A chain with single validator could be increased even I set an INCORRECT bls_pub_key.

[yangby-cryptape]

Description

I have made a mistake:

• I used an incorrect bls_pub_key in params.verifier_list to initialize a chain, but the bls_privkey_file is correct.

So, the bls_privkey_file didn't match any keys in metadata.
The chain should be an observer, its height shouldn't be increased.

But, in fact, the chain is running as a normal chain.

The only issue is that no observers are able to connect to this node.

Reproduce

I only changes the file devtools/chain/specs/single_node/chain-spec.toml:

axon/devtools/chain/specs/single_node/chain-spec.toml

Line 80 in 9a0bdbd

bls_pub_key = "0xa26e3fe1cf51bd4822072c61bdc315ac32e3d3c2e2484bb92942666399e863b4bf56cf2926383cc706ffc15dfebc85c6"

with the following patch:

- bls_pub_key = "0xa26e3fe1cf51bd4822072c61bdc315ac32e3d3c2e2484bb92942666399e863b4bf56cf2926383cc706ffc15dfebc85c6"
+ bls_pub_key = "0xac85bbb40347b6e06ac2dc2da1f75eece029cdc0ed2d456c457d27e288bfbfbcd4c5c19716e9b250134a0e76ce50fa22"

And the chain works well in CI.

[Flouse]

@driftluo can you confirm that if this is a bug?

[driftluo]

I personally think the problem lies here. If the proposal is made by oneself, proof verification is not performed：
@KaoImin

axon/core/consensus/src/engine.rs

Lines 207 to 215 in 527ccdf

	// If the block is proposed by self, it does not need to check. Get full signed
	// transactions directly.
	if !exemption {
	if let Err(e) = self.inner_check_block(ctx.clone(), &proposal).await {
	let mut reason = self.last_check_block_fail_reason.write();
	*reason = e.to_string();
	return Err(e.into());
	}
	}

axon/core/consensus/src/engine.rs

Lines 570 to 580 in 527ccdf

	previous_block.header.timestamp,
	) {
	return Err(ProtocolError::from(ConsensusError::InvalidTimestamp));
	}
	self.adapter
	.verify_proof(
	ctx.clone(),
	previous_block.clone(),
	proposal.proof.clone(),
	)

[KaoImin]

I personally think the problem lies here. If the proposal is made by oneself, proof verification is not performed： @KaoImin

axon/core/consensus/src/engine.rs

Lines 207 to 215 in 527ccdf

	// If the block is proposed by self, it does not need to check. Get full signed
	// transactions directly.
	if !exemption {
	if let Err(e) = self.inner_check_block(ctx.clone(), &proposal).await {
	let mut reason = self.last_check_block_fail_reason.write();
	*reason = e.to_string();
	return Err(e.into());
	}
	}

axon/core/consensus/src/engine.rs

Lines 570 to 580 in 527ccdf

	previous_block.header.timestamp,
	) {
	return Err(ProtocolError::from(ConsensusError::InvalidTimestamp));
	}
	self.adapter
	.verify_proof(
	ctx.clone(),
	previous_block.clone(),
	proposal.proof.clone(),
	)

I suggest check the bls key is correct when init.

[Flouse]

For the single Axon node mode

@driftluo has explained: If the proposal is made by oneself, proof verification is not performed.

This mode could be ignored because in a paractical chain, the single node mode won't be used.
Just be sure to setup a right key in this mode. I think a better key-generator tool will help.

• refactor(cli): update keypair generate command #1621

For the multi Axon nodes mode

If one of the bls_pub_keys in chain-spec.toml is wrong, then verify_proof function will failed, and the error message [consensus] verify_proof_signature error will be displayed.

[Flouse]

@KaoImin suggested that checking the bls key is correct when init.

But during the init step, the program doesn't know if the bls_privkey_file in config.toml is associated with a validator, so it can't just check if the bls_pub_key is the configured bls_privkey's pub key.