, 24 Oct 2025 13:27:56 +0200 Subject: [PATCH 1/8] it --- sei-tendermint/types/validation.go | 32 +++++++++++++++++++++------ sei-tendermint/types/validator_set.go | 4 ++++ 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/sei-tendermint/types/validation.go b/sei-tendermint/types/validation.go index 02d1b0b56f..5a06bec4a0 100644 --- a/sei-tendermint/types/validation.go +++ b/sei-tendermint/types/validation.go @@ -54,12 +54,22 @@ func VerifyCommit(chainID string, vals *ValidatorSet, blockID BlockID, // LIGHT CLIENT VERIFICATION METHODS +func VerifyCommitLight(chainID string, vals *ValidatorSet, blockID BlockID, + height int64, commit *Commit) error { + return verifyCommitLightInternal(chainID, vals, blockID, height, commit, false) +} + +func VerifyCommitLightAllSignatures(chainID string, vals *ValidatorSet, blockID BlockID, + height int64, commit *Commit) error { + return verifyCommitLightInternal(chainID, vals, blockID, height, commit, true) +} + // VerifyCommitLight verifies +2/3 of the set had signed the given commit. // // This method is primarily used by the light client and does not check all the // signatures. -func VerifyCommitLight(chainID string, vals *ValidatorSet, blockID BlockID, - height int64, commit *Commit) error { +func verifyCommitLightInternal(chainID string, vals *ValidatorSet, blockID BlockID, + height int64, commit *Commit, countAllSignatures bool) error { // run a basic validation of the arguments if err := verifyBasicValsAndCommit(vals, commit, height, blockID); err != nil { return err @@ -77,12 +87,20 @@ func VerifyCommitLight(chainID string, vals *ValidatorSet, blockID BlockID, // attempt to batch verify if shouldBatchVerify(vals, commit) { return verifyCommitBatch(chainID, vals, commit, - votingPowerNeeded, ignore, count, false, true) + votingPowerNeeded, ignore, count, countAllSignatures, true) } // if verification failed or is not supported then fallback to single verification return verifyCommitSingle(chainID, vals, commit, votingPowerNeeded, - ignore, count, false, true) + ignore, count, countAllSignatures, true) +} + +func VerifyCommitLightTrusting(chainID string, vals *ValidatorSet, commit *Commit, trustLevel tmmath.Fraction) error { + return verifyCommitLightTrustingInternal(chainID, vals, commit, trustLevel, false) +} + +func VerifyCommitLightTrustingAllSignatures(chainID string, vals *ValidatorSet, commit *Commit, trustLevel tmmath.Fraction) error { + return verifyCommitLightTrustingInternal(chainID, vals, commit, trustLevel, true) } // VerifyCommitLightTrusting verifies that trustLevel of the validator set signed @@ -93,7 +111,7 @@ func VerifyCommitLight(chainID string, vals *ValidatorSet, blockID BlockID, // // This method is primarily used by the light client and does not check all the // signatures. -func VerifyCommitLightTrusting(chainID string, vals *ValidatorSet, commit *Commit, trustLevel tmmath.Fraction) error { +func verifyCommitLightTrustingInternal(chainID string, vals *ValidatorSet, commit *Commit, trustLevel tmmath.Fraction, countAllSignatures bool) error { // sanity checks if vals == nil { return errors.New("nil validator set") @@ -123,12 +141,12 @@ func VerifyCommitLightTrusting(chainID string, vals *ValidatorSet, commit *Commi // up by address rather than index. if shouldBatchVerify(vals, commit) { return verifyCommitBatch(chainID, vals, commit, - votingPowerNeeded, ignore, count, false, false) + votingPowerNeeded, ignore, count, countAllSignatures, false) } // attempt with single verification return verifyCommitSingle(chainID, vals, commit, votingPowerNeeded, - ignore, count, false, false) + ignore, count, countAllSignatures, false) } // ValidateHash returns an error if the hash is not empty, but its diff --git a/sei-tendermint/types/validator_set.go b/sei-tendermint/types/validator_set.go index 92b0cee17c..5dc77dc522 100644 --- a/sei-tendermint/types/validator_set.go +++ b/sei-tendermint/types/validator_set.go @@ -703,6 +703,10 @@ func (vals *ValidatorSet) VerifyCommitLightTrusting(chainID string, commit *Comm return VerifyCommitLightTrusting(chainID, vals, commit, trustLevel) } +func (vals *ValidatorSet) VerifyCommitLightTrustingAllSignatures(chainID string, commit *Commit, trustLevel tmmath.Fraction) error { + return VerifyCommitLightTrustingAllSignatures(chainID, vals, commit, trustLevel) +} + // findPreviousProposer reverses the compare proposer priority function to find the validator // with the lowest proposer priority which would have been the previous proposer. // From 09288ba34bb95d03b053df6750a435aadbc10c29 Mon Sep 17 00:00:00 2001 From: pdrobnjak Date: Fri, 24 Oct 2025 15:04:05 +0200 Subject: [PATCH 2/8] it --- sei-tendermint/internal/evidence/verify.go | 4 ++-- sei-tendermint/types/validator_set.go | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/sei-tendermint/internal/evidence/verify.go b/sei-tendermint/internal/evidence/verify.go index 9e8f87e65d..67072a168e 100644 --- a/sei-tendermint/internal/evidence/verify.go +++ b/sei-tendermint/internal/evidence/verify.go @@ -163,7 +163,7 @@ func VerifyLightClientAttack(e *types.LightClientAttackEvidence, commonHeader, t // In the case of lunatic attack there will be a different commonHeader height. Therefore the node perform a single // verification jump between the common header and the conflicting one if commonHeader.Height != e.ConflictingBlock.Height { - err := commonVals.VerifyCommitLightTrusting(trustedHeader.ChainID, e.ConflictingBlock.Commit, light.DefaultTrustLevel) + err := commonVals.VerifyCommitLightTrustingAllSignatures(trustedHeader.ChainID, e.ConflictingBlock.Commit, light.DefaultTrustLevel) if err != nil { return fmt.Errorf("skipping verification of conflicting block failed: %w", err) } @@ -175,7 +175,7 @@ func VerifyLightClientAttack(e *types.LightClientAttackEvidence, commonHeader, t } // Verify that the 2/3+ commits from the conflicting validator set were for the conflicting header - if err := e.ConflictingBlock.ValidatorSet.VerifyCommitLight(trustedHeader.ChainID, e.ConflictingBlock.Commit.BlockID, + if err := e.ConflictingBlock.ValidatorSet.VerifyCommitLightAllSignatures(trustedHeader.ChainID, e.ConflictingBlock.Commit.BlockID, e.ConflictingBlock.Height, e.ConflictingBlock.Commit); err != nil { return fmt.Errorf("invalid commit from conflicting block: %w", err) } diff --git a/sei-tendermint/types/validator_set.go b/sei-tendermint/types/validator_set.go index 5dc77dc522..e842c853fb 100644 --- a/sei-tendermint/types/validator_set.go +++ b/sei-tendermint/types/validator_set.go @@ -697,6 +697,11 @@ func (vals *ValidatorSet) VerifyCommitLight(chainID string, blockID BlockID, return VerifyCommitLight(chainID, vals, blockID, height, commit) } +func (vals *ValidatorSet) VerifyCommitLightAllSignatures(chainID string, blockID BlockID, + height int64, commit *Commit) error { + return VerifyCommitLightAllSignatures(chainID, vals, blockID, height, commit) +} + // VerifyCommitLightTrusting verifies that trustLevel of the validator set signed // this commit. func (vals *ValidatorSet) VerifyCommitLightTrusting(chainID string, commit *Commit, trustLevel tmmath.Fraction) error { From 0b7f14604078d843674774360b88efccd5929038 Mon Sep 17 00:00:00 2001 From: pdrobnjak Date: Fri, 24 Oct 2025 15:09:42 +0200 Subject: [PATCH 3/8] it --- sei-tendermint/types/validator_set.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sei-tendermint/types/validator_set.go b/sei-tendermint/types/validator_set.go index e842c853fb..29bfca2fd3 100644 --- a/sei-tendermint/types/validator_set.go +++ b/sei-tendermint/types/validator_set.go @@ -692,11 +692,14 @@ func (vals *ValidatorSet) VerifyCommit(chainID string, blockID BlockID, // LIGHT CLIENT VERIFICATION METHODS // VerifyCommitLight verifies +2/3 of the set had signed the given commit. +// It does NOT count all signatures. func (vals *ValidatorSet) VerifyCommitLight(chainID string, blockID BlockID, height int64, commit *Commit) error { return VerifyCommitLight(chainID, vals, blockID, height, commit) } +// VerifyCommitLightAllSignatures verifies +2/3 of the set had signed the given commit. +// It DOES count all signatures. func (vals *ValidatorSet) VerifyCommitLightAllSignatures(chainID string, blockID BlockID, height int64, commit *Commit) error { return VerifyCommitLightAllSignatures(chainID, vals, blockID, height, commit) @@ -704,10 +707,14 @@ func (vals *ValidatorSet) VerifyCommitLightAllSignatures(chainID string, blockID // VerifyCommitLightTrusting verifies that trustLevel of the validator set signed // this commit. +// It does NOT count all signatures. func (vals *ValidatorSet) VerifyCommitLightTrusting(chainID string, commit *Commit, trustLevel tmmath.Fraction) error { return VerifyCommitLightTrusting(chainID, vals, commit, trustLevel) } +// VerifyCommitLightTrustingAllSignatures verifies that trustLevel of the validator set signed +// this commit. +// It DOES count all signatures. func (vals *ValidatorSet) VerifyCommitLightTrustingAllSignatures(chainID string, commit *Commit, trustLevel tmmath.Fraction) error { return VerifyCommitLightTrustingAllSignatures(chainID, vals, commit, trustLevel) } From 2c2a2025ce58c583cbbe18416e400e890c5a7cee Mon Sep 17 00:00:00 2001 From: pdrobnjak Date: Fri, 24 Oct 2025 15:17:14 +0200 Subject: [PATCH 4/8] it --- sei-tendermint/types/validation.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/sei-tendermint/types/validation.go b/sei-tendermint/types/validation.go index 5a06bec4a0..f3de4f3335 100644 --- a/sei-tendermint/types/validation.go +++ b/sei-tendermint/types/validation.go @@ -54,20 +54,24 @@ func VerifyCommit(chainID string, vals *ValidatorSet, blockID BlockID, // LIGHT CLIENT VERIFICATION METHODS +// VerifyCommitLight verifies +2/3 of the set had signed the given commit. +// +// This method is primarily used by the light client and does NOT check all the +// signatures. func VerifyCommitLight(chainID string, vals *ValidatorSet, blockID BlockID, height int64, commit *Commit) error { return verifyCommitLightInternal(chainID, vals, blockID, height, commit, false) } +// VerifyCommitLightAllSignatures verifies +2/3 of the set had signed the given commit. +// +// This method is primarily used by the light client and DOES check all the +// signatures. func VerifyCommitLightAllSignatures(chainID string, vals *ValidatorSet, blockID BlockID, height int64, commit *Commit) error { return verifyCommitLightInternal(chainID, vals, blockID, height, commit, true) } -// VerifyCommitLight verifies +2/3 of the set had signed the given commit. -// -// This method is primarily used by the light client and does not check all the -// signatures. func verifyCommitLightInternal(chainID string, vals *ValidatorSet, blockID BlockID, height int64, commit *Commit, countAllSignatures bool) error { // run a basic validation of the arguments From 1d3f25b00950eddd96c647484cfdc9a8a92cb875 Mon Sep 17 00:00:00 2001 From: pdrobnjak Date: Fri, 24 Oct 2025 15:26:41 +0200 Subject: [PATCH 5/8] it --- sei-tendermint/types/validation.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sei-tendermint/types/validation.go b/sei-tendermint/types/validation.go index f3de4f3335..1b967f44c4 100644 --- a/sei-tendermint/types/validation.go +++ b/sei-tendermint/types/validation.go @@ -99,6 +99,14 @@ func verifyCommitLightInternal(chainID string, vals *ValidatorSet, blockID Block ignore, count, countAllSignatures, true) } +// VerifyCommitLightTrusting verifies that trustLevel of the validator set signed +// this commit. +// +// NOTE the given validators do not necessarily correspond to the validator set +// for this commit, but there may be some intersection. +// +// This method is primarily used by the light client and does NOT check all the +// signatures. func VerifyCommitLightTrusting(chainID string, vals *ValidatorSet, commit *Commit, trustLevel tmmath.Fraction) error { return verifyCommitLightTrustingInternal(chainID, vals, commit, trustLevel, false) } @@ -107,14 +115,6 @@ func VerifyCommitLightTrustingAllSignatures(chainID string, vals *ValidatorSet, return verifyCommitLightTrustingInternal(chainID, vals, commit, trustLevel, true) } -// VerifyCommitLightTrusting verifies that trustLevel of the validator set signed -// this commit. -// -// NOTE the given validators do not necessarily correspond to the validator set -// for this commit, but there may be some intersection. -// -// This method is primarily used by the light client and does not check all the -// signatures. func verifyCommitLightTrustingInternal(chainID string, vals *ValidatorSet, commit *Commit, trustLevel tmmath.Fraction, countAllSignatures bool) error { // sanity checks if vals == nil { From b6c775e99c6e9bf36f875a291d89e323d68282e6 Mon Sep 17 00:00:00 2001 From: pdrobnjak Date: Fri, 24 Oct 2025 15:28:42 +0200 Subject: [PATCH 6/8] it --- sei-tendermint/types/validation.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sei-tendermint/types/validation.go b/sei-tendermint/types/validation.go index 1b967f44c4..e5da220ac9 100644 --- a/sei-tendermint/types/validation.go +++ b/sei-tendermint/types/validation.go @@ -111,6 +111,14 @@ func VerifyCommitLightTrusting(chainID string, vals *ValidatorSet, commit *Commi return verifyCommitLightTrustingInternal(chainID, vals, commit, trustLevel, false) } +// VerifyCommitLightTrusting verifies that trustLevel of the validator set signed +// this commit. +// +// NOTE the given validators do not necessarily correspond to the validator set +// for this commit, but there may be some intersection. +// +// This method is primarily used by the light client and DOES check all the +// signatures. func VerifyCommitLightTrustingAllSignatures(chainID string, vals *ValidatorSet, commit *Commit, trustLevel tmmath.Fraction) error { return verifyCommitLightTrustingInternal(chainID, vals, commit, trustLevel, true) } From 0fcc927458d9b3e8a91a9316c4fd651c62806573 Mon Sep 17 00:00:00 2001 From: pdrobnjak Date: Fri, 24 Oct 2025 15:33:19 +0200 Subject: [PATCH 7/8] it --- sei-tendermint/internal/evidence/verify.go | 1 + 1 file changed, 1 insertion(+) diff --git a/sei-tendermint/internal/evidence/verify.go b/sei-tendermint/internal/evidence/verify.go index 67072a168e..2808043671 100644 --- a/sei-tendermint/internal/evidence/verify.go +++ b/sei-tendermint/internal/evidence/verify.go @@ -154,6 +154,7 @@ func (evpool *Pool) verify(ctx context.Context, evidence types.Evidence) error { // the conflicting header's commit // - 2/3+ of the conflicting validator set correctly signed the conflicting block // - the nodes trusted header at the same height as the conflicting header has a different hash +// - all signatures must be checked as this will be used as evidence // // CONTRACT: must run ValidateBasic() on the evidence before verifying // From a5cf7bbabcb0994940e238f68e867325d68d1440 Mon Sep 17 00:00:00 2001 From: pdrobnjak Date: Fri, 24 Oct 2025 15:40:04 +0200 Subject: [PATCH 8/8] it --- sei-tendermint/types/validation.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sei-tendermint/types/validation.go b/sei-tendermint/types/validation.go index e5da220ac9..d2ee80a1ed 100644 --- a/sei-tendermint/types/validation.go +++ b/sei-tendermint/types/validation.go @@ -65,7 +65,7 @@ func VerifyCommitLight(chainID string, vals *ValidatorSet, blockID BlockID, // VerifyCommitLightAllSignatures verifies +2/3 of the set had signed the given commit. // -// This method is primarily used by the light client and DOES check all the +// This method DOES check all the // signatures. func VerifyCommitLightAllSignatures(chainID string, vals *ValidatorSet, blockID BlockID, height int64, commit *Commit) error { @@ -117,7 +117,7 @@ func VerifyCommitLightTrusting(chainID string, vals *ValidatorSet, commit *Commi // NOTE the given validators do not necessarily correspond to the validator set // for this commit, but there may be some intersection. // -// This method is primarily used by the light client and DOES check all the +// This method DOES check all the // signatures. func VerifyCommitLightTrustingAllSignatures(chainID string, vals *ValidatorSet, commit *Commit, trustLevel tmmath.Fraction) error { return verifyCommitLightTrustingInternal(chainID, vals, commit, trustLevel, true)