fix(state-transition): enforce valid eth1 withdrawal credentials (#2231)

Co-authored-by: aBear <[email protected]>
berachain · Dec 10, 2024 · e70bafa · e70bafa
1 parent b00e245
commit e70bafa
Show file tree

Hide file tree

Showing 10 changed files with 258 additions and 72 deletions.
diff --git a/consensus-types/types/deposit.go b/consensus-types/types/deposit.go
@@ -186,6 +186,7 @@ func (d *Deposit) GetTree() (*fastssz.Node, error) {
 /* -------------------------------------------------------------------------- */
 /*                             Getters and Setters                            */
 /* -------------------------------------------------------------------------- */
+
 // Equals returns true if the Deposit is equal to the other.
 func (d *Deposit) Equals(rhs *Deposit) bool {
 	return d.Pubkey == rhs.Pubkey &&
@@ -219,3 +220,9 @@ func (d *Deposit) GetSignature() crypto.BLSSignature {
 func (d *Deposit) GetWithdrawalCredentials() WithdrawalCredentials {
 	return d.Credentials
 }
+
+// HasEth1WithdrawalCredentials returns true if the deposit has eth1 withdrawal
+// credentials.
+func (d *Deposit) HasEth1WithdrawalCredentials() bool {
+	return d.Credentials[0] == EthSecp256k1CredentialPrefix
+}
diff --git a/consensus-types/types/validator.go b/consensus-types/types/validator.go
@@ -251,12 +251,15 @@ func (v Validator) IsEligibleForActivation(finalizedEpoch math.Epoch) bool {
 		v.ActivationEpoch == math.Epoch(constants.FarFutureEpoch)
 }
 
-// IsEligibleForActivationQueue is defined slightly differently from Ethereum 2.0 Spec
+// IsEligibleForActivationQueue is defined slightly differently from Ethereum
+// 2.0 Spec
 // https://github.com/ethereum/consensus-specs/blob/dev/specs/phase0/beacon-chain.md#is_eligible_for_activation_queue
 //
 //nolint:lll
 func (v Validator) IsEligibleForActivationQueue(threshold math.Gwei) bool {
-	return v.ActivationEligibilityEpoch == math.Epoch(constants.FarFutureEpoch) &&
+	return v.ActivationEligibilityEpoch == math.Epoch(
+		constants.FarFutureEpoch,
+	) &&
 		v.EffectiveBalance >= threshold
 }
 
@@ -290,7 +293,9 @@ func (v Validator) IsFullyWithdrawable(
 // https://github.com/ethereum/consensus-specs/blob/dev/specs/capella/beacon-chain.md#is_partially_withdrawable_validator
 //
 //nolint:lll
-func (v Validator) IsPartiallyWithdrawable(balance, maxEffectiveBalance math.Gwei) bool {
+func (v Validator) IsPartiallyWithdrawable(
+	balance, maxEffectiveBalance math.Gwei,
+) bool {
 	hasExcessBalance := balance > maxEffectiveBalance
 	return v.HasEth1WithdrawalCredentials() &&
 		v.HasMaxEffectiveBalance(maxEffectiveBalance) && hasExcessBalance

diff --git a/node-core/components/interfaces.go b/node-core/components/interfaces.go
@@ -393,6 +393,9 @@ type (
 		GetPubkey() crypto.BLSPubkey
 		// GetWithdrawalCredentials returns the withdrawal credentials.
 		GetWithdrawalCredentials() WithdrawalCredentialsT
+		// HasEth1WithdrawalCredentials returns true if the deposit has eth1
+		// withdrawal credentials.
+		HasEth1WithdrawalCredentials() bool
 		// VerifySignature verifies the deposit and creates a validator.
 		VerifySignature(
 			forkData ForkDataT,

diff --git a/state-transition/core/state/statedb.go b/state-transition/core/state/statedb.go
@@ -190,7 +190,7 @@ func (s *StateDB[
 // NOTE: This function is modified from the spec to allow a fixed withdrawal
 // (as the first withdrawal) used for EVM inflation.
 //
-//nolint:lll,funlen // TODO: Simplify when dropping special cases.
+//nolint:lll,funlen,gocognit // TODO: Simplify when dropping special cases.
 func (s *StateDB[
 	_, _, _, _, _, _, ValidatorT, _, WithdrawalT, _,
 ]) ExpectedWithdrawals() ([]WithdrawalT, error) {
@@ -268,16 +268,16 @@ func (s *StateDB[
 			return nil, err
 		}
 
-		withdrawalAddress, err = validator.
-			GetWithdrawalCredentials().ToExecutionAddress()
-		if err != nil {
-			return nil, err
-		}
-
 		// Set the amount of the withdrawal depending on the balance of the
 		// validator.
-		//nolint:gocritic // ok.
+		//nolint:gocritic,nestif // ok.
 		if validator.IsFullyWithdrawable(balance, epoch) {
+			withdrawalAddress, err = validator.
+				GetWithdrawalCredentials().ToExecutionAddress()
+			if err != nil {
+				return nil, err
+			}
+
 			withdrawals = append(withdrawals, withdrawal.New(
 				math.U64(withdrawalIndex),
 				validatorIndex,
@@ -290,6 +290,12 @@ func (s *StateDB[
 		} else if validator.IsPartiallyWithdrawable(
 			balance, math.Gwei(s.cs.MaxEffectiveBalance()),
 		) {
+			withdrawalAddress, err = validator.
+				GetWithdrawalCredentials().ToExecutionAddress()
+			if err != nil {
+				return nil, err
+			}
+
 			withdrawals = append(withdrawals, withdrawal.New(
 				math.U64(withdrawalIndex),
 				validatorIndex,
@@ -302,6 +308,13 @@ func (s *StateDB[
 		} else if s.cs.DepositEth1ChainID() == spec.BartioChainID {
 			// Backward compatibility with Bartio
 			// TODO: Drop this when we drop other Bartio special cases.
+
+			withdrawalAddress, err = validator.
+				GetWithdrawalCredentials().ToExecutionAddress()
+			if err != nil {
+				return nil, err
+			}
+
 			withdrawal = withdrawal.New(
 				math.U64(withdrawalIndex),
 				validatorIndex,

diff --git a/state-transition/core/state_processor_genesis.go b/state-transition/core/state_processor_genesis.go
@@ -157,7 +157,6 @@ func (sp *StateProcessor[
 	return sp.validatorSetsDiffs(nil, activeVals), nil
 }
 
-//nolint:lll // let it be.
 func (sp *StateProcessor[
 	_, _, _, BeaconStateT, _, _, _, _, _, _, _, _, ValidatorT, _, _, _, _,
 ]) processGenesisActivation(
@@ -173,9 +172,14 @@ func (sp *StateProcessor[
 	default:
 		vals, err := st.GetValidators()
 		if err != nil {
-			return fmt.Errorf("genesis activation, failed listing validators: %w", err)
+			return fmt.Errorf(
+				"genesis activation, failed listing validators: %w",
+				err,
+			)
 		}
-		minEffectiveBalance := math.Gwei(sp.cs.EjectionBalance() + sp.cs.EffectiveBalanceIncrement())
+		minEffectiveBalance := math.Gwei(
+			sp.cs.EjectionBalance() + sp.cs.EffectiveBalanceIncrement(),
+		)
 
 		var idx math.ValidatorIndex
 		for _, val := range vals {

diff --git a/state-transition/core/state_processor_genesis_test.go b/state-transition/core/state_processor_genesis_test.go
@@ -49,42 +49,66 @@ func TestInitialize(t *testing.T) {
 			{
 				Pubkey: [48]byte{0x01},
 				Amount: maxBalance,
-				Index:  uint64(0),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x01},
+				),
+				Index: uint64(0),
 			},
 			{
 				Pubkey: [48]byte{0x02},
 				Amount: minBalance + increment,
-				Index:  uint64(1),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x02},
+				),
+				Index: uint64(1),
 			},
 			{
 				Pubkey: [48]byte{0x03},
 				Amount: minBalance,
-				Index:  uint64(2),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x03},
+				),
+				Index: uint64(2),
 			},
 			{
 				Pubkey: [48]byte{0x04},
 				Amount: 2 * maxBalance,
-				Index:  uint64(3),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x04},
+				),
+				Index: uint64(3),
 			},
 			{
 				Pubkey: [48]byte{0x05},
 				Amount: minBalance - increment,
-				Index:  uint64(4),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x05},
+				),
+				Index: uint64(4),
 			},
 			{
 				Pubkey: [48]byte{0x06},
 				Amount: minBalance + increment*3/2,
-				Index:  uint64(5),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x06},
+				),
+				Index: uint64(5),
 			},
 			{
 				Pubkey: [48]byte{0x07},
 				Amount: maxBalance + increment/10,
-				Index:  uint64(6),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x07},
+				),
+				Index: uint64(6),
 			},
 			{
 				Pubkey: [48]byte{0x08},
 				Amount: minBalance + increment*99/100,
-				Index:  uint64(7),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x08},
+				),
+				Index: uint64(7),
 			},
 		}
 		goodDeposits = []*types.Deposit{
@@ -179,42 +203,66 @@ func TestInitializeBartio(t *testing.T) {
 			{
 				Pubkey: [48]byte{0x01},
 				Amount: maxBalance,
-				Index:  uint64(0),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x01},
+				),
+				Index: uint64(0),
 			},
 			{
 				Pubkey: [48]byte{0x02},
 				Amount: minBalance + increment,
-				Index:  uint64(1),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x02},
+				),
+				Index: uint64(1),
 			},
 			{
 				Pubkey: [48]byte{0x03},
 				Amount: minBalance,
-				Index:  uint64(2),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x03},
+				),
+				Index: uint64(2),
 			},
 			{
 				Pubkey: [48]byte{0x04},
 				Amount: 2 * maxBalance,
-				Index:  uint64(3),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x04},
+				),
+				Index: uint64(3),
 			},
 			{
 				Pubkey: [48]byte{0x05},
 				Amount: minBalance - increment,
-				Index:  uint64(4),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x05},
+				),
+				Index: uint64(4),
 			},
 			{
 				Pubkey: [48]byte{0x06},
 				Amount: minBalance + increment*3/2,
-				Index:  uint64(5),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x06},
+				),
+				Index: uint64(5),
 			},
 			{
 				Pubkey: [48]byte{0x07},
 				Amount: maxBalance + increment/10,
-				Index:  uint64(6),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x07},
+				),
+				Index: uint64(6),
 			},
 			{
 				Pubkey: [48]byte{0x08},
 				Amount: minBalance + increment*99/100,
-				Index:  uint64(7),
+				Credentials: types.NewCredentialsFromExecutionAddress(
+					common.ExecutionAddress{0x08},
+				),
+				Index: uint64(7),
 			},
 		}
 		goodDeposits = []*types.Deposit{

diff --git a/state-transition/core/state_processor_staking.go b/state-transition/core/state_processor_staking.go
@@ -157,6 +157,16 @@ func (sp *StateProcessor[
 	// Get the current epoch.
 	epoch := sp.cs.SlotToEpoch(slot)
 
+	// Verify that the deposit has the ETH1 withdrawal credentials.
+	if !dep.HasEth1WithdrawalCredentials() {
+		// Ignore deposits with non-ETH1 withdrawal credentials.
+		sp.logger.Info(
+			"ignoring deposit with non-ETH1 withdrawal credentials",
+			"deposit_index", dep.GetIndex(),
+		)
+		return nil
+	}
+
 	// Verify that the message was signed correctly.
 	var d ForkDataT
 	if err = dep.VerifySignature(
@@ -174,7 +184,6 @@ func (sp *StateProcessor[
 			"deposit_index", dep.GetIndex(),
 			"error", err,
 		)
-
 		return nil
 	}