lite: clarify behaviour in DynamicVerifier

[ebuchman]

The DynamicVerifier verifies a SignedHeader by first updating to a FullCommit for SignedHeader.Height - 1. Then it should have FullCommit.NextValidatorSet.Hash() == SignedHeader.ValidatorsHash and can verify the signatures.

It verifies this using a BaseVerifier once it has all the data.

Then, to update to a FullCommit for height SignedHeader.Height, it needs the validator set for SignedHeader.Height + 1.

The current behaviour is as follow:

• if it can't get this validator set, return no error
• if it can get this validator set, check that it matches the SignedHeader.NextValidatorsHash, and if not, return an error
• if it can get this val set, it matches, and it verifies, then save the new full commit and return no error

First, why do we ignore the error if we can't get the validator set? If it's because Tendermint doesn't expose the next validator set for the latest block over /validators, then maybe we can fix that.

Second, it seems we're doing a full verification of the commit twice: once with the BaseVerifier, and once with the FullCommit:

tendermint/lite/dynamic_verifier.go

Lines 139 to 141 in 0726329

	// Verify the signed header using the matching valset.
	cert := NewBaseVerifier(ic.chainID, trustedFC.Height()+1, trustedFC.NextValidators)
	err = cert.Verify(shdr)

and

tendermint/lite/dynamic_verifier.go

Lines 155 to 163 in 0726329

	// Create filled FullCommit.
	nfc := FullCommit{
	SignedHeader: shdr,
	Validators: trustedFC.NextValidators,
	NextValidators: nextValset,
	}
	// Validate the full commit. This checks the cryptographic
	// signatures of Commit against Validators.
	if err := nfc.ValidateFull(ic.chainID); err != nil {

It seems the latter verification is mostly redundant. The only part that's needed from it is checking the NextValidatorSet matches up.

We should investigate and clean this up if it's indeed true.

Related: #3173

[liamsi]

I can confirm that nfc.ValidateFull does mostly redundant work:

Even BaseVerifier.Verify by itself does a few things twice: SignedHeader.ValidateBasic calls sh.Commit.ValidateBasic() which again is called inside of bv.valset.VerifyCommit (with the same commit).

Additional redundant checks repeated in FullCommit.ValidateFull:

• SignedHeader.ValidateBasic is called again (on the same signed header)
• ValidatorSet.VerifyCommit is called again (on the same validator set)
  • note that both call Commit.ValidateBasic again (4 times in total)
• signedHeader.ValidatorsHash == ValidatorSet.Hash() is checked again

As explained in the original comment there are some checks that are done in FullCommit.ValidateFull which are not done before though. Namely checking that the retrieved next validator set (via dv.source.ValidatorSet(dv.chainID, shdr.Height+1)) matches the NextValidatorsHash in the signed header:

tendermint/lite/commit.go

Lines 49 to 60 in e0f8936

	// Ensure that NextValidators exists and matches the header.
	if fc.NextValidators.Size() == 0 {
	return errors.New("need FullCommit.NextValidators")
	}
	if !bytes.Equal(
	fc.SignedHeader.NextValidatorsHash,
	fc.NextValidators.Hash()) {
	return fmt.Errorf("header has next vhash %X but next valset hash is %X",
	fc.SignedHeader.NextValidatorsHash,
	fc.NextValidators.Hash(),
	)
	}

I'm not sure why the error is ignored though. Can it happen that the source provider does not yet know of the validator set for height shdr.Height+1 even if it the signed header contains a NextValidatorsHash?

[melekes]

Closing for #3989.