added checks on proofs parameters like epoch, nonce and shard

process/block/baseProcess.go

@@ -222,6 +222,36 @@ func (bp *baseProcessor) checkBlockValidity(
 		return process.ErrEpochDoesNotMatch
 	}
 
+	return bp.checkPrevProofValidity(currentBlockHeader, headerHandler)
+}
+
+func (bp *baseProcessor) checkPrevProofValidity(prevHeader, headerHandler data.HeaderHandler) error {
+	if !common.ShouldBlockHavePrevProof(headerHandler, bp.enableEpochsHandler, common.EquivalentMessagesFlag) {
+		return nil
+	}
+
+	prevProof := headerHandler.GetPreviousProof()
+	return bp.verifyProofAgainstHeader(prevProof, prevHeader)
+}
+
+func (bp *baseProcessor) verifyProofAgainstHeader(proof data.HeaderProofHandler, header data.HeaderHandler) error {
+	if check.IfNilReflect(proof) {
+		return process.ErrMissingHeaderProof
+	}
+
+	if proof.GetHeaderNonce() != header.GetNonce() {
+		return fmt.Errorf("%w, nonce mismatch", process.ErrInvalidHeaderProof)
+	}
+	if proof.GetHeaderShardId() != header.GetShardID() {
+		return fmt.Errorf("%w, shard id mismatch", process.ErrInvalidHeaderProof)
+	}
+	if proof.GetHeaderEpoch() != header.GetEpoch() {
+		return fmt.Errorf("%w, epoch mismatch", process.ErrInvalidHeaderProof)
+	}
+	if proof.GetHeaderRound() != header.GetRound() {
+		return fmt.Errorf("%w, round mismatch", process.ErrInvalidHeaderProof)
+	}
+
 	return nil
 }
 

process/block/interceptedBlocks/interceptedEquivalentProof.go

@@ -1,6 +1,7 @@
 package interceptedBlocks
 
 import (
+	"encoding/hex"
 	"fmt"
 
 	"github.com/multiversx/mx-chain-core-go/core"
@@ -25,13 +26,15 @@ type ArgInterceptedEquivalentProof struct {
 	ShardCoordinator  sharding.Coordinator
 	HeaderSigVerifier consensus.HeaderSigVerifier
 	Proofs            dataRetriever.ProofsPool
+	Headers           dataRetriever.HeadersPool
 }
 
 type interceptedEquivalentProof struct {
 	proof             *block.HeaderProof
 	isForCurrentShard bool
 	headerSigVerifier consensus.HeaderSigVerifier
 	proofsPool        dataRetriever.ProofsPool
+	headersPool       dataRetriever.HeadersPool
 }
 
 // NewInterceptedEquivalentProof returns a new instance of interceptedEquivalentProof
@@ -51,6 +54,7 @@ func NewInterceptedEquivalentProof(args ArgInterceptedEquivalentProof) (*interce
 		isForCurrentShard: extractIsForCurrentShard(args.ShardCoordinator, equivalentProof),
 		headerSigVerifier: args.HeaderSigVerifier,
 		proofsPool:        args.Proofs,
+		headersPool:       args.Headers,
 	}, nil
 }
 
@@ -70,6 +74,9 @@ func checkArgInterceptedEquivalentProof(args ArgInterceptedEquivalentProof) erro
 	if check.IfNil(args.Proofs) {
 		return process.ErrNilProofsPool
 	}
+	if check.IfNil(args.Headers) {
+		return process.ErrNilHeadersDataPool
+	}
 
 	return nil
 }
@@ -115,9 +122,36 @@ func (iep *interceptedEquivalentProof) CheckValidity() error {
 		return proofscache.ErrAlreadyExistingEquivalentProof
 	}
 
+	err = iep.checkHeaderParamsFromProof()
+	if err != nil {
+		return err
+	}
+
 	return iep.headerSigVerifier.VerifyHeaderProof(iep.proof)
 }
 
+func (iep *interceptedEquivalentProof) checkHeaderParamsFromProof() error {
+	header, err := iep.headersPool.GetHeaderByHash(iep.proof.GetHeaderHash())
+	if err != nil {
+		return fmt.Errorf("%w while getting header for proof hash %s", err, hex.EncodeToString(iep.proof.GetHeaderHash()))
+	}
+
+	if iep.proof.GetHeaderNonce() != header.GetNonce() {
+		return fmt.Errorf("%w, nonce mismatch", ErrInvalidProof)
+	}
+	if iep.proof.GetHeaderShardId() != header.GetShardID() {
+		return fmt.Errorf("%w, shard id mismatch", ErrInvalidProof)
+	}
+	if iep.proof.GetHeaderEpoch() != header.GetEpoch() {
+		return fmt.Errorf("%w, epoch mismatch", ErrInvalidProof)
+	}
+	if iep.proof.GetHeaderRound() != header.GetRound() {
+		return fmt.Errorf("%w, round mismatch", ErrInvalidProof)
+	}
+
+	return nil
+}
+
 func (iep *interceptedEquivalentProof) integrity() error {
 	isProofValid := len(iep.proof.AggregatedSignature) > 0 &&
 		len(iep.proof.PubKeysBitmap) > 0 &&

process/block/interceptedBlocks/interceptedEquivalentProof_test.go

@@ -4,33 +4,42 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/multiversx/mx-chain-core-go/core"
+	"github.com/multiversx/mx-chain-core-go/data"
 	"github.com/multiversx/mx-chain-core-go/data/block"
 	"github.com/multiversx/mx-chain-go/consensus/mock"
 	proofscache "github.com/multiversx/mx-chain-go/dataRetriever/dataPool/proofsCache"
 	"github.com/multiversx/mx-chain-go/process"
+	"github.com/multiversx/mx-chain-go/testscommon"
 	"github.com/multiversx/mx-chain-go/testscommon/consensus"
 	"github.com/multiversx/mx-chain-go/testscommon/dataRetriever"
 	"github.com/multiversx/mx-chain-go/testscommon/marshallerMock"
+	"github.com/multiversx/mx-chain-go/testscommon/pool"
 	logger "github.com/multiversx/mx-chain-logger-go"
 	"github.com/stretchr/testify/require"
 )
 
 var (
 	expectedErr    = errors.New("expected error")
 	testMarshaller = &marshallerMock.MarshalizerMock{}
+	providedEpoch  = uint32(123)
+	providedNonce  = uint64(345)
+	providedShard  = uint32(0)
+	providedRound  = uint64(123456)
 )
 
 func createMockDataBuff() []byte {
 	proof := &block.HeaderProof{
 		PubKeysBitmap:       []byte("bitmap"),
 		AggregatedSignature: []byte("sig"),
 		HeaderHash:          []byte("hash"),
-		HeaderEpoch:         123,
-		HeaderNonce:         345,
-		HeaderShardId:       0,
+		HeaderEpoch:         providedEpoch,
+		HeaderNonce:         providedNonce,
+		HeaderShardId:       providedShard,
+		HeaderRound:         providedRound,
 	}
 
 	dataBuff, _ := testMarshaller.Marshal(proof)
@@ -44,6 +53,20 @@ func createMockArgInterceptedEquivalentProof() ArgInterceptedEquivalentProof {
 		ShardCoordinator:  &mock.ShardCoordinatorMock{},
 		HeaderSigVerifier: &consensus.HeaderSigVerifierMock{},
 		Proofs:            &dataRetriever.ProofsPoolMock{},
+		Headers: &pool.HeadersPoolStub{
+			GetHeaderByHashCalled: func(hash []byte) (data.HeaderHandler, error) {
+				return &testscommon.HeaderHandlerStub{
+					EpochField: providedEpoch,
+					RoundField: providedRound,
+					GetNonceCalled: func() uint64 {
+						return providedNonce
+					},
+					GetShardIDCalled: func() uint32 {
+						return providedShard
+					},
+				}, nil
+			},
+		},
 	}
 }
 
@@ -105,6 +128,15 @@ func TestNewInterceptedEquivalentProof(t *testing.T) {
 		require.Equal(t, process.ErrNilProofsPool, err)
 		require.Nil(t, iep)
 	})
+	t.Run("nil headers pool should error", func(t *testing.T) {
+		t.Parallel()
+
+		args := createMockArgInterceptedEquivalentProof()
+		args.Headers = nil
+		iep, err := NewInterceptedEquivalentProof(args)
+		require.Equal(t, process.ErrNilHeadersDataPool, err)
+		require.Nil(t, iep)
+	})
 	t.Run("unmarshal error should error", func(t *testing.T) {
 		t.Parallel()
 
@@ -164,6 +196,124 @@ func TestInterceptedEquivalentProof_CheckValidity(t *testing.T) {
 		require.Equal(t, proofscache.ErrAlreadyExistingEquivalentProof, err)
 	})
 
+	t.Run("missing header for proof hash should error", func(t *testing.T) {
+		t.Parallel()
+
+		providedErr := errors.New("missing header")
+		args := createMockArgInterceptedEquivalentProof()
+		args.Headers = &pool.HeadersPoolStub{
+			GetHeaderByHashCalled: func(hash []byte) (data.HeaderHandler, error) {
+				return nil, providedErr
+			},
+		}
+
+		iep, err := NewInterceptedEquivalentProof(args)
+		require.NoError(t, err)
+
+		err = iep.CheckValidity()
+		require.True(t, errors.Is(err, providedErr))
+	})
+
+	t.Run("nonce mismatch should error", func(t *testing.T) {
+		t.Parallel()
+
+		args := createMockArgInterceptedEquivalentProof()
+		args.Headers = &pool.HeadersPoolStub{
+			GetHeaderByHashCalled: func(hash []byte) (data.HeaderHandler, error) {
+				return &testscommon.HeaderHandlerStub{
+					GetNonceCalled: func() uint64 {
+						return providedNonce + 1
+					},
+				}, nil
+			},
+		}
+
+		iep, err := NewInterceptedEquivalentProof(args)
+		require.NoError(t, err)
+
+		err = iep.CheckValidity()
+		require.True(t, errors.Is(err, ErrInvalidProof))
+		require.True(t, strings.Contains(err.Error(), "nonce mismatch"))
+	})
+
+	t.Run("shard id mismatch should error", func(t *testing.T) {
+		t.Parallel()
+
+		args := createMockArgInterceptedEquivalentProof()
+		args.Headers = &pool.HeadersPoolStub{
+			GetHeaderByHashCalled: func(hash []byte) (data.HeaderHandler, error) {
+				return &testscommon.HeaderHandlerStub{
+					GetNonceCalled: func() uint64 {
+						return providedNonce
+					},
+					GetShardIDCalled: func() uint32 {
+						return providedShard + 1
+					},
+				}, nil
+			},
+		}
+
+		iep, err := NewInterceptedEquivalentProof(args)
+		require.NoError(t, err)
+
+		err = iep.CheckValidity()
+		require.True(t, errors.Is(err, ErrInvalidProof))
+		require.True(t, strings.Contains(err.Error(), "shard id mismatch"))
+	})
+
+	t.Run("epoch mismatch should error", func(t *testing.T) {
+		t.Parallel()
+
+		args := createMockArgInterceptedEquivalentProof()
+		args.Headers = &pool.HeadersPoolStub{
+			GetHeaderByHashCalled: func(hash []byte) (data.HeaderHandler, error) {
+				return &testscommon.HeaderHandlerStub{
+					GetNonceCalled: func() uint64 {
+						return providedNonce
+					},
+					GetShardIDCalled: func() uint32 {
+						return providedShard
+					},
+					EpochField: providedEpoch + 1,
+				}, nil
+			},
+		}
+
+		iep, err := NewInterceptedEquivalentProof(args)
+		require.NoError(t, err)
+
+		err = iep.CheckValidity()
+		require.True(t, errors.Is(err, ErrInvalidProof))
+		require.True(t, strings.Contains(err.Error(), "epoch mismatch"))
+	})
+
+	t.Run("round mismatch should error", func(t *testing.T) {
+		t.Parallel()
+
+		args := createMockArgInterceptedEquivalentProof()
+		args.Headers = &pool.HeadersPoolStub{
+			GetHeaderByHashCalled: func(hash []byte) (data.HeaderHandler, error) {
+				return &testscommon.HeaderHandlerStub{
+					GetNonceCalled: func() uint64 {
+						return providedNonce
+					},
+					GetShardIDCalled: func() uint32 {
+						return providedShard
+					},
+					EpochField: providedEpoch,
+					RoundField: providedRound + 1,
+				}, nil
+			},
+		}
+
+		iep, err := NewInterceptedEquivalentProof(args)
+		require.NoError(t, err)
+
+		err = iep.CheckValidity()
+		require.True(t, errors.Is(err, ErrInvalidProof))
+		require.True(t, strings.Contains(err.Error(), "round mismatch"))
+	})
+
 	t.Run("should work", func(t *testing.T) {
 		t.Parallel()
 

process/block/metablock.go

@@ -430,6 +430,18 @@ func (mp *metaProcessor) checkProofsForShardData(header *block.MetaBlock) error
 		if !mp.proofsPool.HasProof(shardData.ShardID, shardData.HeaderHash) {
 			return fmt.Errorf("%w for header hash %s", process.ErrMissingHeaderProof, hex.EncodeToString(shardData.HeaderHash))
 		}
+
+		prevProof := shardData.GetPreviousProof()
+		headersPool := mp.dataPool.Headers()
+		prevHeader, err := headersPool.GetHeaderByHash(prevProof.GetHeaderHash())
+		if err != nil {
+			return err
+		}
+
+		err = mp.verifyProofAgainstHeader(prevProof, prevHeader)
+		if err != nil {
+			return err
+		}
 	}
 
 	return nil

process/factory/interceptorscontainer/baseInterceptorsContainerFactory.go

@@ -913,7 +913,12 @@ func (bicf *baseInterceptorsContainerFactory) generateValidatorInfoInterceptor()
 }
 
 func (bicf *baseInterceptorsContainerFactory) createOneShardEquivalentProofsInterceptor(topic string) (process.Interceptor, error) {
-	equivalentProofsFactory := interceptorFactory.NewInterceptedEquivalentProofsFactory(*bicf.argInterceptorFactory, bicf.dataPool.Proofs())
+	args := interceptorFactory.ArgInterceptedEquivalentProofsFactory{
+		ArgInterceptedDataFactory: *bicf.argInterceptorFactory,
+		ProofsPool:                bicf.dataPool.Proofs(),
+		HeadersPool:               bicf.dataPool.Headers(),
+	}
+	equivalentProofsFactory := interceptorFactory.NewInterceptedEquivalentProofsFactory(args)
 
 	marshaller := bicf.argInterceptorFactory.CoreComponents.InternalMarshalizer()
 	argProcessor := processor.ArgEquivalentProofsInterceptorProcessor{

process/interceptors/factory/interceptedEquivalentProofsFactory.go

@@ -9,20 +9,29 @@ import (
 	"github.com/multiversx/mx-chain-go/sharding"
 )
 
+// ArgInterceptedEquivalentProofsFactory is the DTO used to create a new instance of interceptedEquivalentProofsFactory
+type ArgInterceptedEquivalentProofsFactory struct {
+	ArgInterceptedDataFactory
+	ProofsPool  dataRetriever.ProofsPool
+	HeadersPool dataRetriever.HeadersPool
+}
+
 type interceptedEquivalentProofsFactory struct {
 	marshaller        marshal.Marshalizer
 	shardCoordinator  sharding.Coordinator
 	headerSigVerifier consensus.HeaderSigVerifier
 	proofsPool        dataRetriever.ProofsPool
+	headersPool       dataRetriever.HeadersPool
 }
 
 // NewInterceptedEquivalentProofsFactory creates a new instance of interceptedEquivalentProofsFactory
-func NewInterceptedEquivalentProofsFactory(args ArgInterceptedDataFactory, proofsPool dataRetriever.ProofsPool) *interceptedEquivalentProofsFactory {
+func NewInterceptedEquivalentProofsFactory(args ArgInterceptedEquivalentProofsFactory) *interceptedEquivalentProofsFactory {
 	return &interceptedEquivalentProofsFactory{
 		marshaller:        args.CoreComponents.InternalMarshalizer(),
 		shardCoordinator:  args.ShardCoordinator,
 		headerSigVerifier: args.HeaderSigVerifier,
-		proofsPool:        proofsPool,
+		proofsPool:        args.ProofsPool,
+		headersPool:       args.HeadersPool,
 	}
 }
 
@@ -34,6 +43,7 @@ func (factory *interceptedEquivalentProofsFactory) Create(buff []byte) (process.
 		ShardCoordinator:  factory.shardCoordinator,
 		HeaderSigVerifier: factory.headerSigVerifier,
 		Proofs:            factory.proofsPool,
+		Headers:           factory.headersPool,
 	}
 	return interceptedBlocks.NewInterceptedEquivalentProof(args)
 }