Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Where are the header checks from the chain specification in PBFT? #878

Closed
Vtec234 opened this issue Aug 5, 2019 · 2 comments · Fixed by #879
Closed

Where are the header checks from the chain specification in PBFT? #878

Vtec234 opened this issue Aug 5, 2019 · 2 comments · Fixed by #879
Labels
audit consensus issues related to ouroboros-consensus

Comments

@Vtec234
Copy link

Vtec234 commented Aug 5, 2019

This isn't so much an issue as it is a question from the code audit. The chain specification, section 4.2 "Permissive BFT Header Processing" specifies some checks to do when processing the block header, and among them:

2. We check that the current block is being issued for a slot no later than the current slot (as
determined by the system clock).
3. We check that the previous block hash contained in the block header corresponds to the
known hash of the previous block.

While I could see the other processing rules in applyChainState, I couldn't find these two, so this issue is to ask where they are implemented. There are checks in ChainFragment that seem to implement rule 3, but how does control from PBFT.hs reach them?
@mrBliss
Copy link
Contributor

mrBliss commented Aug 5, 2019

Note that the ChainSync client downloads block headers and does some processing.

  1. This is checked in the ChainSync client: https://github.com/input-output-hk/ouroboros-network/blob/5c25acf9b89d3b4adc6235c50f25f61ce14a5d96/ouroboros-consensus/src/Ouroboros/Consensus/ChainSyncClient.hs#L402
    Also see https://github.com/input-output-hk/ouroboros-network/blob/5c25acf9b89d3b4adc6235c50f25f61ce14a5d96/ouroboros-consensus/src/Ouroboros/Consensus/Node.hs#L126 https://github.com/input-output-hk/ouroboros-network/blob/5c25acf9b89d3b4adc6235c50f25f61ce14a5d96/ouroboros-consensus/src/Ouroboros/Consensus/NodeNetwork.hs#L151 We allow some configurable amount of clock skew, e.g., we won't reject a header that is one slot in the future because the node's clock might be a few seconds late.
  2. The check in ChainFragment is triggered by https://github.com/input-output-hk/ouroboros-network/blob/5c25acf9b89d3b4adc6235c50f25f61ce14a5d96/ouroboros-consensus/src/Ouroboros/Consensus/ChainSyncClient.hs#L413
    which uses the AnchoredFragments (which wraps ChainFragment) :> constructor. This check should indeed be done sooner and throw a proper exception instead of using error.

@mrBliss mrBliss added audit consensus issues related to ouroboros-consensus labels Aug 5, 2019
mrBliss added a commit that referenced this issue Aug 5, 2019
@mrBliss
ChainSyncClient: throw an exception when the header doesn't fit
351ad5e 
Closes #878.

From "4.2 Permissive BFT Header Processing":

2. We check that the previous block hash contained in the block header
   corresponds to the known hash of the previous block.

We were implicitly checking this with the `:>` constructor of
`AnchoredFragment`, but this would only throw an `error` when assertions are
enabled. Now, we throw a proper exception.
@mrBliss mrBliss mentioned this issue Aug 5, 2019
Merged
@Vtec234
Copy link
Author

Vtec234 commented Aug 5, 2019
edited

Thank you for the comprehensive answer, this clears up all confusion on my part. The issue can be closed via the PR.

mrBliss added a commit that referenced this issue Aug 5, 2019
@mrBliss
ChainSyncClient: throw an exception when the header doesn't fit
17ef5f3 
Closes #878.

From "4.2 Permissive BFT Header Processing":

2. We check that the previous block hash contained in the block header
   corresponds to the known hash of the previous block.

We were implicitly checking this with the `:>` constructor of
`AnchoredFragment`, but this would only throw an `error` when assertions are
enabled. Now, we throw a proper exception.
mrBliss added a commit that referenced this issue Aug 6, 2019
@mrBliss
ChainSyncClient: throw an exception when the header doesn't fit
5c9280f 
Closes #878.

From "4.2 Permissive BFT Header Processing":

2. We check that the previous block hash contained in the block header
   corresponds to the known hash of the previous block.

We were implicitly checking this with the `:>` constructor of
`AnchoredFragment`, but this would only throw an `error` when assertions are
enabled. Now, we throw a proper exception.
iohk-bors bot added a commit that referenced this issue Aug 6, 2019
@iohk-bors @mrBliss
Merge #879
2d1ac38 
879: ChainSyncClient: throw an exception when the header doesn't fit r=mrBliss a=mrBliss

Closes #878.

From "4.2 Permissive BFT Header Processing":

2. We check that the previous block hash contained in the block header
   corresponds to the known hash of the previous block.

We were implicitly checking this with the `:>` constructor of
`AnchoredFragment`, but this would only throw an `error` when assertions are
enabled. Now, we throw a proper exception.

Co-authored-by: Thomas Winant <thomas@well-typed.com>
@iohk-bors iohk-bors bot closed this as completed in #879 Aug 6, 2019
mrBliss added a commit that referenced this issue Oct 15, 2020
@mrBliss
Update haskell.nix to include #878
a52d3f6
mrBliss added a commit that referenced this issue Oct 16, 2020
@mrBliss
Update haskell.nix to include #878
3e4b47c
mrBliss added a commit that referenced this issue Oct 16, 2020
@mrBliss
Update haskell.nix to include #878
e975c6b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
audit consensus issues related to ouroboros-consensus
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ChainSyncClient: throw an exception when the header doesn't fit IntersectMBO/ouroboros-network
2 participants
@mrBliss @Vtec234