Explicitly pass epoch message sig to getDomain

packages/beacon-state-transition/src/allForks/signatureSets/proposer.ts

@@ -1,5 +1,5 @@
 import {allForks} from "@chainsafe/lodestar-types";
-import {computeSigningRoot, getDomain} from "../../util";
+import {computeEpochAtSlot, computeSigningRoot, getDomain} from "../../util";
 import {ISignatureSet, SignatureSetType, verifySignatureSet} from "../../util/signatureSets";
 import {CachedBeaconState} from "../util";
 
@@ -16,7 +16,8 @@ export function getProposerSignatureSet(
   signedBlock: allForks.SignedBeaconBlock
 ): ISignatureSet {
   const {config, epochCtx} = state;
-  const domain = getDomain(config, state, config.params.DOMAIN_BEACON_PROPOSER);
+  const epochSig = computeEpochAtSlot(config, signedBlock.message.slot);
+  const domain = getDomain(config, state, config.params.DOMAIN_BEACON_PROPOSER, epochSig);
 
   return {
     type: SignatureSetType.single,

packages/beacon-state-transition/src/allForks/signatureSets/proposerSlashings.ts

@@ -15,8 +15,8 @@ export function getProposerSlashingSignatureSets(
 
   return [proposerSlashing.signedHeader1, proposerSlashing.signedHeader2].map(
     (signedHeader): ISignatureSet => {
-      const epoch = computeEpochAtSlot(config, signedHeader.message.slot);
-      const domain = getDomain(config, state, config.params.DOMAIN_BEACON_PROPOSER, epoch);
+      const epochSig = computeEpochAtSlot(config, signedHeader.message.slot);
+      const domain = getDomain(config, state, config.params.DOMAIN_BEACON_PROPOSER, epochSig);
       const beaconBlockHeaderType = config.types.phase0.BeaconBlockHeader;
 
       return {

packages/beacon-state-transition/src/allForks/signatureSets/randao.ts

@@ -26,7 +26,7 @@ export function getRandaoRevealSignatureSet(
   const {config, epochCtx} = state;
   // should not get epoch from epochCtx
   const epoch = computeEpochAtSlot(config, block.slot);
-  const domain = getDomain(config, state, config.params.DOMAIN_RANDAO);
+  const domain = getDomain(config, state, config.params.DOMAIN_RANDAO, epoch);
 
   return {
     type: SignatureSetType.single,

packages/beacon-state-transition/src/altair/block/processSyncCommittee.ts

@@ -31,12 +31,8 @@ export function processSyncCommittee(
       )
     : committeeIndices.filter((index) => !!aggregate.syncCommitteeBits[index]);
   const participantPubkeys = participantIndices.map((validatorIndex) => state.validators[validatorIndex].pubkey);
-  const domain = getDomain(
-    config,
-    state,
-    config.params.DOMAIN_SYNC_COMMITTEE,
-    computeEpochAtSlot(config, previousSlot)
-  );
+  const epochSig = computeEpochAtSlot(config, previousSlot);
+  const domain = getDomain(config, state, config.params.DOMAIN_SYNC_COMMITTEE, epochSig);
   const signingRoot = computeSigningRoot(
     config,
     config.types.Root,

packages/beacon-state-transition/src/naive/phase0/block/randao.ts

@@ -17,19 +17,19 @@ export function processRandao(
   body: phase0.BeaconBlockBody,
   verifySignature = true
 ): void {
-  const currentEpoch = getCurrentEpoch(config, state);
+  const stateEpoch = getCurrentEpoch(config, state);
   const proposer = state.validators[getBeaconProposerIndex(config, state)];
-  const domain = getDomain(config, state, config.params.DOMAIN_RANDAO);
-  const signingRoot = computeSigningRoot(config, config.types.Epoch, currentEpoch, domain);
+  const domain = getDomain(config, state, config.params.DOMAIN_RANDAO, stateEpoch);
+  const signingRoot = computeSigningRoot(config, config.types.Epoch, stateEpoch, domain);
   // Verify RANDAO reveal
   assert.true(
     !verifySignature ||
       bls.verify(proposer.pubkey.valueOf() as Uint8Array, signingRoot, body.randaoReveal.valueOf() as Uint8Array),
     "Invalid RANDAO reveal"
   );
   // Mix it in
-  state.randaoMixes[currentEpoch % config.params.EPOCHS_PER_HISTORICAL_VECTOR] = xor(
-    Buffer.from(getRandaoMix(config, state, currentEpoch) as Uint8Array),
+  state.randaoMixes[stateEpoch % config.params.EPOCHS_PER_HISTORICAL_VECTOR] = xor(
+    Buffer.from(getRandaoMix(config, state, stateEpoch) as Uint8Array),
     Buffer.from(hash(body.randaoReveal.valueOf() as Uint8Array))
   );
 }

packages/beacon-state-transition/src/util/block.ts

@@ -2,14 +2,16 @@ import bls from "@chainsafe/bls";
 import {IBeaconConfig} from "@chainsafe/lodestar-config";
 import {allForks} from "@chainsafe/lodestar-types";
 import {getDomain} from "./domain";
+import {computeEpochAtSlot} from "./epoch";
 import {computeSigningRoot} from "./signingRoot";
 
 export function verifyBlockSignature(
   config: IBeaconConfig,
   state: allForks.BeaconState,
   signedBlock: allForks.SignedBeaconBlock
 ): boolean {
-  const domain = getDomain(config, state, config.params.DOMAIN_BEACON_PROPOSER);
+  const epochSig = computeEpochAtSlot(config, signedBlock.message.slot);
+  const domain = getDomain(config, state, config.params.DOMAIN_BEACON_PROPOSER, epochSig);
   const blockType = config.getForkTypes(signedBlock.message.slot).BeaconBlock;
   const signingRoot = computeSigningRoot(config, blockType, signedBlock.message, domain);
   const proposer = state.validators[signedBlock.message.proposerIndex];

packages/beacon-state-transition/src/util/domain.ts

@@ -6,7 +6,6 @@ import {IBeaconConfig} from "@chainsafe/lodestar-config";
 
 import {ZERO_HASH} from "../constants";
 
-import {getCurrentEpoch} from "./epoch";
 import {computeForkDataRoot} from "./fork";
 
 /**
@@ -39,9 +38,8 @@ export function getDomain(
   config: IBeaconConfig,
   state: allForks.BeaconState,
   domainType: DomainType,
-  messageEpoch: Epoch | null = null
+  messageEpoch: Epoch
 ): Buffer {
-  const epoch = messageEpoch ?? getCurrentEpoch(config, state);
-  const forkVersion = getForkVersion(state.fork, epoch);
+  const forkVersion = getForkVersion(state.fork, messageEpoch);
   return computeDomain(config, domainType, forkVersion, state.genesisValidatorsRoot);
 }

packages/beacon-state-transition/src/util/validatorStatus.ts

@@ -130,17 +130,14 @@ export function isValidProposerSlashing(
   if (!verifySignatures) {
     return true;
   }
-  const domain = getDomain(
-    config,
-    state,
-    config.params.DOMAIN_BEACON_PROPOSER,
-    computeEpochAtSlot(config, header1.slot)
-  );
+
+  const epochSig1 = computeEpochAtSlot(config, header1.slot);
+  const domain1 = getDomain(config, state, config.params.DOMAIN_BEACON_PROPOSER, epochSig1);
   const signingRoot = computeSigningRoot(
     config,
     config.types.phase0.BeaconBlockHeader,
     proposerSlashing.signedHeader1.message,
-    domain
+    domain1
   );
   const proposalData1Verified = bls.verify(
     proposer.pubkey.valueOf() as Uint8Array,
@@ -150,12 +147,9 @@ export function isValidProposerSlashing(
   if (!proposalData1Verified) {
     return false;
   }
-  const domain2 = getDomain(
-    config,
-    state,
-    config.params.DOMAIN_BEACON_PROPOSER,
-    computeEpochAtSlot(config, header2.slot)
-  );
+
+  const epochSig2 = computeEpochAtSlot(config, header2.slot);
+  const domain2 = getDomain(config, state, config.params.DOMAIN_BEACON_PROPOSER, epochSig2);
   const signingRoot2 = computeSigningRoot(
     config,
     config.types.phase0.BeaconBlockHeader,

packages/lodestar/src/chain/validation/signatureSets/contributionAndProof.ts

@@ -13,8 +13,8 @@ export function getContributionAndProofSignatureSet(
   signedContributionAndProof: altair.SignedContributionAndProof
 ): ISignatureSet {
   const {config, epochCtx} = state;
-  const msgEpoch = computeEpochAtSlot(config, signedContributionAndProof.message.contribution.slot);
-  const domain = getDomain(config, state, config.params.DOMAIN_CONTRIBUTION_AND_PROOF, msgEpoch);
+  const epochSig = computeEpochAtSlot(config, signedContributionAndProof.message.contribution.slot);
+  const domain = getDomain(config, state, config.params.DOMAIN_CONTRIBUTION_AND_PROOF, epochSig);
   const signingData = signedContributionAndProof.message;
   return {
     type: SignatureSetType.single,

packages/lodestar/src/chain/validation/signatureSets/selectionProof.ts

@@ -16,8 +16,8 @@ export function getSelectionProofSignatureSet(
   aggregator: PublicKey,
   aggregateAndProof: phase0.SignedAggregateAndProof
 ): ISignatureSet {
-  const epoch = computeEpochAtSlot(config, slot);
-  const selectionProofDomain = getDomain(config, state, config.params.DOMAIN_SELECTION_PROOF, epoch);
+  const epochSig = computeEpochAtSlot(config, slot);
+  const selectionProofDomain = getDomain(config, state, config.params.DOMAIN_SELECTION_PROOF, epochSig);
 
   return {
     type: SignatureSetType.single,

packages/lodestar/src/chain/validation/signatureSets/syncCommittee.ts

@@ -13,8 +13,8 @@ export function getSyncCommitteeSignatureSet(
   syncCommittee: altair.SyncCommitteeSignature
 ): ISignatureSet {
   const {config} = state;
-  const msgEpoch = computeEpochAtSlot(config, syncCommittee.slot);
-  const domain = getDomain(config, state, config.params.DOMAIN_SYNC_COMMITTEE, msgEpoch);
+  const epochSig = computeEpochAtSlot(config, syncCommittee.slot);
+  const domain = getDomain(config, state, config.params.DOMAIN_SYNC_COMMITTEE, epochSig);
 
   return {
     type: SignatureSetType.single,

packages/lodestar/src/chain/validation/signatureSets/syncCommitteeContribution.ts

@@ -16,8 +16,8 @@ export function getSyncCommitteeContributionSignatureSet(
   contribution: altair.SyncCommitteeContribution
 ): ISignatureSet {
   const {config} = state;
-  const currentEpoch = computeEpochAtSlot(config, contribution.slot);
-  const domain = getDomain(config, state, config.params.DOMAIN_SYNC_COMMITTEE, currentEpoch);
+  const epochSig = computeEpochAtSlot(config, contribution.slot);
+  const domain = getDomain(config, state, config.params.DOMAIN_SYNC_COMMITTEE, epochSig);
   return {
     type: SignatureSetType.aggregate,
     pubkeys: getContributionPubkeys(state, contribution),

packages/lodestar/src/chain/validation/signatureSets/syncCommitteeSelectionProof.ts

@@ -14,8 +14,8 @@ export function getSyncCommitteeSelectionProofSignatureSet(
 ): ISignatureSet {
   const {config, epochCtx} = state;
   const slot = contributionAndProof.contribution.slot;
-  const epoch = computeEpochAtSlot(config, slot);
-  const domain = getDomain(config, state, config.params.DOMAIN_SYNC_COMMITTEE_SELECTION_PROOF, epoch);
+  const epochSig = computeEpochAtSlot(config, slot);
+  const domain = getDomain(config, state, config.params.DOMAIN_SYNC_COMMITTEE_SELECTION_PROOF, epochSig);
   const signingData: altair.SyncAggregatorSelectionData = {
     slot,
     subCommitteeIndex: contributionAndProof.contribution.subCommitteeIndex,