add data hash

Author: julienrbrt

block/internal/syncing/syncer.go

@@ -30,33 +30,6 @@ import (
 
 var _ BlockSyncer = (*Syncer)(nil)
 
-// getTrustedHeader loads and verifies the trusted header from the store
-func (s *Syncer) getTrustedHeader(ctx context.Context) (*types.SignedHeader, error) {
-	if s.config.P2P.TrustedHeight == 0 {
-		return nil, fmt.Errorf("trusted_height is not configured")
-	}
-
-	// Load the signed header from the store
-	header, err := s.store.GetHeader(ctx, s.config.P2P.TrustedHeight)
-	if err != nil {
-		return nil, fmt.Errorf("failed to load trusted header at height %d: %w", s.config.P2P.TrustedHeight, err)
-	}
-
-	// Verify the header hash matches the trusted hash
-	expectedHash := s.config.P2P.TrustedHeaderHash
-	actualHash := header.Hash().String()
-	if actualHash != expectedHash {
-		return nil, fmt.Errorf("trusted header hash mismatch at height %d: expected %s, got %s",
-			s.config.P2P.TrustedHeight, expectedHash, actualHash)
-	}
-
-	s.logger.Info().Uint64("height", s.config.P2P.TrustedHeight).
-		Str("hash", actualHash).
-		Msg("trusted header loaded and verified")
-
-	return header, nil
-}
-
 // forcedInclusionGracePeriodConfig contains internal configuration for forced inclusion grace periods.
 type forcedInclusionGracePeriodConfig struct {
 	// basePeriod is the base number of additional epochs allowed for including forced inclusion transactions
@@ -337,9 +310,9 @@ func (s *Syncer) initializeState() error {
 			s.logger.Info().Uint64("trusted_height", s.config.P2P.TrustedHeight).Msg("initializing state from trusted height")
 
 			// Load and verify the trusted header
-			trustedHeader, err := s.getTrustedHeader(s.ctx)
+			trustedHeader, err := s.store.GetHeader(s.ctx, s.config.P2P.TrustedHeight)
 			if err != nil {
-				return fmt.Errorf("failed to load trusted header: %w", err)
+				return fmt.Errorf("failed to load trusted header at height %d: %w", s.config.P2P.TrustedHeight, err)
 			}
 
 			// Initialize new chain state from the trusted header

pkg/config/config.go

@@ -281,7 +281,8 @@ type P2PConfig struct {
 	BlockedPeers      string `mapstructure:"blocked_peers" yaml:"blocked_peers" comment:"Comma-separated list of peer IDs to block from connecting"`
 	AllowedPeers      string `mapstructure:"allowed_peers" yaml:"allowed_peers" comment:"Comma-separated list of peer IDs to allow connections from"`
 	TrustedHeight     uint64 `mapstructure:"trusted_height" yaml:"trusted_height" comment:"Block height to trust for sync initialization. When set, sync starts from this height instead of genesis. Must be accompanied by trusted_header_hash for security."`
-	TrustedHeaderHash string `mapstructure:"trusted_header_hash" yaml:"trusted_header_hash" comment:"Hash of the trusted header for security verification. This should be the hex-encoded hash of the header at trusted_height. Prevents against history rewrites during sync."`
+	TrustedHeaderHash string `mapstructure:"trusted_header_hash" yaml:"trusted_header_hash" comment:"Hash of the trusted header for security verification."`
+	TrustedDataHash   string `mapstructure:"trusted_data_hash" yaml:"trusted_data_hash" comment:"Hash of the trusted data for security verification."`
 }
 
 // SignerConfig contains all signer configuration parameters
@@ -381,8 +382,8 @@ func (c *Config) Validate() error {
 	}
 
 	// Validate trusted height configuration
-	if c.P2P.TrustedHeight > 0 && c.P2P.TrustedHeaderHash == "" {
-		return fmt.Errorf("trusted_height (%d) is set but trusted_header_hash is empty. When using trusted_height, trusted_header_hash must also be provided for security verification",
+	if c.P2P.TrustedHeight > 0 && (c.P2P.TrustedHeaderHash == "" || c.P2P.TrustedDataHash == "") {
+		return fmt.Errorf("trusted_height (%d) is set but trusted_header_hash or trusted_data_hash is empty. When using trusted_height, both trusted_header_hash and trusted_data_hash must also be provided for security verification",
 			c.P2P.TrustedHeight)
 	}
 

pkg/config/config_test.go

@@ -527,7 +527,7 @@ func TestTrustedHeightValidation(t *testing.T) {
 			trustedHeight: 100,
 			trustedHash:   "",
 			expectError:   true,
-			errorMsg:      "trusted_height (100) is set but trusted_header_hash is empty",
+			errorMsg:      "trusted_height (100) is set but trusted_header_hash or trusted_data_hash is empty",
 		},
 		{
 			name:          "trusted height with valid hash should pass",
@@ -555,6 +555,7 @@ func TestTrustedHeightValidation(t *testing.T) {
 			cfg.RootDir = t.TempDir()
 			cfg.P2P.TrustedHeight = tt.trustedHeight
 			cfg.P2P.TrustedHeaderHash = tt.trustedHash
+			cfg.P2P.TrustedDataHash = tt.trustedHash
 
 			err := cfg.Validate()
 

pkg/sync/sync_service.go

@@ -62,8 +62,8 @@ type SyncService[H store.EntityWithDAHint[H]] struct {
 
 	// trustedHeight tracks the configured trusted height for sync initialization
 	trustedHeight uint64
-	// trustedHeaderHash is the expected hash of the trusted header
-	trustedHeaderHash string
+	// trustedHeaderHash, trustedDataHash is the expected hash of the trusted header
+	trustedHeaderHash, trustedDataHash string
 }
 
 // NewDataSyncService returns a new DataSyncService.
@@ -206,6 +206,7 @@ func (syncService *SyncService[H]) Start(ctx context.Context) error {
 	// Initialize trusted height configuration
 	syncService.trustedHeight = syncService.conf.P2P.TrustedHeight
 	syncService.trustedHeaderHash = syncService.conf.P2P.TrustedHeaderHash
+	syncService.trustedDataHash = syncService.conf.P2P.TrustedDataHash
 
 	// initialize stores from P2P (blocking until genesis is fetched for followers)
 	// Aggregators (no peers configured) return immediately and initialize on first produced block.
@@ -331,7 +332,7 @@ func (syncService *SyncService[H]) startSubscriber(ctx context.Context) error {
 	return nil
 }
 
-// Height returns the current height stored
+// Height returns the current height storeda
 func (s *SyncService[H]) Height() uint64 {
 	return s.store.Height()
 }
@@ -439,11 +440,10 @@ func (syncService *SyncService[H]) fetchAndVerifyTrustedHeader(ctx context.Conte
 	}
 
 	// Verify the hash matches
-	expectedHash := syncService.trustedHeaderHash
 	actualHash := trusted.Hash().String()
-	if actualHash != expectedHash {
-		return fmt.Errorf("trusted header hash mismatch at height %d: expected %s, got %s",
-			syncService.trustedHeight, expectedHash, actualHash)
+	if actualHash != syncService.trustedHeaderHash || actualHash != syncService.trustedDataHash {
+		return fmt.Errorf("trusted header hash mismatch at height %d: expected %s or %s, got %s",
+			syncService.trustedHeight, syncService.trustedHeaderHash, syncService.trustedDataHash, actualHash)
 	}
 
 	syncService.logger.Info().Uint64("height", syncService.trustedHeight).