VerifyBlockJustification() Does Not Verify Justification Hash Relates to Block Being Justified (GSR-17)

[danforbes]

The function VerifyBlockJustification(hash common.Hash, justification []byte) verifies that a justification justifies a block with hash.

There is no check to ensure that Justification.Hash equals hash . As a result it is possible that this justification is for a future block.

Substrate performs this check to ensure the justification of for this specific block and thus will reject justifications that are accepted by Gossamer.

The impact is rated low as the verification will only succeed if there are sufficient votes for a descendant of hash and thus a future block is already finalised.

Consider including a check that ensures the justification is for this specific block. That is, ensure Justification.Hash equals hash. Alternatively, it's possible that the specification could be updated to allow justifications for descendants to be used.