Merge pull request #2591 from rlan35/audit_fixes

fix peckshield audit issues on slashing
5 years ago · 0fa21786f1
parent 7f1dd41fc8 c280606310
commit 0fa21786f1
4 changed files with 24 additions and 5 deletions
--- a/consensus/votepower/roster.go
+++ b/consensus/votepower/roster.go
@ -3,10 +3,11 @@ package votepower
 import (
 	"encoding/hex"
 	"encoding/json"
-	"github.com/harmony-one/harmony/internal/utils"
 	"math/big"
 	"sort"

+	"github.com/harmony-one/harmony/internal/utils"
+
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/harmony-one/bls/ffi/go/bls"
 	common2 "github.com/harmony-one/harmony/internal/common"
--- a/core/blockchain.go
+++ b/core/blockchain.go
@ -2039,12 +2039,24 @@ func (bc *BlockChain) AddPendingSlashingCandidates(
 	pendingSlashes := append(
 		bc.pendingSlashes, current.SetDifference(candidates)...,
 	)
-	if l, c := len(pendingSlashes), len(current); l > maxPendingSlashes {
+	state, err := bc.State()
+	if err != nil {
+		return err
+	}
+
+	valid := slash.Records{}
+
+	for i := range pendingSlashes {
+		if err := slash.Verify(bc, state, &pendingSlashes[i]); err == nil {
+			valid = append(valid, pendingSlashes[i])
+		}
+	}
+	if l, c := len(valid), len(current); l > maxPendingSlashes {
 		return errors.Wrapf(
 			errExceedMaxPendingSlashes, "current %d with-additional %d", c, l,
 		)
 	}
-	bc.pendingSlashes = pendingSlashes
+	bc.pendingSlashes = valid
 	return bc.writeSlashes(bc.pendingSlashes)
 }

--- a/staking/apr/compute.go
+++ b/staking/apr/compute.go
@ -1,9 +1,10 @@
 package apr

 import (
+	"math/big"
+
 	"github.com/harmony-one/harmony/core/types"
 	"github.com/harmony-one/harmony/shard"
-	"math/big"

 	"github.com/ethereum/go-ethereum/common"
 	"github.com/harmony-one/harmony/block"
--- a/staking/slash/double-sign.go
+++ b/staking/slash/double-sign.go
@ -119,6 +119,7 @@ var (
 	errAlreadyBannedValidator  = errors.New("cannot slash on already banned validator")
 	errSignerKeyNotRightSize   = errors.New("bls keys from slash candidate not right side")
 	errSlashFromFutureEpoch    = errors.New("cannot have slash from future epoch")
+	errSlashBlockNoConflict    = errors.New("cannot slash for signing on non-conflicting blocks")
 )

 // MarshalJSON ..
@ -179,6 +180,10 @@ func Verify(
 		)
 	}

+	if first.ViewID != second.ViewID || first.Height != second.Height || first.BlockHeaderHash == second.BlockHeaderHash {
+		return errors.Wrapf(errSlashBlockNoConflict, "first %v+ second %v+", first, second)
+	}
+
 	if shard.CompareBlsPublicKey(first.SignerPubKey, second.SignerPubKey) != 0 {
 		k1, k2 := first.SignerPubKey.Hex(), second.SignerPubKey.Hex()
 		return errors.Wrapf(
@ -226,7 +231,7 @@ func Verify(
 		if err := signature.Deserialize(ballot.Signature); err != nil {
 			return err
 		}
-		if err := first.SignerPubKey.ToLibBLSPublicKey(publicKey); err != nil {
+		if err := ballot.SignerPubKey.ToLibBLSPublicKey(publicKey); err != nil {
 			return err
 		}