Skip to content

test: add regression for finalized-header epoch-replay rejection#426

Merged
matthias-wright merged 1 commit into
audit-may-2026from
m/header-replay-test
Jul 2, 2026
Merged

test: add regression for finalized-header epoch-replay rejection#426
matthias-wright merged 1 commit into
audit-may-2026from
m/header-replay-test

Conversation

@matthias-wright

Copy link
Copy Markdown
Collaborator

Builds on #425 (which builds on #423, #422, and #402).

Addresses #310.

This issue was already solved by #170 and #286.

This PR just adds a regression test.

Changes:

  • Add regression for finalized-header epoch-replay rejection

@sebastian-osec

Copy link
Copy Markdown

Looks good to me.

@matthias-wright matthias-wright merged commit 37c9612 into audit-may-2026 Jul 2, 2026
@matthias-wright matthias-wright deleted the m/header-replay-test branch July 2, 2026 05:37
matthias-wright added a commit that referenced this pull request Jul 2, 2026
Builds on #426 (which builds on #425, #423, #422, and #402).

Addresses #311.

This only adds test coverage, the issue is not reachable.
The decoded ConsensusState, including every validator_accounts entry, is committed by checkpoint.data, which verify_checkpoint_chain binds to the terminal finalized header via checkpoint_hash == sha256(checkpoint.data). Appending a Joining account changes the digest, so the tampered checkpoint no longer matches the honest terminal header and is rejected at Step 2.

Changes:
-types/src/checkpoint.rs: test_checkpoint_verifier_rejects_extra_joining_account — reproduces the attack directly. It decodes the honest checkpoint, injects an extra Joining account (leaving the active signing set untouched), re-encodes, and asserts verify_checkpoint_chain rejects it with CheckpointHashMismatch.
-application/src/actor.rs: rejects_block_with_mismatched_checkpoint_hash — the consensus-layer half. It mirrors accepts_ordinary_child_inside_epoch, changing only the block's checkpoint_hash, and asserts handle_verify returns false, isolating the checkpoint_hash check as the sole cause.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants