From 861c8425c74bf2b9035befc65099d0794ba44021 Mon Sep 17 00:00:00 2001
From: Stefan <30928612+stedfn@users.noreply.github.com>
Date: Thu, 12 Dec 2024 20:55:11 +0100
Subject: [PATCH] refactor: remove header signature verification from epoch
 manager (#12467)

---
 chain/chain/src/chain.rs                  | 10 +++++++---
 chain/chain/src/signature_verification.rs | 10 ++++++++++
 chain/chain/src/test_utils/kv_runtime.rs  |  6 ------
 chain/chain/src/validate.rs               |  7 +++++--
 chain/epoch-manager/src/adapter.rs        | 23 -----------------------
 5 files changed, 22 insertions(+), 34 deletions(-)

diff --git a/chain/chain/src/chain.rs b/chain/chain/src/chain.rs
index 5720bd3ccfc..34561ba84c3 100644
--- a/chain/chain/src/chain.rs
+++ b/chain/chain/src/chain.rs
@@ -15,7 +15,8 @@ use crate::resharding::manager::ReshardingManager;
 use crate::resharding::types::ReshardingSender;
 use crate::sharding::shuffle_receipt_proofs;
 use crate::signature_verification::{
-    verify_block_vrf, verify_chunk_header_signature_with_epoch_manager,
+    verify_block_header_signature_with_epoch_manager, verify_block_vrf,
+    verify_chunk_header_signature_with_epoch_manager,
 };
 use crate::state_request_tracker::StateRequestTracker;
 use crate::state_snapshot_actor::SnapshotCallbacks;
@@ -956,7 +957,7 @@ impl Chain {
         }
 
         // Check the signature.
-        if !self.epoch_manager.verify_header_signature(header)? {
+        if !verify_block_header_signature_with_epoch_manager(self.epoch_manager.as_ref(), header)? {
             return Err(Error::InvalidSignature);
         }
 
@@ -1180,7 +1181,10 @@ impl Chain {
 
         // Verify the signature. Since the signature is signed on the hash of block header, this check
         // makes sure the block header content is not tampered
-        if !self.epoch_manager.verify_header_signature(block.header())? {
+        if !verify_block_header_signature_with_epoch_manager(
+            self.epoch_manager.as_ref(),
+            block.header(),
+        )? {
             tracing::error!("wrong signature");
             return Ok(VerifyBlockHashAndSignatureResult::Incorrect);
         }
diff --git a/chain/chain/src/signature_verification.rs b/chain/chain/src/signature_verification.rs
index d7329d82ba6..809365724e4 100644
--- a/chain/chain/src/signature_verification.rs
+++ b/chain/chain/src/signature_verification.rs
@@ -2,6 +2,7 @@ use near_chain_primitives::Error;
 use near_crypto::Signature;
 use near_epoch_manager::EpochManagerAdapter;
 use near_primitives::{
+    block::BlockHeader,
     hash::CryptoHash,
     sharding::{ChunkHash, ShardChunkHeader},
     stateless_validation::ChunkProductionKey,
@@ -68,3 +69,12 @@ pub fn verify_chunk_header_signature_with_epoch_manager_and_parts(
     }
     Ok(signature.verify(chunk_hash.as_ref(), chunk_producer.public_key()))
 }
+
+pub fn verify_block_header_signature_with_epoch_manager(
+    epoch_manager: &dyn EpochManagerAdapter,
+    header: &BlockHeader,
+) -> Result<bool, Error> {
+    let block_producer =
+        epoch_manager.get_block_producer_info(header.epoch_id(), header.height())?;
+    Ok(header.signature().verify(header.hash().as_ref(), block_producer.public_key()))
+}
diff --git a/chain/chain/src/test_utils/kv_runtime.rs b/chain/chain/src/test_utils/kv_runtime.rs
index 0563979619f..6eabcd089fa 100644
--- a/chain/chain/src/test_utils/kv_runtime.rs
+++ b/chain/chain/src/test_utils/kv_runtime.rs
@@ -899,12 +899,6 @@ impl EpochManagerAdapter for MockEpochManager {
         Ok(true)
     }
 
-    fn verify_header_signature(&self, header: &BlockHeader) -> Result<bool, Error> {
-        let validator = self.get_block_producer(&header.epoch_id(), header.height())?;
-        let validator_stake = &self.validators[&validator];
-        Ok(header.verify_block_producer(validator_stake.public_key()))
-    }
-
     fn verify_chunk_endorsement_signature(
         &self,
         _endorsement: &ChunkEndorsement,
diff --git a/chain/chain/src/validate.rs b/chain/chain/src/validate.rs
index ee54b4aaffb..a499c690f6b 100644
--- a/chain/chain/src/validate.rs
+++ b/chain/chain/src/validate.rs
@@ -18,7 +18,10 @@ use near_primitives::transaction::SignedTransaction;
 use near_primitives::types::chunk_extra::ChunkExtra;
 use near_primitives::types::{AccountId, BlockHeight, EpochId, Nonce};
 
-use crate::signature_verification::verify_chunk_header_signature_with_epoch_manager;
+use crate::signature_verification::{
+    verify_block_header_signature_with_epoch_manager,
+    verify_chunk_header_signature_with_epoch_manager,
+};
 use crate::types::RuntimeAdapter;
 use crate::{byzantine_assert, Chain};
 use crate::{ChainStore, Error};
@@ -284,7 +287,7 @@ fn validate_header_authorship(
     epoch_manager: &dyn EpochManagerAdapter,
     block_header: &BlockHeader,
 ) -> Result<(), Error> {
-    if epoch_manager.verify_header_signature(block_header)? {
+    if verify_block_header_signature_with_epoch_manager(epoch_manager, block_header)? {
         Ok(())
     } else {
         Err(Error::InvalidChallenge)
diff --git a/chain/epoch-manager/src/adapter.rs b/chain/epoch-manager/src/adapter.rs
index 8ff2900e5c2..abe00da9b7e 100644
--- a/chain/epoch-manager/src/adapter.rs
+++ b/chain/epoch-manager/src/adapter.rs
@@ -2,7 +2,6 @@ use crate::EpochManagerHandle;
 use near_chain_primitives::Error;
 use near_crypto::Signature;
 use near_primitives::block::Tip;
-use near_primitives::block_header::BlockHeader;
 use near_primitives::epoch_block_info::BlockInfo;
 use near_primitives::epoch_info::EpochInfo;
 use near_primitives::epoch_manager::{EpochConfig, ShardConfig};
@@ -360,9 +359,6 @@ pub trait EpochManagerAdapter: Send + Sync {
         signature: &Signature,
     ) -> Result<bool, Error>;
 
-    /// Verify header signature.
-    fn verify_header_signature(&self, header: &BlockHeader) -> Result<bool, Error>;
-
     fn verify_chunk_endorsement_signature(
         &self,
         endorsement: &ChunkEndorsement,
@@ -910,25 +906,6 @@ impl EpochManagerAdapter for EpochManagerHandle {
         }
     }
 
-    /// Returns true if the header signature is signed by the assigned block producer and the block
-    /// producer is not slashed
-    /// This function requires that the previous block of `header` has been processed.
-    /// If not, it returns EpochError::MissingBlock.
-    fn verify_header_signature(&self, header: &BlockHeader) -> Result<bool, Error> {
-        let epoch_manager = self.read();
-        let block_producer =
-            epoch_manager.get_block_producer_info(header.epoch_id(), header.height())?;
-        match epoch_manager.get_block_info(header.prev_hash()) {
-            Ok(block_info) => {
-                if block_info.slashed().contains_key(block_producer.account_id()) {
-                    return Ok(false);
-                }
-                Ok(header.signature().verify(header.hash().as_ref(), block_producer.public_key()))
-            }
-            Err(_) => return Err(EpochError::MissingBlock(*header.prev_hash()).into()),
-        }
-    }
-
     fn verify_chunk_endorsement_signature(
         &self,
         endorsement: &ChunkEndorsement,