Skip to content

fix: Store authority in AttesterInfo and check for authz; proto-gen #362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
alpe wants to merge 9 commits into
base: main
Choose a base branch
from
Open

fix: Store authority in AttesterInfo and check for authz; proto-gen #362

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
172885e
feat: Store `authority` in `AttesterInfo` and check for authz; proto-gen
alpe Feb 24, 2026
4b54536
Merge branch 'main' into security/authority-verification2
alpe Feb 24, 2026
2979766
Fix tests
alpe Feb 24, 2026
2bbbb8b
Review feedback
alpe Feb 26, 2026
1208936
Merge branch 'main' into security/authority-verification2
alpe Feb 26, 2026
ebc7c76
Remove attester info on leave
alpe Feb 26, 2026
6f74824
Merge branch 'main' into security/authority-verification2
alpe Mar 12, 2026
aba5980
Update test
alpe Mar 12, 2026
23dcd68
Merge branch 'main' into security/authority-verification2
alpe Mar 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 26 additions & 22 deletions modules/network/keeper/msg_server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,13 @@ func (k msgServer) Attest(goCtx context.Context, msg *types.MsgAttest) (*types.M
!k.IsCheckpointHeight(ctx, msg.Height) {
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "height %d is not a checkpoint", msg.Height)
}
has, err := k.IsInAttesterSet(ctx, msg.ConsensusAddress)
if err != nil {
return nil, sdkerr.Wrapf(err, "in attester set")

if len(msg.Vote) < MinVoteLen {
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "vote payload too short: got %d bytes, minimum %d", len(msg.Vote), MinVoteLen)
}
if !has {
return nil, sdkerr.Wrapf(sdkerrors.ErrUnauthorized, "consensus address %s not in attester set", msg.ConsensusAddress)

if err := k.assertValidValidatorAuthority(ctx, msg.ConsensusAddress, msg.Authority); err != nil {
return nil, err
}

index, found := k.GetValidatorIndex(ctx, msg.ConsensusAddress)
Expand Down Expand Up @@ -91,15 +92,6 @@ func (k msgServer) Attest(goCtx context.Context, msg *types.MsgAttest) (*types.M
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "consensus address %s already attested for height %d", msg.ConsensusAddress, msg.Height)
}

// Validate vote payload meets minimum signature length.
// A valid vote must contain at least a cryptographic signature (
// 64 bytes for Ed25519). We enforce the minimum here; full cryptographic
// verification of the signature against the block data should be added once
// the vote format is finalized.
if len(msg.Vote) < MinVoteLen {
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "vote payload too short: got %d bytes, minimum %d", len(msg.Vote), MinVoteLen)
}

// Set the bit
k.bitmapHelper.SetBit(bitmap, int(index))
if err := k.SetAttestationBitmap(ctx, msg.Height, bitmap); err != nil {
Expand Down Expand Up @@ -200,15 +192,14 @@ func (k msgServer) JoinAttesterSet(goCtx context.Context, msg *types.MsgJoinAtte

// Store the attester information including pubkey (key by consensus address)
attesterInfo := &types.AttesterInfo{
Validator: msg.ConsensusAddress, // Use consensus address as primary key
Authority: msg.Authority,
Pubkey: msg.Pubkey,
JoinedHeight: ctx.BlockHeight(),
}

if err := k.SetAttesterInfo(ctx, msg.ConsensusAddress, attesterInfo); err != nil {
return nil, sdkerr.Wrap(err, "set attester info")
}

// TODO (Alex): the valset should be updated at the end of an epoch only
if err := k.SetAttesterSetMember(ctx, msg.ConsensusAddress); err != nil {
return nil, sdkerr.Wrap(err, "set attester set member")
Expand All @@ -229,14 +220,13 @@ func (k msgServer) JoinAttesterSet(goCtx context.Context, msg *types.MsgJoinAtte
func (k msgServer) LeaveAttesterSet(goCtx context.Context, msg *types.MsgLeaveAttesterSet) (*types.MsgLeaveAttesterSetResponse, error) {
ctx := sdk.UnwrapSDKContext(goCtx)

has, err := k.IsInAttesterSet(ctx, msg.ConsensusAddress)
if err != nil {
return nil, sdkerr.Wrapf(err, "in attester set")
}
if !has {
return nil, sdkerr.Wrapf(sdkerrors.ErrInvalidRequest, "consensus address not in attester set")
if err := k.assertValidValidatorAuthority(ctx, msg.ConsensusAddress, msg.Authority); err != nil {
return nil, err
}

if err := k.AttesterInfo.Remove(ctx, msg.ConsensusAddress); err != nil {
return nil, sdkerr.Wrap(err, "remove attester info")
}
// TODO (Alex): the valset should be updated at the end of an epoch only
if err := k.RemoveAttesterSetMember(ctx, msg.ConsensusAddress); err != nil {
return nil, sdkerr.Wrap(err, "remove attester set member")
Expand All @@ -253,6 +243,20 @@ func (k msgServer) LeaveAttesterSet(goCtx context.Context, msg *types.MsgLeaveAt
return &types.MsgLeaveAttesterSetResponse{}, nil
}

func (k msgServer) assertValidValidatorAuthority(ctx sdk.Context, consensusAddress, authority string) error {
v, err := k.AttesterInfo.Get(ctx, consensusAddress)
if err != nil {
if errors.Is(err, collections.ErrNotFound) {
return sdkerr.Wrapf(sdkerrors.ErrUnauthorized, "consensus address %s not in attester set", consensusAddress)
}
return sdkerr.Wrapf(err, "attester set")
}
if v.Authority != authority {
return sdkerr.Wrapf(sdkerrors.ErrUnauthorized, "address %s", authority)
}
return nil
}

// UpdateParams handles MsgUpdateParams
func (k msgServer) UpdateParams(goCtx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) {
ctx := sdk.UnwrapSDKContext(goCtx)
Expand Down
Loading
Loading