Malus: improvements in dispute ancestor and suggest garbage candidate implementation (#5011)

* Implement fake validation results Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * refactor Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * cargo lock Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * spell check Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * spellcheck Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * typos Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Review feedback Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * move stuff around Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * chores Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Impl valid - still wip Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * fixes Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * fmt Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Pull Ladi's implementation: https://github.com/paritytech/polkadot/pull/4711 Co-authored-by: Lldenaurois <Ljdenaurois@gmail.com> Co-authored-by: Andrei Sandu <andrei-mihail@parity.io> Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Fix build Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Logs and comments Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * WIP: suggest garbage candidate + implement validation result caching Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * fix Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Do commitment hash checks in candidate validation Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Minor refactor in approval, backing, dispute-coord Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Working version of suggest garbage candidate Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Dedup Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * cleanup #1 Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Fix tests Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * remove debug leftovers Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * fmt Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Accidentally commited some local test Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * spellcheck Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * some more fixes Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Refactor and fix it Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * review feedback Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * typo Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * tests review feedback Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * refactor disputer Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * fix tests Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Fix zombienet disputes test Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * spellcheck Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * fix Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * Fix ui tests Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> * fix typo Signed-off-by: Andrei Sandu <andrei-mihail@parity.io> Co-authored-by: Lldenaurois <Ljdenaurois@gmail.com>
2026-05-31 18:01:03 +00:00 · 2022-04-13 16:45:39 +03:00
parent a46237cebb
commit cddd5749d3
23 changed files with 921 additions and 529 deletions
@@ -14,11 +14,11 @@
 // You should have received a copy of the GNU General Public License
 // along with Polkadot.  If not, see <http://www.gnu.org/licenses/>.

-//! A malicious overseer proposing a garbage block.
+//! A malicious node that stores bogus availability chunks, preventing others from
+//! doing approval voting. This should lead to disputes depending if the validator
+//! has fetched a malicious chunk.
 //!
-//! Supposed to be used with regular nodes or in conjunction
-//! with [`malus-back-garbage-candidate.rs`](./malus-back-garbage-candidate.rs)
-//! to simulate a coordinated attack.
+//! Attention: For usage with `zombienet` only!

 #![allow(missing_docs)]

@@ -30,73 +30,220 @@ use polkadot_cli::{
 		ProvideRuntimeApi, SpawnNamed,
 	},
 };
+use polkadot_node_core_candidate_validation::find_validation_data;
+use polkadot_node_primitives::{AvailableData, BlockData, PoV};
+use polkadot_primitives::v2::{CandidateDescriptor, CandidateHash};
+
+use polkadot_node_subsystem_util::request_validators;
+
+// Filter wrapping related types.
+use crate::{
+	interceptor::*,
+	shared::{MALICIOUS_POV, MALUS},
+	variants::{
+		create_fake_candidate_commitments, FakeCandidateValidation, FakeCandidateValidationError,
+		ReplaceValidationResult,
+	},
+};

 // Import extra types relevant to the particular
 // subsystem.
-use polkadot_node_core_backing::CandidateBackingSubsystem;
-use polkadot_node_primitives::Statement;
-use polkadot_node_subsystem::{
-	messages::{CandidateBackingMessage, StatementDistributionMessage},
-	overseer::{self, SubsystemSender},
+use polkadot_node_subsystem::messages::{CandidateBackingMessage, CollatorProtocolMessage};
+use polkadot_primitives::v2::CandidateReceipt;
+
+use std::{
+	collections::HashMap,
+	sync::{Arc, Mutex},
 };
-use polkadot_node_subsystem_util as util;
-// Filter wrapping related types.
-use crate::interceptor::*;
-use polkadot_primitives::v2::{
-	CandidateCommitments, CandidateReceipt, CommittedCandidateReceipt, CompactStatement, Hash,
-	Signed,
-};
-use sp_keystore::SyncCryptoStorePtr;
-use util::metered;

-use std::sync::Arc;
-
-use crate::shared::*;
-
-/// Replaces the seconded PoV data
-/// of outgoing messages by some garbage data.
-#[derive(Clone)]
-struct ReplacePoVBytes<Sender>
-where
-	Sender: Send,
-{
-	queue: metered::UnboundedMeteredSender<(Sender, Hash, CandidateReceipt)>,
+struct Inner {
+	/// Maps malicious candidate hash to original candidate hash.
+	/// It is used to replace outgoing collator protocol seconded messages.
+	map: HashMap<CandidateHash, CandidateHash>,
 }

-impl<Sender> MessageInterceptor<Sender> for ReplacePoVBytes<Sender>
+/// Replace outgoing approval messages with disputes.
+#[derive(Clone)]
+struct NoteCandidate<Spawner> {
+	inner: Arc<Mutex<Inner>>,
+	spawner: Spawner,
+}
+
+impl<Sender, Spawner> MessageInterceptor<Sender> for NoteCandidate<Spawner>
 where
-	Sender: overseer::SubsystemSender<CandidateBackingMessage> + Clone + Send + 'static,
+	Sender: overseer::SubsystemSender<AllMessages>
+		+ overseer::SubsystemSender<CandidateBackingMessage>
+		+ Clone
+		+ Send
+		+ 'static,
+	Spawner: SpawnNamed + Clone + 'static,
 {
 	type Message = CandidateBackingMessage;

+	/// Intercept incoming `Second` requests from the `collator-protocol` subsystem. We take
 	fn intercept_incoming(
 		&self,
-		sender: &mut Sender,
+		subsystem_sender: &mut Sender,
 		msg: FromOverseer<Self::Message>,
 	) -> Option<FromOverseer<Self::Message>> {
 		match msg {
 			FromOverseer::Communication {
-				msg: CandidateBackingMessage::Second(hash, candidate_receipt, _pov),
+				msg: CandidateBackingMessage::Second(relay_parent, candidate, _pov),
 			} => {
-				self.queue
-					.unbounded_send((sender.clone(), hash, candidate_receipt.clone()))
-					.unwrap();
+				gum::debug!(
+					target: MALUS,
+					candidate_hash = ?candidate.hash(),
+					?relay_parent,
+					"Received request to second candidate"
+				);

-				None
+				let pov = PoV { block_data: BlockData(MALICIOUS_POV.into()) };
+
+				let (sender, receiver) = std::sync::mpsc::channel();
+				let mut new_sender = subsystem_sender.clone();
+				let _candidate = candidate.clone();
+				self.spawner.spawn_blocking(
+					"malus-get-validation-data",
+					Some("malus"),
+					Box::pin(async move {
+						gum::trace!(target: MALUS, "Requesting validators");
+						let n_validators = request_validators(relay_parent, &mut new_sender)
+							.await
+							.await
+							.unwrap()
+							.unwrap()
+							.len();
+						gum::trace!(target: MALUS, "Validators {}", n_validators);
+						match find_validation_data(&mut new_sender, &_candidate.descriptor()).await
+						{
+							Ok(Some((validation_data, validation_code))) => {
+								sender
+									.send((validation_data, validation_code, n_validators))
+									.expect("channel is still open");
+							},
+							_ => {
+								panic!("Unable to fetch validation data");
+							},
+						}
+					}),
+				);
+
+				let (validation_data, validation_code, n_validators) = receiver.recv().unwrap();
+
+				let validation_data_hash = validation_data.hash();
+				let validation_code_hash = validation_code.hash();
+				let validation_data_relay_parent_number = validation_data.relay_parent_number;
+
+				gum::trace!(
+					target: MALUS,
+					candidate_hash = ?candidate.hash(),
+					?relay_parent,
+					?n_validators,
+					?validation_data_hash,
+					?validation_code_hash,
+					?validation_data_relay_parent_number,
+					"Fetched validation data."
+				);
+
+				let malicious_available_data =
+					AvailableData { pov: Arc::new(pov.clone()), validation_data };
+
+				let pov_hash = pov.hash();
+				let erasure_root = {
+					let chunks =
+						erasure::obtain_chunks_v1(n_validators as usize, &malicious_available_data)
+							.unwrap();
+
+					let branches = erasure::branches(chunks.as_ref());
+					branches.root()
+				};
+
+				let (collator_id, collator_signature) = {
+					use polkadot_primitives::v2::CollatorPair;
+					use sp_core::crypto::Pair;
+
+					let collator_pair = CollatorPair::generate().0;
+					let signature_payload = polkadot_primitives::v2::collator_signature_payload(
+						&relay_parent,
+						&candidate.descriptor().para_id,
+						&validation_data_hash,
+						&pov_hash,
+						&validation_code_hash,
+					);
+
+					(collator_pair.public(), collator_pair.sign(&signature_payload))
+				};
+
+				let malicious_commitments =
+					create_fake_candidate_commitments(&malicious_available_data.validation_data);
+
+				let malicious_candidate = CandidateReceipt {
+					descriptor: CandidateDescriptor {
+						para_id: candidate.descriptor().para_id,
+						relay_parent,
+						collator: collator_id,
+						persisted_validation_data_hash: validation_data_hash,
+						pov_hash,
+						erasure_root,
+						signature: collator_signature,
+						para_head: malicious_commitments.head_data.hash(),
+						validation_code_hash,
+					},
+					commitments_hash: malicious_commitments.hash(),
+				};
+				let malicious_candidate_hash = malicious_candidate.hash();
+
+				gum::debug!(
+					target: MALUS,
+					candidate_hash = ?candidate.hash(),
+					?malicious_candidate_hash,
+					"Created malicious candidate"
+				);
+
+				// Map malicious candidate to the original one. We need this mapping to send back the correct seconded statement
+				// to the collators.
+				self.inner
+					.lock()
+					.expect("bad lock")
+					.map
+					.insert(malicious_candidate_hash, candidate.hash());
+
+				let message = FromOverseer::Communication {
+					msg: CandidateBackingMessage::Second(relay_parent, malicious_candidate, pov),
+				};
+
+				Some(message)
 			},
-			other => Some(other),
+			FromOverseer::Communication { msg } => Some(FromOverseer::Communication { msg }),
+			FromOverseer::Signal(signal) => Some(FromOverseer::Signal(signal)),
 		}
 	}

 	fn intercept_outgoing(&self, msg: AllMessages) -> Option<AllMessages> {
+		let msg = match msg {
+			AllMessages::CollatorProtocol(CollatorProtocolMessage::Seconded(
+				relay_parent,
+				statement,
+			)) => {
+				// `parachain::collator-protocol: received an unexpected `CollationSeconded`: unknown statement statement=...`
+				// TODO: Fix this error. We get this on colaltors because `malicious backing` creates a candidate that gets backed/included.
+				// It is harmless for test parachain collators, but it will prevent cumulus based collators to make progress
+				// as they wait for the relay chain to confirm the seconding of the collation.
+				AllMessages::CollatorProtocol(CollatorProtocolMessage::Seconded(
+					relay_parent,
+					statement,
+				))
+			},
+			msg => msg,
+		};
 		Some(msg)
 	}
 }

-/// Generates an overseer that exposes bad behavior.
-pub(crate) struct SuggestGarbageCandidate;
+/// Garbage candidate implementation wrapper which implements `OverseerGen` glue.
+pub(crate) struct BackGarbageCandidateWrapper;

-impl OverseerGen for SuggestGarbageCandidate {
+impl OverseerGen for BackGarbageCandidateWrapper {
 	fn generate<'a, Spawner, RuntimeClient>(
 		&self,
 		connector: OverseerConnector,
@@ -107,65 +254,23 @@ impl OverseerGen for SuggestGarbageCandidate {
 		RuntimeClient::Api: ParachainHost<Block> + BabeApi<Block> + AuthorityDiscoveryApi<Block>,
 		Spawner: 'static + SpawnNamed + Clone + Unpin,
 	{
-		let spawner = args.spawner.clone();
-		let (sink, source) = metered::unbounded();
-		let keystore = args.keystore.clone() as SyncCryptoStorePtr;
+		let inner = Inner { map: std::collections::HashMap::new() };
+		let inner_mut = Arc::new(Mutex::new(inner));
+		let note_candidate =
+			NoteCandidate { inner: inner_mut.clone(), spawner: args.spawner.clone() };

-		let filter = ReplacePoVBytes { queue: sink };
-
-		let keystore2 = keystore.clone();
-		let spawner2 = spawner.clone();
-
-		let result = prepared_overseer_builder(args)?
-			.replace_candidate_backing(move |cb| {
-				InterceptedSubsystem::new(
-					CandidateBackingSubsystem::new(spawner2, keystore2, cb.params.metrics),
-					filter,
-				)
-			})
-			.build_with_connector(connector)
-			.map_err(|e| e.into());
-
-		launch_processing_task(
-			&spawner,
-			source,
-			move |(mut subsystem_sender, hash, candidate_receipt): (_, Hash, CandidateReceipt)| {
-				let keystore = keystore.clone();
-				async move {
-					gum::info!(
-						target: MALUS,
-						"Replacing seconded candidate pov with something else"
-					);
-
-					let committed_candidate_receipt = CommittedCandidateReceipt {
-						descriptor: candidate_receipt.descriptor.clone(),
-						commitments: CandidateCommitments::default(),
-					};
-
-					let statement = Statement::Seconded(committed_candidate_receipt);
-
-					if let Ok(validator) =
-						util::Validator::new(hash, keystore.clone(), &mut subsystem_sender).await
-					{
-						let signed_statement: Signed<Statement, CompactStatement> = validator
-							.sign(keystore, statement)
-							.await
-							.expect("Signing works. qed")
-							.expect("Something must come out of this. qed");
-
-						subsystem_sender
-							.send_message(StatementDistributionMessage::Share(
-								hash,
-								signed_statement,
-							))
-							.await;
-					} else {
-						gum::info!("We are not a validator. Not siging anything.");
-					}
-				}
-			},
+		let validation_filter = ReplaceValidationResult::new(
+			FakeCandidateValidation::BackingAndApprovalValid,
+			FakeCandidateValidationError::InvalidOutputs,
+			args.spawner.clone(),
 		);

-		result
+		prepared_overseer_builder(args)?
+			.replace_candidate_backing(move |cb| InterceptedSubsystem::new(cb, note_candidate))
+			.replace_candidate_validation(move |cb| {
+				InterceptedSubsystem::new(cb, validation_filter)
+			})
+			.build_with_connector(connector)
+			.map_err(|e| e.into())
 	}
 }