fix: submit bottom up checkpoint performs signature check (#1338)

Co-authored-by: cryptoAtwill <willes.lau@protocol.ai>

Author: cryptoAtwill

contracts/contracts/errors/IPCErrors.sol

@@ -83,6 +83,8 @@ error MissingActivityCommitment();
 error ValidatorAlreadyClaimed();
 error InvalidActivityProof();
 error NotOwner();
+error SignatureAddressesNotSorted();
+error DuplicateValidatorSignaturesFound();
 
 enum InvalidXnetMessageReason {
     Sender,

contracts/contracts/subnet/SubnetActorCheckpointingFacet.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: MIT OR Apache-2.0
 pragma solidity ^0.8.23;
 
-import {InvalidBatchEpoch, MaxMsgsPerBatchExceeded, InvalidSignatureErr, BottomUpCheckpointAlreadySubmitted, CannotSubmitFutureCheckpoint, InvalidCheckpointEpoch} from "../errors/IPCErrors.sol";
+import {InvalidBatchEpoch, MaxMsgsPerBatchExceeded, InvalidSignatureErr, DuplicateValidatorSignaturesFound, SignatureAddressesNotSorted, BottomUpCheckpointAlreadySubmitted, CannotSubmitFutureCheckpoint, InvalidCheckpointEpoch} from "../errors/IPCErrors.sol";
 import {IGateway} from "../interfaces/IGateway.sol";
 import {BottomUpCheckpoint, BottomUpMsgBatch, BottomUpMsgBatchInfo} from "../structs/CrossNet.sol";
 import {Validator, ValidatorSet} from "../structs/Subnet.sol";
@@ -66,6 +66,19 @@ contract SubnetActorCheckpointingFacet is SubnetActorModifiers, ReentrancyGuard,
         bytes32 hash,
         bytes[] memory signatures
     ) public view {
+        for (uint256 i = 1; i < signatories.length; ) {
+            if (signatories[i] < signatories[i - 1]) {
+                revert SignatureAddressesNotSorted();
+            }
+            if (signatories[i] == signatories[i - 1]) {
+                revert DuplicateValidatorSignaturesFound();
+            }
+
+            unchecked {
+                i++;
+            }
+        }
+
         // This call reverts if at least one of the signatories (validator) is not in the active validator set.
         uint256[] memory collaterals = s.validatorSet.getTotalPowerOfValidators(signatories);
         uint256 activeCollateral = s.validatorSet.getTotalActivePower();

contracts/test/helpers/TestUtils.sol

@@ -36,10 +36,9 @@ library TestUtils {
         Vm vm
     ) internal returns (uint256[] memory validatorKeys, address[] memory addresses, uint256[] memory weights) {
         validatorKeys = new uint256[](4);
-        validatorKeys[0] = 100;
-        validatorKeys[1] = 200;
-        validatorKeys[2] = 300;
-        validatorKeys[3] = 400;
+        for (uint i = 0; i < 4; i++) {
+            validatorKeys[i] = getPrivateKey(i);
+        }
 
         addresses = new address[](4);
         addresses[0] = vm.addr(validatorKeys[0]);
@@ -64,9 +63,9 @@ library TestUtils {
         Vm vm
     ) internal returns (uint256[] memory validatorKeys, address[] memory addresses, uint256[] memory weights) {
         validatorKeys = new uint256[](3);
-        validatorKeys[0] = 100;
-        validatorKeys[1] = 200;
-        validatorKeys[2] = 300;
+        for (uint i = 0; i < 3; i++) {
+            validatorKeys[i] = getPrivateKey(i);
+        }
 
         addresses = new address[](3);
         addresses[0] = vm.addr(validatorKeys[0]);
@@ -97,15 +96,52 @@ library TestUtils {
         addr = address(uint160(uint256(keccak256(dataSubset))));
     }
 
+    /// The dummy private keys generated offchain so that the addresses of the private keys
+    /// are sorted in ascending order.
+    function getPrivateKey(uint256 idx) internal pure returns (uint256 privateKey) {
+        if (idx == 0) {
+            return 0xaf2be542934f2283d6cb21ee8c80495ab76d63b1071b75276a4a5e7673e4dae6;
+        }
+        if (idx == 1) {
+            return 0xb423cb058c1bd6b4494364de8bcbfd89d534ba709dd6de06dc7e7884dafca7b3;
+        }
+        if (idx == 2) {
+            return 0xc0df835826416ebdfe6372000466c8c5fe1013f8d40448281ab572d11f4aee50;
+        }
+        if (idx == 3) {
+            return 0xf731c1d1a68c1d060817b50dc3d56d2cdfb35a1636ad99ec9c3352e617bb907b;
+        }
+        if (idx == 4) {
+            return 0x3f339e466f1946264212212866a929837cd565423bf1d4b3818870021f2ec12e;
+        }
+        if (idx == 5) {
+            return 0x1ec4b12edb4056925ccc5687ca77bdd002de7af60de2a4be27f318b0a73df2fa;
+        }
+        if (idx == 6) {
+            return 0x072e51399be0cb21e3c50b076d8af6bb35f019a8d3d629b06e0d0c9e440921df;
+        }
+        if (idx == 7) {
+            return 0x8127a61993cac5dfa6f56d440f010e185fe7d308ddfd012a8966c7f353d123de;
+        }
+        if (idx == 8) {
+            return 0x19d47f8e12c86e270438ed1caa284e2f1ffdd0a99420b2b220ea70647799a60f;
+        }
+        if (idx == 9) {
+            return 0x98374b780974d9c11465be371871b6354fb537f2f24a6b985dbd4375b3f558a8;
+        }
+        revert("more than 10 validators not supported");
+    }
+
     function newValidator(
-        uint256 key
+        uint256 idx
     ) internal pure returns (address addr, uint256 privKey, bytes memory validatorKey) {
-        privKey = key;
-        bytes memory pubkey = derivePubKeyBytes(key);
-        validatorKey = deriveValidatorPubKeyBytes(key);
+        privKey = getPrivateKey(idx);
+        bytes memory pubkey = derivePubKeyBytes(privKey);
+        validatorKey = deriveValidatorPubKeyBytes(privKey);
         addr = address(uint160(uint256(keccak256(pubkey))));
     }
 
+    /// Generate a list of validators whose addresses are arranged in ascending order.
     function newValidators(
         uint256 n
     ) internal pure returns (address[] memory validators, uint256[] memory privKeys, bytes[] memory validatorKeys) {
@@ -114,7 +150,7 @@ library TestUtils {
         privKeys = new uint256[](n);
 
         for (uint i = 0; i < n; i++) {
-            (address addr, uint256 key, bytes memory validatorKey) = newValidator(100 + i);
+            (address addr, uint256 key, bytes memory validatorKey) = newValidator(i);
             validators[i] = addr;
             validatorKeys[i] = validatorKey;
             privKeys[i] = key;
@@ -123,19 +159,6 @@ library TestUtils {
         return (validators, privKeys, validatorKeys);
     }
 
-    function derivePubKey(uint8 seq) internal pure returns (address addr, bytes memory data) {
-        data = new bytes(65);
-        data[1] = bytes1(seq);
-
-        // use data[1:] for the hash
-        bytes memory dataSubset = new bytes(data.length - 1);
-        for (uint i = 1; i < data.length; i++) {
-            dataSubset[i - 1] = data[i];
-        }
-
-        addr = address(uint160(uint256(keccak256(dataSubset))));
-    }
-
     function ensureBytesEqual(bytes memory _a, bytes memory _b) internal pure {
         require(_a.length == _b.length, "bytes len not equal");
         require(keccak256(_a) == keccak256(_b), "bytes not equal");

contracts/test/integration/GatewayDiamond.t.sol

@@ -567,7 +567,7 @@ contract GatewayActorDiamondTest is Test, IntegrationTestBase, SubnetWithNativeT
     }
 
     function testGatewayDiamond_Single_Funding() public {
-        (address validatorAddress, , bytes memory publicKey) = TestUtils.newValidator(100);
+        (address validatorAddress, , bytes memory publicKey) = TestUtils.newValidator(0);
 
         join(validatorAddress, publicKey);
 
@@ -688,7 +688,7 @@ contract GatewayActorDiamondTest is Test, IntegrationTestBase, SubnetWithNativeT
     }
 
     function testGatewayDiamond_Fund_Works_ReactivatedSubnet() public {
-        (address validatorAddress, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(100);
+        (address validatorAddress, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(0);
         assert(validatorAddress == vm.addr(privKey));
 
         join(validatorAddress, publicKey);

contracts/test/integration/SubnetActorDiamond.t.sol

@@ -112,11 +112,10 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
 
         // create genesis validators
         uint256 numGenesisValidators = 3;
-        uint256 startingPrivateKey = 100;
         gwConstructorParams.genesisValidators = new Validator[](numGenesisValidators);
 
         for (uint256 i = 0; i < numGenesisValidators; i++) {
-            (address validator, , bytes memory publicKey) = TestUtils.newValidator(startingPrivateKey + i);
+            (address validator, , bytes memory publicKey) = TestUtils.newValidator(i);
             gwConstructorParams.genesisValidators[i] = Validator({addr: validator, weight: 100, metadata: publicKey});
         }
 
@@ -147,8 +146,8 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
 
     /// @notice Testing the basic join, stake, leave lifecycle of validators
     function testSubnetActorDiamond_BasicLifeCycle() public {
-        (address validator1, uint256 privKey1, bytes memory publicKey1) = TestUtils.newValidator(100);
-        (address validator2, uint256 privKey2, bytes memory publicKey2) = TestUtils.newValidator(101);
+        (address validator1, uint256 privKey1, bytes memory publicKey1) = TestUtils.newValidator(0);
+        (address validator2, uint256 privKey2, bytes memory publicKey2) = TestUtils.newValidator(1);
 
         // total collateral in the gateway
         uint256 collateral = 0;
@@ -427,7 +426,7 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function testSubnetActorDiamond_Bootstrap_Node() public {
-        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(100);
+        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(0);
 
         vm.deal(validator, DEFAULT_MIN_VALIDATOR_STAKE);
         vm.prank(validator);
@@ -463,7 +462,7 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function testSubnetActorDiamond_Leave_NotValidator() public {
-        (address validator, , ) = TestUtils.newValidator(100);
+        (address validator, , ) = TestUtils.newValidator(0);
 
         // non-empty subnet can't be killed
         vm.prank(validator);
@@ -472,9 +471,9 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function testSubnetActorDiamond_Leave_Subnet() public {
-        (address validator1, uint256 privKey1, bytes memory publicKey1) = TestUtils.newValidator(100);
-        (address validator2, uint256 privKey2, bytes memory publicKey2) = TestUtils.newValidator(101);
-        (address validator3, uint256 privKey3, bytes memory publicKey3) = TestUtils.newValidator(102);
+        (address validator1, uint256 privKey1, bytes memory publicKey1) = TestUtils.newValidator(0);
+        (address validator2, uint256 privKey2, bytes memory publicKey2) = TestUtils.newValidator(1);
+        (address validator3, uint256 privKey3, bytes memory publicKey3) = TestUtils.newValidator(2);
 
         vm.deal(validator1, DEFAULT_MIN_VALIDATOR_STAKE);
         vm.deal(validator2, 3 * DEFAULT_MIN_VALIDATOR_STAKE);
@@ -513,7 +512,7 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function testSubnetActorDiamond_Kill_NotBootstrappedSubnet() public {
-        (address validator1, , ) = TestUtils.newValidator(100);
+        (address validator1, , ) = TestUtils.newValidator(0);
 
         // not bootstrapped subnet can't be killed
         vm.expectRevert(SubnetNotBootstrapped.selector);
@@ -670,7 +669,7 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
         saDiamond.checkpointer().validateActiveQuorumSignatures(validators, hash, signatures);
     }
 
-    function testSubnetActorDiamond_validateActiveQuorumSignatures_InvalidSignatory() public {
+    function testSubnetActorDiamond_validateActiveQuorumSignatures_DuplicatedValidators() public {
         (uint256[] memory keys, address[] memory validators, ) = TestUtils.getThreeValidators(vm);
         bytes[] memory pubKeys = new bytes[](3);
         bytes[] memory signatures = new bytes[](3);
@@ -690,11 +689,35 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
             saDiamond.manager().join{value: 10}(pubKeys[i], 10);
         }
 
-        // swap validators to trigger `InvalidSignatory` error;
-        address a;
-        a = validators[0];
+        signatures[0] = signatures[1];
         validators[0] = validators[1];
-        validators[1] = a;
+
+        vm.expectRevert(abi.encodeWithSelector(DuplicateValidatorSignaturesFound.selector));
+        saDiamond.checkpointer().validateActiveQuorumSignatures(validators, hash0, signatures);
+    }
+
+    function testSubnetActorDiamond_validateActiveQuorumSignatures_InvalidSignatory() public {
+        (uint256[] memory keys, address[] memory validators, ) = TestUtils.getThreeValidators(vm);
+        bytes[] memory pubKeys = new bytes[](3);
+        bytes[] memory signatures = new bytes[](3);
+
+        bytes32 hash = keccak256(abi.encodePacked("test"));
+        bytes32 hash0 = keccak256(abi.encodePacked("test1"));
+
+        for (uint256 i = 0; i < 3; i++) {
+            (uint8 v, bytes32 r, bytes32 s) = vm.sign(keys[i], hash);
+
+            // create incorrect signature using `vv`
+            signatures[i] = abi.encodePacked(r, s, v);
+
+            pubKeys[i] = TestUtils.deriveValidatorPubKeyBytes(keys[i]);
+            vm.deal(validators[i], 10 gwei);
+            vm.prank(validators[i]);
+            saDiamond.manager().join{value: 10}(pubKeys[i], 10);
+        }
+
+        // use validator 1's signature for validator 0 to trigger `InvalidSignatory` error;
+        signatures[0] = signatures[1];
 
         vm.expectRevert(
             abi.encodeWithSelector(InvalidSignatureErr.selector, MultisignatureChecker.Error.InvalidSignatory)
@@ -1466,8 +1489,8 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function test_second_validator_can_join() public {
-        (address validatorAddress1, uint256 privKey1, bytes memory publicKey1) = TestUtils.newValidator(101);
-        (address validatorAddress2, , bytes memory publicKey2) = TestUtils.newValidator(102);
+        (address validatorAddress1, uint256 privKey1, bytes memory publicKey1) = TestUtils.newValidator(1);
+        (address validatorAddress2, , bytes memory publicKey2) = TestUtils.newValidator(2);
 
         join(validatorAddress1, publicKey1);
 
@@ -1728,7 +1751,7 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
 
         saDiamond.manager().setFederatedPower(validators, publicKeys, powers);
 
-        confirmChange(validators[2], privKeys[2], validators[1], privKeys[1]);
+        confirmChange(validators[1], privKeys[1], validators[2], privKeys[2]);
 
         require(saDiamond.getter().isActiveValidator(validators[0]), "not active validator 0");
         require(saDiamond.getter().isActiveValidator(validators[1]), "not active validator 1");
@@ -1867,8 +1890,8 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     // Tests for collateral token
     // ----------------------------
     function testSubnetActorDiamond_CollateralERC20_SupplyERC20_RegisteredInGateway() public {
-        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(100);
-        (address validator2, , ) = TestUtils.newValidator(101);
+        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(0);
+        (address validator2, , ) = TestUtils.newValidator(1);
 
         // a bit of gas for execution, should not be needed
         vm.deal(validator, DEFAULT_MIN_VALIDATOR_STAKE - 100);
@@ -2005,8 +2028,8 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function testSubnetActorDiamond_CollateralERC20_SupplyERC20_SameToken_RegisteredInGateway() public {
-        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(100);
-        (address validator2, , ) = TestUtils.newValidator(101);
+        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(0);
+        (address validator2, , ) = TestUtils.newValidator(1);
 
         // a bit of gas for execution, should not be needed
         vm.deal(validator, DEFAULT_MIN_VALIDATOR_STAKE - 100);
@@ -2128,8 +2151,8 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function testSubnetActorDiamond_CollateralERC20_SupplyNative_RegisteredInGateway() public {
-        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(100);
-        (address validator2, , ) = TestUtils.newValidator(101);
+        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(0);
+        (address validator2, , ) = TestUtils.newValidator(1);
 
         // a bit of gas for execution, should not be needed
         vm.deal(validator, DEFAULT_MIN_VALIDATOR_STAKE - 100);
@@ -2232,8 +2255,8 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function testSubnetActorDiamond_CollateralNative_SupplyNative_RegisteredInGateway() public {
-        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(100);
-        (address validator2, , ) = TestUtils.newValidator(101);
+        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(0);
+        (address validator2, , ) = TestUtils.newValidator(1);
 
         // a bit of gas for execution, should not be needed
         vm.deal(validator, DEFAULT_MIN_VALIDATOR_STAKE * 10);
@@ -2303,8 +2326,8 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
     }
 
     function testSubnetActorDiamond_CollateralNative_SupplyERC20_RegisteredInGateway() public {
-        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(100);
-        (address validator2, , ) = TestUtils.newValidator(101);
+        (address validator, uint256 privKey, bytes memory publicKey) = TestUtils.newValidator(0);
+        (address validator2, , ) = TestUtils.newValidator(1);
 
         // a bit of gas for execution, should not be needed
         vm.deal(validator, DEFAULT_MIN_VALIDATOR_STAKE * 10);
@@ -2745,7 +2768,7 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
 
         saDiamond.manager().setValidatorGater(address(gater));
 
-        (address validator, , bytes memory publicKey) = TestUtils.newValidator(100);
+        (address validator, , bytes memory publicKey) = TestUtils.newValidator(0);
 
         vm.deal(validator, DEFAULT_MIN_VALIDATOR_STAKE * 3);
         vm.prank(validator);

fendermint/testing/contract-test/tests/staking/machine.rs

@@ -298,6 +298,8 @@ impl StateMachine for StakingMachine {
                     signatures.push((*addr, signature.into()));
                 }
 
+                signatures.sort_by_key(|(addr, _)| *addr);
+
                 system
                     .subnet
                     .try_submit_checkpoint(