Update bridges subtree (#1392)

* Move the bridges subtree under root * Squashed 'bridges/' changes from 277f0d5496..e50398d1c5 e50398d1c5 bridges subtree fixes (#2528) 99af07522d Markdown linter (#1309) (#2526) 733ff0fe7a `polkadot-staging` branch: Use polkadot-sdk dependencies (#2524) e8a59f141e Fix benchmark with new XCM::V3 `MAX_INSTRUCTIONS_TO_DECODE` (#2514) 62b185de15 Backport `polkadot-sdk` changes to `polkadot-staging` (#2518) d9658f4d5b Fix equivocation detection containers startup (#2516) (#2517) d65db28a8f Backport: building images from locally built binaries (#2513) 5fdbaf45f6 Start the equivocation detection loop from the complex relayer (#2507) (#2512) 7fbb67de46 Backport: Implement basic equivocations detection loop (#2375) cb7efe245c Manually update deps in polkadot staging (#2371) d17981fc33 #2351 to polkadot-staging (#2359) git-subtree-dir: bridges git-subtree-split: e50398d1c594e4e96df70b0bd376e565d17e8558 * Reapply diener workspacify * Fix Cargo.toml * Fix test * Adjustments
2026-06-20 18:41:01 +00:00 · 2023-09-11 11:47:45 +03:00
parent fbf5a814f0
commit 142a11ad95
134 changed files with 397 additions and 342 deletions
@@ -0,0 +1,45 @@
+[package]
+name = "bp-header-chain"
+description = "A common interface for describing what a bridge pallet should be able to do."
+version = "0.1.0"
+authors.workspace = true
+edition.workspace = true
+license = "GPL-3.0-or-later WITH Classpath-exception-2.0"
+
+[dependencies]
+codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false }
+finality-grandpa = { version = "0.16.2", default-features = false }
+scale-info = { version = "2.9.0", default-features = false, features = ["derive"] }
+serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] }
+
+# Bridge dependencies
+
+bp-runtime = { path = "../runtime", default-features = false }
+
+# Substrate Dependencies
+
+frame-support = { path = "../../../substrate/frame/support", default-features = false }
+sp-core = { path = "../../../substrate/primitives/core", default-features = false, features = ["serde"] }
+sp-consensus-grandpa = { path = "../../../substrate/primitives/consensus/grandpa", default-features = false, features = ["serde"] }
+sp-runtime = { path = "../../../substrate/primitives/runtime", default-features = false, features = ["serde"] }
+sp-std = { path = "../../../substrate/primitives/std", default-features = false }
+
+[dev-dependencies]
+bp-test-utils = { path = "../test-utils" }
+hex = "0.4"
+hex-literal = "0.4"
+
+[features]
+default = [ "std" ]
+std = [
+	"bp-runtime/std",
+	"codec/std",
+	"finality-grandpa/std",
+	"frame-support/std",
+	"scale-info/std",
+	"serde/std",
+	"sp-consensus-grandpa/std",
+	"sp-core/std",
+	"sp-runtime/std",
+	"sp-std/std",
+]
@@ -0,0 +1,132 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Logic for checking GRANDPA Finality Proofs.
+//!
+//! Adapted copy of substrate/client/finality-grandpa/src/justification.rs. If origin
+//! will ever be moved to the sp_consensus_grandpa, we should reuse that implementation.
+
+mod verification;
+
+use crate::ChainWithGrandpa;
+pub use verification::{
+	equivocation::{EquivocationsCollector, GrandpaEquivocationsFinder},
+	optimizer::verify_and_optimize_justification,
+	strict::verify_justification,
+	AncestryChain, Error as JustificationVerificationError, JustificationVerificationContext,
+	PrecommitError,
+};
+
+use bp_runtime::{BlockNumberOf, Chain, HashOf, HeaderId};
+use codec::{Decode, Encode, MaxEncodedLen};
+use frame_support::RuntimeDebugNoBound;
+use scale_info::TypeInfo;
+use sp_consensus_grandpa::{AuthorityId, AuthoritySignature};
+use sp_runtime::{traits::Header as HeaderT, RuntimeDebug, SaturatedConversion};
+use sp_std::prelude::*;
+
+/// A GRANDPA Justification is a proof that a given header was finalized
+/// at a certain height and with a certain set of authorities.
+///
+/// This particular proof is used to prove that headers on a bridged chain
+/// (so not our chain) have been finalized correctly.
+#[derive(Encode, Decode, Clone, PartialEq, Eq, TypeInfo, RuntimeDebugNoBound)]
+pub struct GrandpaJustification<Header: HeaderT> {
+	/// The round (voting period) this justification is valid for.
+	pub round: u64,
+	/// The set of votes for the chain which is to be finalized.
+	pub commit:
+		finality_grandpa::Commit<Header::Hash, Header::Number, AuthoritySignature, AuthorityId>,
+	/// A proof that the chain of blocks in the commit are related to each other.
+	pub votes_ancestries: Vec<Header>,
+}
+
+impl<H: HeaderT> GrandpaJustification<H> {
+	/// Returns reasonable size of justification using constants from the provided chain.
+	///
+	/// An imprecise analogue of `MaxEncodedLen` implementation. We don't use it for
+	/// any precise calculations - that's just an estimation.
+	pub fn max_reasonable_size<C>(required_precommits: u32) -> u32
+	where
+		C: Chain + ChainWithGrandpa,
+	{
+		// we don't need precise results here - just estimations, so some details
+		// are removed from computations (e.g. bytes required to encode vector length)
+
+		// structures in `finality_grandpa` crate are not implementing `MaxEncodedLength`, so
+		// here's our estimation for the `finality_grandpa::Commit` struct size
+		//
+		// precommit is: hash + number
+		// signed precommit is: precommit + signature (64b) + authority id
+		// commit is: hash + number + vec of signed precommits
+		let signed_precommit_size: u32 = BlockNumberOf::<C>::max_encoded_len()
+			.saturating_add(HashOf::<C>::max_encoded_len().saturated_into())
+			.saturating_add(64)
+			.saturating_add(AuthorityId::max_encoded_len().saturated_into())
+			.saturated_into();
+		let max_expected_signed_commit_size = signed_precommit_size
+			.saturating_mul(required_precommits)
+			.saturating_add(BlockNumberOf::<C>::max_encoded_len().saturated_into())
+			.saturating_add(HashOf::<C>::max_encoded_len().saturated_into());
+
+		let max_expected_votes_ancestries_size = C::REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY
+			.saturating_mul(C::AVERAGE_HEADER_SIZE_IN_JUSTIFICATION);
+
+		// justification is round number (u64=8b), a signed GRANDPA commit and the
+		// `votes_ancestries` vector
+		8u32.saturating_add(max_expected_signed_commit_size)
+			.saturating_add(max_expected_votes_ancestries_size)
+	}
+
+	/// Return identifier of header that this justification claims to finalize.
+	pub fn commit_target_id(&self) -> HeaderId<H::Hash, H::Number> {
+		HeaderId(self.commit.target_number, self.commit.target_hash)
+	}
+}
+
+impl<H: HeaderT> crate::FinalityProof<H::Hash, H::Number> for GrandpaJustification<H> {
+	fn target_header_hash(&self) -> H::Hash {
+		self.commit.target_hash
+	}
+
+	fn target_header_number(&self) -> H::Number {
+		self.commit.target_number
+	}
+}
+
+/// Justification verification error.
+#[derive(Eq, RuntimeDebug, PartialEq)]
+pub enum Error {
+	/// Failed to decode justification.
+	JustificationDecode,
+}
+
+/// Given GRANDPA authorities set size, return number of valid authorities votes that the
+/// justification must have to be valid.
+///
+/// This function assumes that all authorities have the same vote weight.
+pub fn required_justification_precommits(authorities_set_length: u32) -> u32 {
+	authorities_set_length - authorities_set_length.saturating_sub(1) / 3
+}
+
+/// Decode justification target.
+pub fn decode_justification_target<Header: HeaderT>(
+	raw_justification: &[u8],
+) -> Result<(Header::Hash, Header::Number), Error> {
+	GrandpaJustification::<Header>::decode(&mut &*raw_justification)
+		.map(|justification| (justification.commit.target_hash, justification.commit.target_number))
+		.map_err(|_| Error::JustificationDecode)
+}
@@ -0,0 +1,193 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Logic for extracting equivocations from multiple GRANDPA Finality Proofs.
+
+use crate::{
+	justification::{
+		verification::{
+			Error as JustificationVerificationError, IterationFlow,
+			JustificationVerificationContext, JustificationVerifier, PrecommitError,
+			SignedPrecommit,
+		},
+		GrandpaJustification,
+	},
+	ChainWithGrandpa, FindEquivocations,
+};
+
+use bp_runtime::{BlockNumberOf, HashOf, HeaderOf};
+use sp_consensus_grandpa::{AuthorityId, AuthoritySignature, EquivocationProof, Precommit};
+use sp_runtime::traits::Header as HeaderT;
+use sp_std::{
+	collections::{btree_map::BTreeMap, btree_set::BTreeSet},
+	prelude::*,
+};
+
+enum AuthorityVotes<Header: HeaderT> {
+	SingleVote(SignedPrecommit<Header>),
+	Equivocation(
+		finality_grandpa::Equivocation<AuthorityId, Precommit<Header>, AuthoritySignature>,
+	),
+}
+
+/// Structure that can extract equivocations from multiple GRANDPA justifications.
+pub struct EquivocationsCollector<'a, Header: HeaderT> {
+	round: u64,
+	context: &'a JustificationVerificationContext,
+
+	votes: BTreeMap<AuthorityId, AuthorityVotes<Header>>,
+}
+
+impl<'a, Header: HeaderT> EquivocationsCollector<'a, Header> {
+	/// Create a new instance of `EquivocationsCollector`.
+	pub fn new(
+		context: &'a JustificationVerificationContext,
+		base_justification: &GrandpaJustification<Header>,
+	) -> Result<Self, JustificationVerificationError> {
+		let mut checker = Self { round: base_justification.round, context, votes: BTreeMap::new() };
+
+		checker.verify_justification(
+			(base_justification.commit.target_hash, base_justification.commit.target_number),
+			checker.context,
+			base_justification,
+		)?;
+
+		Ok(checker)
+	}
+
+	/// Parse additional justifications for equivocations.
+	pub fn parse_justifications(&mut self, justifications: &[GrandpaJustification<Header>]) {
+		let round = self.round;
+		for justification in
+			justifications.iter().filter(|justification| round == justification.round)
+		{
+			// We ignore the Errors received here since we don't care if the proofs are valid.
+			// We only care about collecting equivocations.
+			let _ = self.verify_justification(
+				(justification.commit.target_hash, justification.commit.target_number),
+				self.context,
+				justification,
+			);
+		}
+	}
+
+	/// Extract the equivocation proofs that have been collected.
+	pub fn into_equivocation_proofs(self) -> Vec<EquivocationProof<Header::Hash, Header::Number>> {
+		let mut equivocations = vec![];
+		for (_authority, vote) in self.votes {
+			if let AuthorityVotes::Equivocation(equivocation) = vote {
+				equivocations.push(EquivocationProof::new(
+					self.context.authority_set_id,
+					sp_consensus_grandpa::Equivocation::Precommit(equivocation),
+				));
+			}
+		}
+
+		equivocations
+	}
+}
+
+impl<'a, Header: HeaderT> JustificationVerifier<Header> for EquivocationsCollector<'a, Header> {
+	fn process_redundant_vote(
+		&mut self,
+		_precommit_idx: usize,
+	) -> Result<IterationFlow, PrecommitError> {
+		Ok(IterationFlow::Run)
+	}
+
+	fn process_known_authority_vote(
+		&mut self,
+		_precommit_idx: usize,
+		_signed: &SignedPrecommit<Header>,
+	) -> Result<IterationFlow, PrecommitError> {
+		Ok(IterationFlow::Run)
+	}
+
+	fn process_unknown_authority_vote(
+		&mut self,
+		_precommit_idx: usize,
+	) -> Result<(), PrecommitError> {
+		Ok(())
+	}
+
+	fn process_unrelated_ancestry_vote(
+		&mut self,
+		_precommit_idx: usize,
+	) -> Result<IterationFlow, PrecommitError> {
+		Ok(IterationFlow::Run)
+	}
+
+	fn process_invalid_signature_vote(
+		&mut self,
+		_precommit_idx: usize,
+	) -> Result<(), PrecommitError> {
+		Ok(())
+	}
+
+	fn process_valid_vote(&mut self, signed: &SignedPrecommit<Header>) {
+		match self.votes.get_mut(&signed.id) {
+			Some(vote) => match vote {
+				AuthorityVotes::SingleVote(first_vote) => {
+					if first_vote.precommit != signed.precommit {
+						*vote = AuthorityVotes::Equivocation(finality_grandpa::Equivocation {
+							round_number: self.round,
+							identity: signed.id.clone(),
+							first: (first_vote.precommit.clone(), first_vote.signature.clone()),
+							second: (signed.precommit.clone(), signed.signature.clone()),
+						});
+					}
+				},
+				AuthorityVotes::Equivocation(_) => {},
+			},
+			None => {
+				self.votes.insert(signed.id.clone(), AuthorityVotes::SingleVote(signed.clone()));
+			},
+		}
+	}
+
+	fn process_redundant_votes_ancestries(
+		&mut self,
+		_redundant_votes_ancestries: BTreeSet<Header::Hash>,
+	) -> Result<(), JustificationVerificationError> {
+		Ok(())
+	}
+}
+
+/// Helper struct for finding equivocations in GRANDPA proofs.
+pub struct GrandpaEquivocationsFinder<C>(sp_std::marker::PhantomData<C>);
+
+impl<C: ChainWithGrandpa>
+	FindEquivocations<
+		GrandpaJustification<HeaderOf<C>>,
+		JustificationVerificationContext,
+		EquivocationProof<HashOf<C>, BlockNumberOf<C>>,
+	> for GrandpaEquivocationsFinder<C>
+{
+	type Error = JustificationVerificationError;
+
+	fn find_equivocations(
+		verification_context: &JustificationVerificationContext,
+		synced_proof: &GrandpaJustification<HeaderOf<C>>,
+		source_proofs: &[GrandpaJustification<HeaderOf<C>>],
+	) -> Result<Vec<EquivocationProof<HashOf<C>, BlockNumberOf<C>>>, Self::Error> {
+		let mut equivocations_collector =
+			EquivocationsCollector::new(verification_context, synced_proof)?;
+
+		equivocations_collector.parse_justifications(source_proofs);
+
+		Ok(equivocations_collector.into_equivocation_proofs())
+	}
+}
@@ -0,0 +1,297 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Logic for checking GRANDPA Finality Proofs.
+
+pub mod equivocation;
+pub mod optimizer;
+pub mod strict;
+
+use crate::{justification::GrandpaJustification, AuthoritySet};
+
+use bp_runtime::HeaderId;
+use finality_grandpa::voter_set::VoterSet;
+use sp_consensus_grandpa::{AuthorityId, AuthoritySignature, SetId};
+use sp_runtime::{traits::Header as HeaderT, RuntimeDebug};
+use sp_std::{
+	collections::{btree_map::BTreeMap, btree_set::BTreeSet},
+	prelude::*,
+};
+
+type SignedPrecommit<Header> = finality_grandpa::SignedPrecommit<
+	<Header as HeaderT>::Hash,
+	<Header as HeaderT>::Number,
+	AuthoritySignature,
+	AuthorityId,
+>;
+
+/// Votes ancestries with useful methods.
+#[derive(RuntimeDebug)]
+pub struct AncestryChain<Header: HeaderT> {
+	/// We expect all forks in the ancestry chain to be descendants of base.
+	base: HeaderId<Header::Hash, Header::Number>,
+	/// Header hash => parent header hash mapping.
+	pub parents: BTreeMap<Header::Hash, Header::Hash>,
+	/// Hashes of headers that were not visited by `ancestry()`.
+	pub unvisited: BTreeSet<Header::Hash>,
+}
+
+impl<Header: HeaderT> AncestryChain<Header> {
+	/// Create new ancestry chain.
+	pub fn new(justification: &GrandpaJustification<Header>) -> AncestryChain<Header> {
+		let mut parents = BTreeMap::new();
+		let mut unvisited = BTreeSet::new();
+		for ancestor in &justification.votes_ancestries {
+			let hash = ancestor.hash();
+			let parent_hash = *ancestor.parent_hash();
+			parents.insert(hash, parent_hash);
+			unvisited.insert(hash);
+		}
+		AncestryChain { base: justification.commit_target_id(), parents, unvisited }
+	}
+
+	/// Returns a route if the precommit target block is a descendant of the `base` block.
+	pub fn ancestry(
+		&self,
+		precommit_target_hash: &Header::Hash,
+		precommit_target_number: &Header::Number,
+	) -> Option<Vec<Header::Hash>> {
+		if precommit_target_number < &self.base.number() {
+			return None
+		}
+
+		let mut route = vec![];
+		let mut current_hash = *precommit_target_hash;
+		loop {
+			if current_hash == self.base.hash() {
+				break
+			}
+
+			current_hash = match self.parents.get(&current_hash) {
+				Some(parent_hash) => {
+					let is_visited_before = self.unvisited.get(&current_hash).is_none();
+					if is_visited_before {
+						// If the current header has been visited in a previous call, it is a
+						// descendent of `base` (we assume that the previous call was successful).
+						return Some(route)
+					}
+					route.push(current_hash);
+
+					*parent_hash
+				},
+				None => return None,
+			};
+		}
+
+		Some(route)
+	}
+
+	fn mark_route_as_visited(&mut self, route: Vec<Header::Hash>) {
+		for hash in route {
+			self.unvisited.remove(&hash);
+		}
+	}
+
+	fn is_fully_visited(&self) -> bool {
+		self.unvisited.is_empty()
+	}
+}
+
+/// Justification verification error.
+#[derive(Eq, RuntimeDebug, PartialEq)]
+pub enum Error {
+	/// Could not convert `AuthorityList` to `VoterSet`.
+	InvalidAuthorityList,
+	/// Justification is finalizing unexpected header.
+	InvalidJustificationTarget,
+	/// Error validating a precommit
+	Precommit(PrecommitError),
+	/// The cumulative weight of all votes in the justification is not enough to justify commit
+	/// header finalization.
+	TooLowCumulativeWeight,
+	/// The justification contains extra (unused) headers in its `votes_ancestries` field.
+	RedundantVotesAncestries,
+}
+
+/// Justification verification error.
+#[derive(Eq, RuntimeDebug, PartialEq)]
+pub enum PrecommitError {
+	/// Justification contains redundant votes.
+	RedundantAuthorityVote,
+	/// Justification contains unknown authority precommit.
+	UnknownAuthorityVote,
+	/// Justification contains duplicate authority precommit.
+	DuplicateAuthorityVote,
+	/// The authority has provided an invalid signature.
+	InvalidAuthoritySignature,
+	/// The justification contains precommit for header that is not a descendant of the commit
+	/// header.
+	UnrelatedAncestryVote,
+}
+
+/// The context needed for validating GRANDPA finality proofs.
+pub struct JustificationVerificationContext {
+	/// The authority set used to verify the justification.
+	pub voter_set: VoterSet<AuthorityId>,
+	/// The ID of the authority set used to verify the justification.
+	pub authority_set_id: SetId,
+}
+
+impl TryFrom<AuthoritySet> for JustificationVerificationContext {
+	type Error = Error;
+
+	fn try_from(authority_set: AuthoritySet) -> Result<Self, Self::Error> {
+		let voter_set =
+			VoterSet::new(authority_set.authorities).ok_or(Error::InvalidAuthorityList)?;
+		Ok(JustificationVerificationContext { voter_set, authority_set_id: authority_set.set_id })
+	}
+}
+
+enum IterationFlow {
+	Run,
+	Skip,
+}
+
+/// Verification callbacks.
+trait JustificationVerifier<Header: HeaderT> {
+	fn process_redundant_vote(
+		&mut self,
+		precommit_idx: usize,
+	) -> Result<IterationFlow, PrecommitError>;
+
+	fn process_known_authority_vote(
+		&mut self,
+		precommit_idx: usize,
+		signed: &SignedPrecommit<Header>,
+	) -> Result<IterationFlow, PrecommitError>;
+
+	fn process_unknown_authority_vote(
+		&mut self,
+		precommit_idx: usize,
+	) -> Result<(), PrecommitError>;
+
+	fn process_unrelated_ancestry_vote(
+		&mut self,
+		precommit_idx: usize,
+	) -> Result<IterationFlow, PrecommitError>;
+
+	fn process_invalid_signature_vote(
+		&mut self,
+		precommit_idx: usize,
+	) -> Result<(), PrecommitError>;
+
+	fn process_valid_vote(&mut self, signed: &SignedPrecommit<Header>);
+
+	/// Called when there are redundant headers in the votes ancestries.
+	fn process_redundant_votes_ancestries(
+		&mut self,
+		redundant_votes_ancestries: BTreeSet<Header::Hash>,
+	) -> Result<(), Error>;
+
+	fn verify_justification(
+		&mut self,
+		finalized_target: (Header::Hash, Header::Number),
+		context: &JustificationVerificationContext,
+		justification: &GrandpaJustification<Header>,
+	) -> Result<(), Error> {
+		// ensure that it is justification for the expected header
+		if (justification.commit.target_hash, justification.commit.target_number) !=
+			finalized_target
+		{
+			return Err(Error::InvalidJustificationTarget)
+		}
+
+		let threshold = context.voter_set.threshold().get();
+		let mut chain = AncestryChain::new(justification);
+		let mut signature_buffer = Vec::new();
+		let mut cumulative_weight = 0u64;
+
+		for (precommit_idx, signed) in justification.commit.precommits.iter().enumerate() {
+			if cumulative_weight >= threshold {
+				let action =
+					self.process_redundant_vote(precommit_idx).map_err(Error::Precommit)?;
+				if matches!(action, IterationFlow::Skip) {
+					continue
+				}
+			}
+
+			// authority must be in the set
+			let authority_info = match context.voter_set.get(&signed.id) {
+				Some(authority_info) => {
+					// The implementer may want to do extra checks here.
+					// For example to see if the authority has already voted in the same round.
+					let action = self
+						.process_known_authority_vote(precommit_idx, signed)
+						.map_err(Error::Precommit)?;
+					if matches!(action, IterationFlow::Skip) {
+						continue
+					}
+
+					authority_info
+				},
+				None => {
+					self.process_unknown_authority_vote(precommit_idx).map_err(Error::Precommit)?;
+					continue
+				},
+			};
+
+			// all precommits must be descendants of the target block
+			let maybe_route =
+				chain.ancestry(&signed.precommit.target_hash, &signed.precommit.target_number);
+			if maybe_route.is_none() {
+				let action = self
+					.process_unrelated_ancestry_vote(precommit_idx)
+					.map_err(Error::Precommit)?;
+				if matches!(action, IterationFlow::Skip) {
+					continue
+				}
+			}
+
+			// verify authority signature
+			if !sp_consensus_grandpa::check_message_signature_with_buffer(
+				&finality_grandpa::Message::Precommit(signed.precommit.clone()),
+				&signed.id,
+				&signed.signature,
+				justification.round,
+				context.authority_set_id,
+				&mut signature_buffer,
+			) {
+				self.process_invalid_signature_vote(precommit_idx).map_err(Error::Precommit)?;
+				continue
+			}
+
+			// now we can count the vote since we know that it is valid
+			self.process_valid_vote(signed);
+			if let Some(route) = maybe_route {
+				chain.mark_route_as_visited(route);
+				cumulative_weight = cumulative_weight.saturating_add(authority_info.weight().get());
+			}
+		}
+
+		// check that the cumulative weight of validators that voted for the justification target
+		// (or one of its descendents) is larger than the required threshold.
+		if cumulative_weight < threshold {
+			return Err(Error::TooLowCumulativeWeight)
+		}
+
+		// check that there are no extra headers in the justification
+		if !chain.is_fully_visited() {
+			self.process_redundant_votes_ancestries(chain.unvisited)?;
+		}
+
+		Ok(())
+	}
+}
@@ -0,0 +1,127 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Logic for optimizing GRANDPA Finality Proofs.
+
+use crate::justification::{
+	verification::{Error, JustificationVerifier, PrecommitError},
+	GrandpaJustification,
+};
+
+use crate::justification::verification::{
+	IterationFlow, JustificationVerificationContext, SignedPrecommit,
+};
+use sp_consensus_grandpa::AuthorityId;
+use sp_runtime::traits::Header as HeaderT;
+use sp_std::{collections::btree_set::BTreeSet, prelude::*};
+
+// Verification callbacks for justification optimization.
+struct JustificationOptimizer<Header: HeaderT> {
+	votes: BTreeSet<AuthorityId>,
+
+	extra_precommits: Vec<usize>,
+	redundant_votes_ancestries: BTreeSet<Header::Hash>,
+}
+
+impl<Header: HeaderT> JustificationOptimizer<Header> {
+	fn optimize(self, justification: &mut GrandpaJustification<Header>) {
+		for invalid_precommit_idx in self.extra_precommits.into_iter().rev() {
+			justification.commit.precommits.remove(invalid_precommit_idx);
+		}
+		if !self.redundant_votes_ancestries.is_empty() {
+			justification
+				.votes_ancestries
+				.retain(|header| !self.redundant_votes_ancestries.contains(&header.hash()))
+		}
+	}
+}
+
+impl<Header: HeaderT> JustificationVerifier<Header> for JustificationOptimizer<Header> {
+	fn process_redundant_vote(
+		&mut self,
+		precommit_idx: usize,
+	) -> Result<IterationFlow, PrecommitError> {
+		self.extra_precommits.push(precommit_idx);
+		Ok(IterationFlow::Skip)
+	}
+
+	fn process_known_authority_vote(
+		&mut self,
+		precommit_idx: usize,
+		signed: &SignedPrecommit<Header>,
+	) -> Result<IterationFlow, PrecommitError> {
+		// Skip duplicate votes
+		if self.votes.contains(&signed.id) {
+			self.extra_precommits.push(precommit_idx);
+			return Ok(IterationFlow::Skip)
+		}
+
+		Ok(IterationFlow::Run)
+	}
+
+	fn process_unknown_authority_vote(
+		&mut self,
+		precommit_idx: usize,
+	) -> Result<(), PrecommitError> {
+		self.extra_precommits.push(precommit_idx);
+		Ok(())
+	}
+
+	fn process_unrelated_ancestry_vote(
+		&mut self,
+		precommit_idx: usize,
+	) -> Result<IterationFlow, PrecommitError> {
+		self.extra_precommits.push(precommit_idx);
+		Ok(IterationFlow::Skip)
+	}
+
+	fn process_invalid_signature_vote(
+		&mut self,
+		precommit_idx: usize,
+	) -> Result<(), PrecommitError> {
+		self.extra_precommits.push(precommit_idx);
+		Ok(())
+	}
+
+	fn process_valid_vote(&mut self, signed: &SignedPrecommit<Header>) {
+		self.votes.insert(signed.id.clone());
+	}
+
+	fn process_redundant_votes_ancestries(
+		&mut self,
+		redundant_votes_ancestries: BTreeSet<Header::Hash>,
+	) -> Result<(), Error> {
+		self.redundant_votes_ancestries = redundant_votes_ancestries;
+		Ok(())
+	}
+}
+
+/// Verify and optimize given justification by removing unknown and duplicate votes.
+pub fn verify_and_optimize_justification<Header: HeaderT>(
+	finalized_target: (Header::Hash, Header::Number),
+	context: &JustificationVerificationContext,
+	justification: &mut GrandpaJustification<Header>,
+) -> Result<(), Error> {
+	let mut optimizer = JustificationOptimizer {
+		votes: BTreeSet::new(),
+		extra_precommits: vec![],
+		redundant_votes_ancestries: Default::default(),
+	};
+	optimizer.verify_justification(finalized_target, context, justification)?;
+	optimizer.optimize(justification);
+
+	Ok(())
+}
@@ -0,0 +1,101 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Logic for checking if GRANDPA Finality Proofs are valid and optimal.
+
+use crate::justification::{
+	verification::{Error, JustificationVerifier, PrecommitError},
+	GrandpaJustification,
+};
+
+use crate::justification::verification::{
+	IterationFlow, JustificationVerificationContext, SignedPrecommit,
+};
+use sp_consensus_grandpa::AuthorityId;
+use sp_runtime::traits::Header as HeaderT;
+use sp_std::collections::btree_set::BTreeSet;
+
+/// Verification callbacks that reject all unknown, duplicate or redundant votes.
+struct StrictJustificationVerifier {
+	votes: BTreeSet<AuthorityId>,
+}
+
+impl<Header: HeaderT> JustificationVerifier<Header> for StrictJustificationVerifier {
+	fn process_redundant_vote(
+		&mut self,
+		_precommit_idx: usize,
+	) -> Result<IterationFlow, PrecommitError> {
+		Err(PrecommitError::RedundantAuthorityVote)
+	}
+
+	fn process_known_authority_vote(
+		&mut self,
+		_precommit_idx: usize,
+		signed: &SignedPrecommit<Header>,
+	) -> Result<IterationFlow, PrecommitError> {
+		if self.votes.contains(&signed.id) {
+			// There's a lot of code in `validate_commit` and `import_precommit` functions
+			// inside `finality-grandpa` crate (mostly related to reporting equivocations).
+			// But the only thing that we care about is that only first vote from the
+			// authority is accepted
+			return Err(PrecommitError::DuplicateAuthorityVote)
+		}
+
+		Ok(IterationFlow::Run)
+	}
+
+	fn process_unknown_authority_vote(
+		&mut self,
+		_precommit_idx: usize,
+	) -> Result<(), PrecommitError> {
+		Err(PrecommitError::UnknownAuthorityVote)
+	}
+
+	fn process_unrelated_ancestry_vote(
+		&mut self,
+		_precommit_idx: usize,
+	) -> Result<IterationFlow, PrecommitError> {
+		Err(PrecommitError::UnrelatedAncestryVote)
+	}
+
+	fn process_invalid_signature_vote(
+		&mut self,
+		_precommit_idx: usize,
+	) -> Result<(), PrecommitError> {
+		Err(PrecommitError::InvalidAuthoritySignature)
+	}
+
+	fn process_valid_vote(&mut self, signed: &SignedPrecommit<Header>) {
+		self.votes.insert(signed.id.clone());
+	}
+
+	fn process_redundant_votes_ancestries(
+		&mut self,
+		_redundant_votes_ancestries: BTreeSet<Header::Hash>,
+	) -> Result<(), Error> {
+		Err(Error::RedundantVotesAncestries)
+	}
+}
+
+/// Verify that justification, that is generated by given authority set, finalizes given header.
+pub fn verify_justification<Header: HeaderT>(
+	finalized_target: (Header::Hash, Header::Number),
+	context: &JustificationVerificationContext,
+	justification: &GrandpaJustification<Header>,
+) -> Result<(), Error> {
+	let mut verifier = StrictJustificationVerifier { votes: BTreeSet::new() };
+	verifier.verify_justification(finalized_target, context, justification)
+}
@@ -0,0 +1,301 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Defines traits which represent a common interface for Substrate pallets which want to
+//! incorporate bridge functionality.
+
+#![cfg_attr(not(feature = "std"), no_std)]
+
+use crate::justification::{
+	GrandpaJustification, JustificationVerificationContext, JustificationVerificationError,
+};
+use bp_runtime::{
+	BasicOperatingMode, Chain, HashOf, HasherOf, HeaderOf, RawStorageProof, StorageProofChecker,
+	StorageProofError, UnderlyingChainProvider,
+};
+use codec::{Codec, Decode, Encode, EncodeLike, MaxEncodedLen};
+use core::{clone::Clone, cmp::Eq, default::Default, fmt::Debug};
+use frame_support::PalletError;
+use scale_info::TypeInfo;
+use serde::{Deserialize, Serialize};
+use sp_consensus_grandpa::{AuthorityList, ConsensusLog, SetId, GRANDPA_ENGINE_ID};
+use sp_runtime::{traits::Header as HeaderT, Digest, RuntimeDebug};
+use sp_std::{boxed::Box, vec::Vec};
+
+pub mod justification;
+pub mod storage_keys;
+
+/// Header chain error.
+#[derive(Clone, Decode, Encode, Eq, PartialEq, PalletError, Debug, TypeInfo)]
+pub enum HeaderChainError {
+	/// Header with given hash is missing from the chain.
+	UnknownHeader,
+	/// Storage proof related error.
+	StorageProof(StorageProofError),
+}
+
+/// Header data that we're storing on-chain.
+///
+/// Even though we may store full header, our applications (XCM) only use couple of header
+/// fields. Extracting those values makes on-chain storage and PoV smaller, which is good.
+#[derive(Clone, Decode, Encode, Eq, MaxEncodedLen, PartialEq, RuntimeDebug, TypeInfo)]
+pub struct StoredHeaderData<Number, Hash> {
+	/// Header number.
+	pub number: Number,
+	/// Header state root.
+	pub state_root: Hash,
+}
+
+/// Stored header data builder.
+pub trait StoredHeaderDataBuilder<Number, Hash> {
+	/// Build header data from self.
+	fn build(&self) -> StoredHeaderData<Number, Hash>;
+}
+
+impl<H: HeaderT> StoredHeaderDataBuilder<H::Number, H::Hash> for H {
+	fn build(&self) -> StoredHeaderData<H::Number, H::Hash> {
+		StoredHeaderData { number: *self.number(), state_root: *self.state_root() }
+	}
+}
+
+/// Substrate header chain, abstracted from the way it is stored.
+pub trait HeaderChain<C: Chain> {
+	/// Returns state (storage) root of given finalized header.
+	fn finalized_header_state_root(header_hash: HashOf<C>) -> Option<HashOf<C>>;
+	/// Get storage proof checker using finalized header.
+	fn storage_proof_checker(
+		header_hash: HashOf<C>,
+		storage_proof: RawStorageProof,
+	) -> Result<StorageProofChecker<HasherOf<C>>, HeaderChainError> {
+		let state_root = Self::finalized_header_state_root(header_hash)
+			.ok_or(HeaderChainError::UnknownHeader)?;
+		StorageProofChecker::new(state_root, storage_proof).map_err(HeaderChainError::StorageProof)
+	}
+}
+
+/// A type that can be used as a parameter in a dispatchable function.
+///
+/// When using `decl_module` all arguments for call functions must implement this trait.
+pub trait Parameter: Codec + EncodeLike + Clone + Eq + Debug + TypeInfo {}
+impl<T> Parameter for T where T: Codec + EncodeLike + Clone + Eq + Debug + TypeInfo {}
+
+/// A GRANDPA Authority List and ID.
+#[derive(Default, Encode, Eq, Decode, RuntimeDebug, PartialEq, Clone, TypeInfo)]
+#[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
+pub struct AuthoritySet {
+	/// List of GRANDPA authorities for the current round.
+	pub authorities: AuthorityList,
+	/// Monotonic identifier of the current GRANDPA authority set.
+	pub set_id: SetId,
+}
+
+impl AuthoritySet {
+	/// Create a new GRANDPA Authority Set.
+	pub fn new(authorities: AuthorityList, set_id: SetId) -> Self {
+		Self { authorities, set_id }
+	}
+}
+
+/// Data required for initializing the GRANDPA bridge pallet.
+///
+/// The bridge needs to know where to start its sync from, and this provides that initial context.
+#[derive(
+	Default, Encode, Decode, RuntimeDebug, PartialEq, Eq, Clone, TypeInfo, Serialize, Deserialize,
+)]
+pub struct InitializationData<H: HeaderT> {
+	/// The header from which we should start syncing.
+	pub header: Box<H>,
+	/// The initial authorities of the pallet.
+	pub authority_list: AuthorityList,
+	/// The ID of the initial authority set.
+	pub set_id: SetId,
+	/// Pallet operating mode.
+	pub operating_mode: BasicOperatingMode,
+}
+
+/// Abstract finality proof that is justifying block finality.
+pub trait FinalityProof<Hash, Number>: Clone + Send + Sync + Debug {
+	/// Return hash of header that this proof is generated for.
+	fn target_header_hash(&self) -> Hash;
+
+	/// Return number of header that this proof is generated for.
+	fn target_header_number(&self) -> Number;
+}
+
+/// A trait that provides helper methods for querying the consensus log.
+pub trait ConsensusLogReader {
+	/// Returns true if digest contains item that schedules authorities set change.
+	fn schedules_authorities_change(digest: &Digest) -> bool;
+}
+
+/// A struct that provides helper methods for querying the GRANDPA consensus log.
+pub struct GrandpaConsensusLogReader<Number>(sp_std::marker::PhantomData<Number>);
+
+impl<Number: Codec> GrandpaConsensusLogReader<Number> {
+	pub fn find_scheduled_change(
+		digest: &Digest,
+	) -> Option<sp_consensus_grandpa::ScheduledChange<Number>> {
+		// find the first consensus digest with the right ID which converts to
+		// the right kind of consensus log.
+		digest
+			.convert_first(|log| log.consensus_try_to(&GRANDPA_ENGINE_ID))
+			.and_then(|log| match log {
+				ConsensusLog::ScheduledChange(change) => Some(change),
+				_ => None,
+			})
+	}
+
+	pub fn find_forced_change(
+		digest: &Digest,
+	) -> Option<(Number, sp_consensus_grandpa::ScheduledChange<Number>)> {
+		// find the first consensus digest with the right ID which converts to
+		// the right kind of consensus log.
+		digest
+			.convert_first(|log| log.consensus_try_to(&GRANDPA_ENGINE_ID))
+			.and_then(|log| match log {
+				ConsensusLog::ForcedChange(delay, change) => Some((delay, change)),
+				_ => None,
+			})
+	}
+}
+
+impl<Number: Codec> ConsensusLogReader for GrandpaConsensusLogReader<Number> {
+	fn schedules_authorities_change(digest: &Digest) -> bool {
+		GrandpaConsensusLogReader::<Number>::find_scheduled_change(digest).is_some()
+	}
+}
+
+/// The finality-related info associated to a header.
+#[derive(Encode, Decode, Debug, PartialEq, Clone, TypeInfo)]
+pub struct HeaderFinalityInfo<FinalityProof, FinalityVerificationContext> {
+	/// The header finality proof.
+	pub finality_proof: FinalityProof,
+	/// The new verification context introduced by the header.
+	pub new_verification_context: Option<FinalityVerificationContext>,
+}
+
+/// Grandpa-related info associated to a header. This info can be saved to events.
+pub type StoredHeaderGrandpaInfo<Header> =
+	HeaderFinalityInfo<GrandpaJustification<Header>, AuthoritySet>;
+
+/// Processed Grandpa-related info associated to a header.
+pub type HeaderGrandpaInfo<Header> =
+	HeaderFinalityInfo<GrandpaJustification<Header>, JustificationVerificationContext>;
+
+impl<Header: HeaderT> TryFrom<StoredHeaderGrandpaInfo<Header>> for HeaderGrandpaInfo<Header> {
+	type Error = JustificationVerificationError;
+
+	fn try_from(grandpa_info: StoredHeaderGrandpaInfo<Header>) -> Result<Self, Self::Error> {
+		Ok(Self {
+			finality_proof: grandpa_info.finality_proof,
+			new_verification_context: match grandpa_info.new_verification_context {
+				Some(authority_set) => Some(authority_set.try_into()?),
+				None => None,
+			},
+		})
+	}
+}
+
+/// Helper trait for finding equivocations in finality proofs.
+pub trait FindEquivocations<FinalityProof, FinalityVerificationContext, EquivocationProof> {
+	/// The type returned when encountering an error while looking for equivocations.
+	type Error: Debug;
+
+	/// Find equivocations.
+	fn find_equivocations(
+		verification_context: &FinalityVerificationContext,
+		synced_proof: &FinalityProof,
+		source_proofs: &[FinalityProof],
+	) -> Result<Vec<EquivocationProof>, Self::Error>;
+}
+
+/// A minimized version of `pallet-bridge-grandpa::Call` that can be used without a runtime.
+#[derive(Encode, Decode, Debug, PartialEq, Eq, Clone, TypeInfo)]
+#[allow(non_camel_case_types)]
+pub enum BridgeGrandpaCall<Header: HeaderT> {
+	/// `pallet-bridge-grandpa::Call::submit_finality_proof`
+	#[codec(index = 0)]
+	submit_finality_proof {
+		finality_target: Box<Header>,
+		justification: justification::GrandpaJustification<Header>,
+	},
+	/// `pallet-bridge-grandpa::Call::initialize`
+	#[codec(index = 1)]
+	initialize { init_data: InitializationData<Header> },
+}
+
+/// The `BridgeGrandpaCall` used by a chain.
+pub type BridgeGrandpaCallOf<C> = BridgeGrandpaCall<HeaderOf<C>>;
+
+/// Substrate-based chain that is using direct GRANDPA finality.
+///
+/// Keep in mind that parachains are relying on relay chain GRANDPA, so they should not implement
+/// this trait.
+pub trait ChainWithGrandpa: Chain {
+	/// Name of the bridge GRANDPA pallet (used in `construct_runtime` macro call) that is deployed
+	/// at some other chain to bridge with this `ChainWithGrandpa`.
+	///
+	/// We assume that all chains that are bridging with this `ChainWithGrandpa` are using
+	/// the same name.
+	const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str;
+
+	/// Max number of GRANDPA authorities at the chain.
+	///
+	/// This is a strict constant. If bridged chain will have more authorities than that,
+	/// the GRANDPA bridge pallet may halt.
+	const MAX_AUTHORITIES_COUNT: u32;
+
+	/// Max reasonable number of headers in `votes_ancestries` vector of the GRANDPA justification.
+	///
+	/// This isn't a strict limit. The relay may submit justifications with more headers in its
+	/// ancestry and the pallet will accept such justification. The limit is only used to compute
+	/// maximal refund amount and submitting justifications which exceed the limit, may be costly
+	/// to submitter.
+	const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32;
+
+	/// Maximal size of the chain header. The header may be the header that enacts new GRANDPA
+	/// authorities set (so it has large digest inside).
+	///
+	/// This isn't a strict limit. The relay may submit larger headers and the pallet will accept
+	/// the call. The limit is only used to compute maximal refund amount and doing calls which
+	/// exceed the limit, may be costly to submitter.
+	const MAX_HEADER_SIZE: u32;
+
+	/// Average size of the chain header from justification ancestry. We don't expect to see there
+	/// headers that change GRANDPA authorities set (GRANDPA will probably be able to finalize at
+	/// least one additional header per session on non test chains), so this is average size of
+	/// headers that aren't changing the set.
+	///
+	/// This isn't a strict limit. The relay may submit justifications with larger headers in its
+	/// ancestry and the pallet will accept the call. The limit is only used to compute maximal
+	/// refund amount and doing calls which exceed the limit, may be costly to submitter.
+	const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32;
+}
+
+impl<T> ChainWithGrandpa for T
+where
+	T: Chain + UnderlyingChainProvider,
+	T::Chain: ChainWithGrandpa,
+{
+	const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str =
+		<T::Chain as ChainWithGrandpa>::WITH_CHAIN_GRANDPA_PALLET_NAME;
+	const MAX_AUTHORITIES_COUNT: u32 = <T::Chain as ChainWithGrandpa>::MAX_AUTHORITIES_COUNT;
+	const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 =
+		<T::Chain as ChainWithGrandpa>::REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY;
+	const MAX_HEADER_SIZE: u32 = <T::Chain as ChainWithGrandpa>::MAX_HEADER_SIZE;
+	const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 =
+		<T::Chain as ChainWithGrandpa>::AVERAGE_HEADER_SIZE_IN_JUSTIFICATION;
+}
@@ -0,0 +1,104 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Storage keys of bridge GRANDPA pallet.
+
+/// Name of the `IsHalted` storage value.
+pub const PALLET_OPERATING_MODE_VALUE_NAME: &str = "PalletOperatingMode";
+/// Name of the `BestFinalized` storage value.
+pub const BEST_FINALIZED_VALUE_NAME: &str = "BestFinalized";
+/// Name of the `CurrentAuthoritySet` storage value.
+pub const CURRENT_AUTHORITY_SET_VALUE_NAME: &str = "CurrentAuthoritySet";
+
+use sp_core::storage::StorageKey;
+
+/// Storage key of the `PalletOperatingMode` variable in the runtime storage.
+pub fn pallet_operating_mode_key(pallet_prefix: &str) -> StorageKey {
+	StorageKey(
+		bp_runtime::storage_value_final_key(
+			pallet_prefix.as_bytes(),
+			PALLET_OPERATING_MODE_VALUE_NAME.as_bytes(),
+		)
+		.to_vec(),
+	)
+}
+
+/// Storage key of the `CurrentAuthoritySet` variable in the runtime storage.
+pub fn current_authority_set_key(pallet_prefix: &str) -> StorageKey {
+	StorageKey(
+		bp_runtime::storage_value_final_key(
+			pallet_prefix.as_bytes(),
+			CURRENT_AUTHORITY_SET_VALUE_NAME.as_bytes(),
+		)
+		.to_vec(),
+	)
+}
+
+/// Storage key of the best finalized header number and hash value in the runtime storage.
+pub fn best_finalized_key(pallet_prefix: &str) -> StorageKey {
+	StorageKey(
+		bp_runtime::storage_value_final_key(
+			pallet_prefix.as_bytes(),
+			BEST_FINALIZED_VALUE_NAME.as_bytes(),
+		)
+		.to_vec(),
+	)
+}
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+	use hex_literal::hex;
+
+	#[test]
+	fn pallet_operating_mode_key_computed_properly() {
+		// If this test fails, then something has been changed in module storage that is breaking
+		// compatibility with previous pallet.
+		let storage_key = pallet_operating_mode_key("BridgeGrandpa").0;
+		assert_eq!(
+			storage_key,
+			hex!("0b06f475eddb98cf933a12262e0388de0f4cf0917788d791142ff6c1f216e7b3").to_vec(),
+			"Unexpected storage key: {}",
+			hex::encode(&storage_key),
+		);
+	}
+
+	#[test]
+	fn current_authority_set_key_computed_properly() {
+		// If this test fails, then something has been changed in module storage that is breaking
+		// compatibility with previous pallet.
+		let storage_key = current_authority_set_key("BridgeGrandpa").0;
+		assert_eq!(
+			storage_key,
+			hex!("0b06f475eddb98cf933a12262e0388de24a7b8b5717ea33346fa595a66ccbcb0").to_vec(),
+			"Unexpected storage key: {}",
+			hex::encode(&storage_key),
+		);
+	}
+
+	#[test]
+	fn best_finalized_key_computed_properly() {
+		// If this test fails, then something has been changed in module storage that is breaking
+		// compatibility with previous pallet.
+		let storage_key = best_finalized_key("BridgeGrandpa").0;
+		assert_eq!(
+			storage_key,
+			hex!("0b06f475eddb98cf933a12262e0388dea4ebafdd473c549fdb24c5c991c5591c").to_vec(),
+			"Unexpected storage key: {}",
+			hex::encode(&storage_key),
+		);
+	}
+}
@@ -0,0 +1,411 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Tests inside this module are made to ensure that our custom justification verification
+//! implementation works similar to the [`finality_grandpa::validate_commit`] and explicitly
+//! show where we behave different.
+//!
+//! Some of tests in this module may partially duplicate tests from `justification.rs`,
+//! but their purpose is different.
+
+use bp_header_chain::justification::{
+	verify_justification, GrandpaJustification, JustificationVerificationContext,
+	JustificationVerificationError, PrecommitError,
+};
+use bp_test_utils::{
+	header_id, make_justification_for_header, signed_precommit, test_header, Account,
+	JustificationGeneratorParams, ALICE, BOB, CHARLIE, DAVE, EVE, FERDIE, TEST_GRANDPA_SET_ID,
+};
+use finality_grandpa::voter_set::VoterSet;
+use sp_consensus_grandpa::{AuthorityId, AuthorityWeight, SetId};
+use sp_runtime::traits::Header as HeaderT;
+
+type TestHeader = sp_runtime::testing::Header;
+type TestHash = <TestHeader as HeaderT>::Hash;
+type TestNumber = <TestHeader as HeaderT>::Number;
+
+/// Implementation of `finality_grandpa::Chain` that is used in tests.
+struct AncestryChain(bp_header_chain::justification::AncestryChain<TestHeader>);
+
+impl AncestryChain {
+	fn new(justification: &GrandpaJustification<TestHeader>) -> Self {
+		Self(bp_header_chain::justification::AncestryChain::new(justification))
+	}
+}
+
+impl finality_grandpa::Chain<TestHash, TestNumber> for AncestryChain {
+	fn ancestry(
+		&self,
+		base: TestHash,
+		block: TestHash,
+	) -> Result<Vec<TestHash>, finality_grandpa::Error> {
+		let mut route = Vec::new();
+		let mut current_hash = block;
+		loop {
+			if current_hash == base {
+				break
+			}
+			match self.0.parents.get(&current_hash) {
+				Some(parent_hash) => {
+					current_hash = *parent_hash;
+					route.push(current_hash);
+				},
+				_ => return Err(finality_grandpa::Error::NotDescendent),
+			}
+		}
+		route.pop(); // remove the base
+
+		Ok(route)
+	}
+}
+
+/// Get a full set of accounts.
+fn full_accounts_set() -> Vec<(Account, AuthorityWeight)> {
+	vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1), (DAVE, 1), (EVE, 1)]
+}
+
+/// Get a full set of GRANDPA authorities.
+fn full_voter_set() -> VoterSet<AuthorityId> {
+	VoterSet::new(full_accounts_set().iter().map(|(id, w)| (AuthorityId::from(*id), *w))).unwrap()
+}
+
+pub fn full_verification_context(set_id: SetId) -> JustificationVerificationContext {
+	let voter_set = full_voter_set();
+	JustificationVerificationContext { voter_set, authority_set_id: set_id }
+}
+
+/// Get a minimal set of accounts.
+fn minimal_accounts_set() -> Vec<(Account, AuthorityWeight)> {
+	// there are 5 accounts in the full set => we need 2/3 + 1 accounts, which results in 4 accounts
+	vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1), (DAVE, 1)]
+}
+
+/// Make a valid GRANDPA justification with sensible defaults.
+pub fn make_default_justification(header: &TestHeader) -> GrandpaJustification<TestHeader> {
+	make_justification_for_header(JustificationGeneratorParams {
+		header: header.clone(),
+		authorities: minimal_accounts_set(),
+		..Default::default()
+	})
+}
+
+// the `finality_grandpa::validate_commit` function has two ways to report an unsuccessful
+// commit validation:
+//
+// 1) to return `Err()` (which only may happen if `finality_grandpa::Chain` implementation returns
+//    an error);
+// 2) to return `Ok(validation_result)` if `validation_result.is_valid()` is false.
+//
+// Our implementation would just return error in both cases.
+
+#[test]
+fn same_result_when_precommit_target_has_lower_number_than_commit_target() {
+	let mut justification = make_default_justification(&test_header(1));
+	// the number of header in precommit (0) is lower than number of header in commit (1)
+	justification.commit.precommits[0].precommit.target_number = 0;
+
+	// our implementation returns an error
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&full_verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::Precommit(PrecommitError::UnrelatedAncestryVote)),
+	);
+
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == false`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification),
+	)
+	.unwrap();
+
+	assert!(!result.is_valid());
+}
+
+#[test]
+fn same_result_when_precommit_target_is_not_descendant_of_commit_target() {
+	let not_descendant = test_header::<TestHeader>(10);
+	let mut justification = make_default_justification(&test_header(1));
+	// the route from header of commit (1) to header of precommit (10) is missing from
+	// the votes ancestries
+	justification.commit.precommits[0].precommit.target_number = *not_descendant.number();
+	justification.commit.precommits[0].precommit.target_hash = not_descendant.hash();
+	justification.votes_ancestries.push(not_descendant);
+
+	// our implementation returns an error
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&full_verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::Precommit(PrecommitError::UnrelatedAncestryVote)),
+	);
+
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == false`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification),
+	)
+	.unwrap();
+
+	assert!(!result.is_valid());
+}
+
+#[test]
+fn same_result_when_there_are_not_enough_cumulative_weight_to_finalize_commit_target() {
+	// just remove one authority from the minimal set and we shall not reach the threshold
+	let mut authorities_set = minimal_accounts_set();
+	authorities_set.pop();
+	let justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: authorities_set,
+		..Default::default()
+	});
+
+	// our implementation returns an error
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&full_verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::TooLowCumulativeWeight),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == false`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification),
+	)
+	.unwrap();
+
+	assert!(!result.is_valid());
+}
+
+// tests below are our differences with the original implementation
+
+#[test]
+fn different_result_when_justification_contains_duplicate_vote() {
+	let mut justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: minimal_accounts_set(),
+		ancestors: 0,
+		..Default::default()
+	});
+	// the justification may contain exactly the same vote (i.e. same precommit and same signature)
+	// multiple times && it isn't treated as an error by original implementation
+	let last_precommit = justification.commit.precommits.pop().unwrap();
+	justification.commit.precommits.push(justification.commit.precommits[0].clone());
+	justification.commit.precommits.push(last_precommit);
+
+	// our implementation fails
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&full_verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::Precommit(PrecommitError::DuplicateAuthorityVote)),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == true`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification),
+	)
+	.unwrap();
+
+	assert!(result.is_valid());
+}
+
+#[test]
+fn different_results_when_authority_equivocates_once_in_a_round() {
+	let mut justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: minimal_accounts_set(),
+		ancestors: 0,
+		..Default::default()
+	});
+	// the justification original implementation allows authority to submit two different
+	// votes in a single round, of which only first is 'accepted'
+	let last_precommit = justification.commit.precommits.pop().unwrap();
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&ALICE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+	justification.commit.precommits.push(last_precommit);
+
+	// our implementation fails
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&full_verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::Precommit(PrecommitError::DuplicateAuthorityVote)),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == true`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification),
+	)
+	.unwrap();
+
+	assert!(result.is_valid());
+}
+
+#[test]
+fn different_results_when_authority_equivocates_twice_in_a_round() {
+	let mut justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: minimal_accounts_set(),
+		ancestors: 0,
+		..Default::default()
+	});
+	// there's some code in the original implementation that should return an error when
+	// same authority submits more than two different votes in a single round:
+	// https://github.com/paritytech/finality-grandpa/blob/6aeea2d1159d0f418f0b86e70739f2130629ca09/src/lib.rs#L473
+	// but there's also a code that prevents this from happening:
+	// https://github.com/paritytech/finality-grandpa/blob/6aeea2d1159d0f418f0b86e70739f2130629ca09/src/round.rs#L287
+	// => so now we are also just ignoring all votes from the same authority, except the first one
+	let last_precommit = justification.commit.precommits.pop().unwrap();
+	let prev_last_precommit = justification.commit.precommits.pop().unwrap();
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&ALICE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&ALICE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+	justification.commit.precommits.push(last_precommit);
+	justification.commit.precommits.push(prev_last_precommit);
+
+	// our implementation fails
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&full_verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::Precommit(PrecommitError::DuplicateAuthorityVote)),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == true`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification),
+	)
+	.unwrap();
+
+	assert!(result.is_valid());
+}
+
+#[test]
+fn different_results_when_there_are_more_than_enough_votes() {
+	let mut justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: minimal_accounts_set(),
+		ancestors: 0,
+		..Default::default()
+	});
+	// the reference implementation just keep verifying signatures even if we have
+	// collected enough votes. We are not
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&EVE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+
+	// our implementation fails
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&full_verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::Precommit(PrecommitError::RedundantAuthorityVote)),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == true`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification),
+	)
+	.unwrap();
+
+	assert!(result.is_valid());
+}
+
+#[test]
+fn different_results_when_there_is_a_vote_of_unknown_authority() {
+	let mut justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: minimal_accounts_set(),
+		ancestors: 0,
+		..Default::default()
+	});
+	// the reference implementation just keep verifying signatures even if we have
+	// collected enough votes. We are not
+	let last_precommit = justification.commit.precommits.pop().unwrap();
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&FERDIE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+	justification.commit.precommits.push(last_precommit);
+
+	// our implementation fails
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&full_verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::Precommit(PrecommitError::UnknownAuthorityVote)),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == true`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification),
+	)
+	.unwrap();
+
+	assert!(result.is_valid());
+}
@@ -0,0 +1,124 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Tests for Grandpa equivocations collector code.
+
+use bp_header_chain::justification::EquivocationsCollector;
+use bp_test_utils::*;
+use finality_grandpa::Precommit;
+use sp_consensus_grandpa::EquivocationProof;
+
+type TestHeader = sp_runtime::testing::Header;
+
+#[test]
+fn duplicate_votes_are_not_considered_equivocations() {
+	let verification_context = verification_context(TEST_GRANDPA_SET_ID);
+	let base_justification = make_default_justification::<TestHeader>(&test_header(1));
+
+	let mut collector =
+		EquivocationsCollector::new(&verification_context, &base_justification).unwrap();
+	collector.parse_justifications(&[base_justification.clone()]);
+
+	assert_eq!(collector.into_equivocation_proofs().len(), 0);
+}
+
+#[test]
+fn equivocations_are_detected_in_base_justification_redundant_votes() {
+	let mut base_justification = make_default_justification::<TestHeader>(&test_header(1));
+
+	let first_vote = base_justification.commit.precommits[0].clone();
+	let equivocation = signed_precommit::<TestHeader>(
+		&ALICE,
+		header_id::<TestHeader>(1),
+		base_justification.round,
+		TEST_GRANDPA_SET_ID,
+	);
+	base_justification.commit.precommits.push(equivocation.clone());
+
+	let verification_context = verification_context(TEST_GRANDPA_SET_ID);
+	let collector =
+		EquivocationsCollector::new(&verification_context, &base_justification).unwrap();
+
+	assert_eq!(
+		collector.into_equivocation_proofs(),
+		vec![EquivocationProof::new(
+			1,
+			sp_consensus_grandpa::Equivocation::Precommit(finality_grandpa::Equivocation {
+				round_number: 1,
+				identity: ALICE.into(),
+				first: (
+					Precommit {
+						target_hash: first_vote.precommit.target_hash,
+						target_number: first_vote.precommit.target_number
+					},
+					first_vote.signature
+				),
+				second: (
+					Precommit {
+						target_hash: equivocation.precommit.target_hash,
+						target_number: equivocation.precommit.target_number
+					},
+					equivocation.signature
+				)
+			})
+		)]
+	);
+}
+
+#[test]
+fn equivocations_are_detected_in_extra_justification_redundant_votes() {
+	let base_justification = make_default_justification::<TestHeader>(&test_header(1));
+	let first_vote = base_justification.commit.precommits[0].clone();
+
+	let mut extra_justification = base_justification.clone();
+	let equivocation = signed_precommit::<TestHeader>(
+		&ALICE,
+		header_id::<TestHeader>(1),
+		base_justification.round,
+		TEST_GRANDPA_SET_ID,
+	);
+	extra_justification.commit.precommits.push(equivocation.clone());
+
+	let verification_context = verification_context(TEST_GRANDPA_SET_ID);
+	let mut collector =
+		EquivocationsCollector::new(&verification_context, &base_justification).unwrap();
+	collector.parse_justifications(&[extra_justification]);
+
+	assert_eq!(
+		collector.into_equivocation_proofs(),
+		vec![EquivocationProof::new(
+			1,
+			sp_consensus_grandpa::Equivocation::Precommit(finality_grandpa::Equivocation {
+				round_number: 1,
+				identity: ALICE.into(),
+				first: (
+					Precommit {
+						target_hash: first_vote.precommit.target_hash,
+						target_number: first_vote.precommit.target_number
+					},
+					first_vote.signature
+				),
+				second: (
+					Precommit {
+						target_hash: equivocation.precommit.target_hash,
+						target_number: equivocation.precommit.target_number
+					},
+					equivocation.signature
+				)
+			})
+		)]
+	);
+}
@@ -0,0 +1,176 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Tests for Grandpa Justification optimizer code.
+
+use bp_header_chain::justification::verify_and_optimize_justification;
+use bp_test_utils::*;
+use finality_grandpa::SignedPrecommit;
+use sp_consensus_grandpa::AuthoritySignature;
+
+type TestHeader = sp_runtime::testing::Header;
+
+#[test]
+fn optimizer_does_noting_with_minimal_justification() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+
+	let num_precommits_before = justification.commit.precommits.len();
+	verify_and_optimize_justification::<TestHeader>(
+		header_id::<TestHeader>(1),
+		&verification_context(TEST_GRANDPA_SET_ID),
+		&mut justification,
+	)
+	.unwrap();
+	let num_precommits_after = justification.commit.precommits.len();
+
+	assert_eq!(num_precommits_before, num_precommits_after);
+}
+
+#[test]
+fn unknown_authority_votes_are_removed_by_optimizer() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&bp_test_utils::Account(42),
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+
+	let num_precommits_before = justification.commit.precommits.len();
+	verify_and_optimize_justification::<TestHeader>(
+		header_id::<TestHeader>(1),
+		&verification_context(TEST_GRANDPA_SET_ID),
+		&mut justification,
+	)
+	.unwrap();
+	let num_precommits_after = justification.commit.precommits.len();
+
+	assert_eq!(num_precommits_before - 1, num_precommits_after);
+}
+
+#[test]
+fn duplicate_authority_votes_are_removed_by_optimizer() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification
+		.commit
+		.precommits
+		.push(justification.commit.precommits.first().cloned().unwrap());
+
+	let num_precommits_before = justification.commit.precommits.len();
+	verify_and_optimize_justification::<TestHeader>(
+		header_id::<TestHeader>(1),
+		&verification_context(TEST_GRANDPA_SET_ID),
+		&mut justification,
+	)
+	.unwrap();
+	let num_precommits_after = justification.commit.precommits.len();
+
+	assert_eq!(num_precommits_before - 1, num_precommits_after);
+}
+
+#[test]
+fn invalid_authority_signatures_are_removed_by_optimizer() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+
+	let target = header_id::<TestHeader>(1);
+	let invalid_raw_signature: Vec<u8> = ALICE.sign(b"").to_bytes().into();
+	justification.commit.precommits.insert(
+		0,
+		SignedPrecommit {
+			precommit: finality_grandpa::Precommit {
+				target_hash: target.0,
+				target_number: target.1,
+			},
+			signature: AuthoritySignature::try_from(invalid_raw_signature).unwrap(),
+			id: ALICE.into(),
+		},
+	);
+
+	let num_precommits_before = justification.commit.precommits.len();
+	verify_and_optimize_justification::<TestHeader>(
+		header_id::<TestHeader>(1),
+		&verification_context(TEST_GRANDPA_SET_ID),
+		&mut justification,
+	)
+	.unwrap();
+	let num_precommits_after = justification.commit.precommits.len();
+
+	assert_eq!(num_precommits_before - 1, num_precommits_after);
+}
+
+#[test]
+fn redundant_authority_votes_are_removed_by_optimizer() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&EVE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+
+	let num_precommits_before = justification.commit.precommits.len();
+	verify_and_optimize_justification::<TestHeader>(
+		header_id::<TestHeader>(1),
+		&verification_context(TEST_GRANDPA_SET_ID),
+		&mut justification,
+	)
+	.unwrap();
+	let num_precommits_after = justification.commit.precommits.len();
+
+	assert_eq!(num_precommits_before - 1, num_precommits_after);
+}
+
+#[test]
+fn unrelated_ancestry_votes_are_removed_by_optimizer() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(2));
+	justification.commit.precommits.insert(
+		0,
+		signed_precommit::<TestHeader>(
+			&ALICE,
+			header_id::<TestHeader>(1),
+			justification.round,
+			TEST_GRANDPA_SET_ID,
+		),
+	);
+
+	let num_precommits_before = justification.commit.precommits.len();
+	verify_and_optimize_justification::<TestHeader>(
+		header_id::<TestHeader>(2),
+		&verification_context(TEST_GRANDPA_SET_ID),
+		&mut justification,
+	)
+	.unwrap();
+	let num_precommits_after = justification.commit.precommits.len();
+
+	assert_eq!(num_precommits_before - 1, num_precommits_after);
+}
+
+#[test]
+fn redundant_votes_ancestries_are_removed_by_optimizer() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.votes_ancestries.push(test_header(100));
+
+	let num_votes_ancestries_before = justification.votes_ancestries.len();
+	verify_and_optimize_justification::<TestHeader>(
+		header_id::<TestHeader>(1),
+		&verification_context(TEST_GRANDPA_SET_ID),
+		&mut justification,
+	)
+	.unwrap();
+	let num_votes_ancestries_after = justification.votes_ancestries.len();
+
+	assert_eq!(num_votes_ancestries_before - 1, num_votes_ancestries_after);
+}
@@ -0,0 +1,188 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Tests for Grandpa strict justification verifier code.
+
+use bp_header_chain::justification::{
+	required_justification_precommits, verify_justification, JustificationVerificationContext,
+	JustificationVerificationError, PrecommitError,
+};
+use bp_test_utils::*;
+
+type TestHeader = sp_runtime::testing::Header;
+
+#[test]
+fn valid_justification_accepted() {
+	let authorities = vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1)];
+	let params = JustificationGeneratorParams {
+		header: test_header(1),
+		round: TEST_GRANDPA_ROUND,
+		set_id: TEST_GRANDPA_SET_ID,
+		authorities: authorities.clone(),
+		ancestors: 7,
+		forks: 3,
+	};
+
+	let justification = make_justification_for_header::<TestHeader>(params.clone());
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Ok(()),
+	);
+
+	assert_eq!(justification.commit.precommits.len(), authorities.len());
+	assert_eq!(justification.votes_ancestries.len(), params.ancestors as usize);
+}
+
+#[test]
+fn valid_justification_accepted_with_single_fork() {
+	let params = JustificationGeneratorParams {
+		header: test_header(1),
+		round: TEST_GRANDPA_ROUND,
+		set_id: TEST_GRANDPA_SET_ID,
+		authorities: vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1)],
+		ancestors: 5,
+		forks: 1,
+	};
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&verification_context(TEST_GRANDPA_SET_ID),
+			&make_justification_for_header::<TestHeader>(params)
+		),
+		Ok(()),
+	);
+}
+
+#[test]
+fn valid_justification_accepted_with_arbitrary_number_of_authorities() {
+	use finality_grandpa::voter_set::VoterSet;
+	use sp_consensus_grandpa::AuthorityId;
+
+	let n = 15;
+	let required_signatures = required_justification_precommits(n as _);
+	let authorities = accounts(n).iter().map(|k| (*k, 1)).collect::<Vec<_>>();
+
+	let params = JustificationGeneratorParams {
+		header: test_header(1),
+		round: TEST_GRANDPA_ROUND,
+		set_id: TEST_GRANDPA_SET_ID,
+		authorities: authorities.clone().into_iter().take(required_signatures as _).collect(),
+		ancestors: n.into(),
+		forks: required_signatures,
+	};
+
+	let authorities = authorities
+		.iter()
+		.map(|(id, w)| (AuthorityId::from(*id), *w))
+		.collect::<Vec<(AuthorityId, _)>>();
+	let voter_set = VoterSet::new(authorities).unwrap();
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&JustificationVerificationContext { voter_set, authority_set_id: TEST_GRANDPA_SET_ID },
+			&make_justification_for_header::<TestHeader>(params)
+		),
+		Ok(()),
+	);
+}
+
+#[test]
+fn justification_with_invalid_target_rejected() {
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(2),
+			&verification_context(TEST_GRANDPA_SET_ID),
+			&make_default_justification::<TestHeader>(&test_header(1)),
+		),
+		Err(JustificationVerificationError::InvalidJustificationTarget),
+	);
+}
+
+#[test]
+fn justification_with_invalid_commit_rejected() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.commit.precommits.clear();
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::TooLowCumulativeWeight),
+	);
+}
+
+#[test]
+fn justification_with_invalid_authority_signature_rejected() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.commit.precommits[0].signature =
+		sp_core::crypto::UncheckedFrom::unchecked_from([1u8; 64]);
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::Precommit(PrecommitError::InvalidAuthoritySignature)),
+	);
+}
+
+#[test]
+fn justification_with_invalid_precommit_ancestry() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.votes_ancestries.push(test_header(10));
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&verification_context(TEST_GRANDPA_SET_ID),
+			&justification,
+		),
+		Err(JustificationVerificationError::RedundantVotesAncestries),
+	);
+}
+
+#[test]
+fn justification_is_invalid_if_we_dont_meet_threshold() {
+	// Need at least three authorities to sign off or else the voter set threshold can't be reached
+	let authorities = vec![(ALICE, 1), (BOB, 1)];
+
+	let params = JustificationGeneratorParams {
+		header: test_header(1),
+		round: TEST_GRANDPA_ROUND,
+		set_id: TEST_GRANDPA_SET_ID,
+		authorities: authorities.clone(),
+		ancestors: 2 * authorities.len() as u32,
+		forks: 2,
+	};
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			&verification_context(TEST_GRANDPA_SET_ID),
+			&make_justification_for_header::<TestHeader>(params)
+		),
+		Err(JustificationVerificationError::TooLowCumulativeWeight),
+	);
+}
@@ -0,0 +1,23 @@
+// Copyright (C) Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+mod justification {
+	mod equivocation;
+	mod optimizer;
+	mod strict;
+}
+
+mod implementation_match;