refactor(block): log error on data verification failed

Author: julienrbrt

block/manager.go

@@ -1127,22 +1127,3 @@ func (m *Manager) SaveCache() error {
 
 	return nil
 }
-
-// isValidSignedData returns true if the data signature is valid for the expected sequencer.
-func (m *Manager) isValidSignedData(signedData *types.SignedData) bool {
-	if signedData == nil || signedData.Txs == nil {
-		return false
-	}
-
-	if err := m.assertUsingExpectedSingleSequencer(signedData.Signer.Address); err != nil {
-		return false
-	}
-
-	dataBytes, err := signedData.Data.MarshalBinary()
-	if err != nil {
-		return false
-	}
-
-	valid, err := signedData.Signer.PubKey.Verify(dataBytes, signedData.Signature)
-	return err == nil && valid
-}

block/manager_test.go

@@ -410,106 +410,6 @@ func TestGetDataSignature_NilSigner(t *testing.T) {
 	require.ErrorContains(err, "signer is nil; cannot sign data")
 }
 
-// TestIsValidSignedData covers valid, nil, wrong proposer, and invalid signature cases for isValidSignedData.
-func TestIsValidSignedData(t *testing.T) {
-	require := require.New(t)
-	privKey, _, err := crypto.GenerateKeyPair(crypto.Ed25519, 256)
-	require.NoError(err)
-	testSigner, err := noopsigner.NewNoopSigner(privKey)
-	require.NoError(err)
-	proposerAddr, err := testSigner.GetAddress()
-	require.NoError(err)
-	gen := genesispkg.NewGenesis(
-		"testchain",
-		1,
-		time.Now(),
-		proposerAddr,
-	)
-	m := &Manager{
-		signer:  testSigner,
-		genesis: gen,
-	}
-
-	t.Run("valid signed data", func(t *testing.T) {
-		batch := &types.Data{
-			Txs: types.Txs{types.Tx("tx1"), types.Tx("tx2")},
-		}
-		sig, err := m.getDataSignature(batch)
-		require.NoError(err)
-		pubKey, err := m.signer.GetPublic()
-		require.NoError(err)
-		signedData := &types.SignedData{
-			Data:      *batch,
-			Signature: sig,
-			Signer: types.Signer{
-				PubKey:  pubKey,
-				Address: proposerAddr,
-			},
-		}
-		assert.True(t, m.isValidSignedData(signedData))
-	})
-
-	t.Run("nil signed data", func(t *testing.T) {
-		assert.False(t, m.isValidSignedData(nil))
-	})
-
-	t.Run("nil Txs", func(t *testing.T) {
-		signedData := &types.SignedData{
-			Data: types.Data{},
-			Signer: types.Signer{
-				Address: proposerAddr,
-			},
-		}
-		signedData.Txs = nil
-		assert.False(t, m.isValidSignedData(signedData))
-	})
-
-	t.Run("wrong proposer address", func(t *testing.T) {
-		batch := &types.Data{
-			Txs: types.Txs{types.Tx("tx1")},
-		}
-		sig, err := m.getDataSignature(batch)
-		require.NoError(err)
-		pubKey, err := m.signer.GetPublic()
-		require.NoError(err)
-		wrongAddr := make([]byte, len(proposerAddr))
-		copy(wrongAddr, proposerAddr)
-		wrongAddr[0] ^= 0xFF // flip a bit
-		signedData := &types.SignedData{
-			Data:      *batch,
-			Signature: sig,
-			Signer: types.Signer{
-				PubKey:  pubKey,
-				Address: wrongAddr,
-			},
-		}
-		assert.False(t, m.isValidSignedData(signedData))
-	})
-
-	t.Run("invalid signature", func(t *testing.T) {
-		batch := &types.Data{
-			Txs: types.Txs{types.Tx("tx1")},
-		}
-		sig, err := m.getDataSignature(batch)
-		require.NoError(err)
-		pubKey, err := m.signer.GetPublic()
-		require.NoError(err)
-		// Corrupt the signature
-		badSig := make([]byte, len(sig))
-		copy(badSig, sig)
-		badSig[0] ^= 0xFF
-		signedData := &types.SignedData{
-			Data:      *batch,
-			Signature: badSig,
-			Signer: types.Signer{
-				PubKey:  pubKey,
-				Address: proposerAddr,
-			},
-		}
-		assert.False(t, m.isValidSignedData(signedData))
-	})
-}
-
 // TestManager_execValidate tests the execValidate method for various header/data/state conditions.
 func TestManager_execValidate(t *testing.T) {
 	require := require.New(t)

block/retriever_da.go

@@ -255,8 +255,8 @@ func (m *Manager) tryDecodeData(bz []byte, daHeight uint64) *types.Data {
 	}
 
 	// Early validation to reject junk data
-	if !m.isValidSignedData(&signedData) {
-		m.logger.Debug().Uint64("daHeight", daHeight).Msg("invalid data signature")
+	if err := m.isValidSignedData(&signedData); err != nil {
+		m.logger.Debug().Uint64("daHeight", daHeight).Err(err).Msg("invalid data signature")
 		return nil
 	}
 
@@ -268,6 +268,33 @@ func (m *Manager) tryDecodeData(bz []byte, daHeight uint64) *types.Data {
 	return &signedData.Data
 }
 
+// isValidSignedData returns true if the data signature is valid for the expected sequencer.
+func (m *Manager) isValidSignedData(signedData *types.SignedData) error {
+	if signedData == nil || signedData.Txs == nil {
+		return errors.New("empty signed data")
+	}
+
+	if err := m.assertUsingExpectedSingleSequencer(signedData.Signer.Address); err != nil {
+		return err
+	}
+
+	dataBytes, err := signedData.Data.MarshalBinary()
+	if err != nil {
+		return fmt.Errorf("failed to marshal data: %w", err)
+	}
+
+	valid, err := signedData.Signer.PubKey.Verify(dataBytes, signedData.Signature)
+	if err != nil {
+		return fmt.Errorf("failed to verify signature: %w", err)
+	}
+
+	if !valid {
+		return fmt.Errorf("invalid signature")
+	}
+
+	return nil
+}
+
 // isAtHeight checks if a height is available.
 func (m *Manager) isAtHeight(ctx context.Context, height uint64) error {
 	currentHeight, err := m.GetStoreHeight(ctx)

block/retriever_da_test.go

@@ -23,7 +23,9 @@ import (
 	"github.com/evstack/ev-node/pkg/cache"
 	"github.com/evstack/ev-node/pkg/config"
 	"github.com/evstack/ev-node/pkg/genesis"
+	genesispkg "github.com/evstack/ev-node/pkg/genesis"
 	"github.com/evstack/ev-node/pkg/signer/noop"
+	noopsigner "github.com/evstack/ev-node/pkg/signer/noop"
 	storepkg "github.com/evstack/ev-node/pkg/store"
 	rollmocks "github.com/evstack/ev-node/test/mocks"
 	"github.com/evstack/ev-node/types"
@@ -732,3 +734,103 @@ func TestRetrieveLoop_DAHeightIncrementsOnlyOnSuccess(t *testing.T) {
 
 	mockDAClient.AssertExpectations(t)
 }
+
+// TestIsValidSignedData covers valid, nil, wrong proposer, and invalid signature cases for isValidSignedData.
+func TestIsValidSignedData(t *testing.T) {
+	require := require.New(t)
+	privKey, _, err := crypto.GenerateKeyPair(crypto.Ed25519, 256)
+	require.NoError(err)
+	testSigner, err := noopsigner.NewNoopSigner(privKey)
+	require.NoError(err)
+	proposerAddr, err := testSigner.GetAddress()
+	require.NoError(err)
+	gen := genesispkg.NewGenesis(
+		"testchain",
+		1,
+		time.Now(),
+		proposerAddr,
+	)
+	m := &Manager{
+		signer:  testSigner,
+		genesis: gen,
+	}
+
+	t.Run("valid signed data", func(t *testing.T) {
+		batch := &types.Data{
+			Txs: types.Txs{types.Tx("tx1"), types.Tx("tx2")},
+		}
+		sig, err := m.getDataSignature(batch)
+		require.NoError(err)
+		pubKey, err := m.signer.GetPublic()
+		require.NoError(err)
+		signedData := &types.SignedData{
+			Data:      *batch,
+			Signature: sig,
+			Signer: types.Signer{
+				PubKey:  pubKey,
+				Address: proposerAddr,
+			},
+		}
+		assert.NoError(t, m.isValidSignedData(signedData))
+	})
+
+	t.Run("nil signed data", func(t *testing.T) {
+		assert.Error(t, m.isValidSignedData(nil))
+	})
+
+	t.Run("nil Txs", func(t *testing.T) {
+		signedData := &types.SignedData{
+			Data: types.Data{},
+			Signer: types.Signer{
+				Address: proposerAddr,
+			},
+		}
+		signedData.Txs = nil
+		assert.Error(t, m.isValidSignedData(signedData))
+	})
+
+	t.Run("wrong proposer address", func(t *testing.T) {
+		batch := &types.Data{
+			Txs: types.Txs{types.Tx("tx1")},
+		}
+		sig, err := m.getDataSignature(batch)
+		require.NoError(err)
+		pubKey, err := m.signer.GetPublic()
+		require.NoError(err)
+		wrongAddr := make([]byte, len(proposerAddr))
+		copy(wrongAddr, proposerAddr)
+		wrongAddr[0] ^= 0xFF // flip a bit
+		signedData := &types.SignedData{
+			Data:      *batch,
+			Signature: sig,
+			Signer: types.Signer{
+				PubKey:  pubKey,
+				Address: wrongAddr,
+			},
+		}
+		assert.Error(t, m.isValidSignedData(signedData))
+	})
+
+	t.Run("invalid signature", func(t *testing.T) {
+		batch := &types.Data{
+			Txs: types.Txs{types.Tx("tx1")},
+		}
+		sig, err := m.getDataSignature(batch)
+		require.NoError(err)
+		pubKey, err := m.signer.GetPublic()
+		require.NoError(err)
+		// Corrupt the signature
+		badSig := make([]byte, len(sig))
+		copy(badSig, sig)
+		badSig[0] ^= 0xFF
+		signedData := &types.SignedData{
+			Data:      *batch,
+			Signature: badSig,
+			Signer: types.Signer{
+				PubKey:  pubKey,
+				Address: proposerAddr,
+			},
+		}
+		assert.Error(t, m.isValidSignedData(signedData))
+	})
+}