From 4f405fbfe5b7dd6aac15487df333526b9a1a6e9f Mon Sep 17 00:00:00 2001 From: kbizikav <132550763+kbizikav@users.noreply.github.com> Date: Fri, 24 Oct 2025 13:38:42 +0700 Subject: [PATCH 1/4] fix: add membership verification during add_signature to prevent future panic --- block-builder/src/app/storage/memory_storage.rs | 7 +++++++ block-builder/src/app/storage/redis_storage.rs | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/block-builder/src/app/storage/memory_storage.rs b/block-builder/src/app/storage/memory_storage.rs index df45605f..a887c3e8 100644 --- a/block-builder/src/app/storage/memory_storage.rs +++ b/block-builder/src/app/storage/memory_storage.rs @@ -200,6 +200,13 @@ impl Storage for InMemoryStorage { "memo not found for block_id: {block_id}" )))?; + // verify pubkey membership + if !memo.pubkeys.contains(&signature.pubkey) { + return Err(StorageError::AddSignatureError(format!( + "pubkey not found in memo for block_id: {block_id}" + ))); + } + // verify signature signature .verify(&memo.block_sign_payload, memo.pubkey_hash) diff --git a/block-builder/src/app/storage/redis_storage.rs b/block-builder/src/app/storage/redis_storage.rs index c07eab76..ea41d345 100644 --- a/block-builder/src/app/storage/redis_storage.rs +++ b/block-builder/src/app/storage/redis_storage.rs @@ -470,6 +470,13 @@ impl Storage for RedisStorage { let memo: ProposalMemo = serde_json::from_str(&serialized_memo)?; + // Verify pubkey membership + if !memo.pubkeys.contains(&signature.pubkey) { + return Err(StorageError::AddSignatureError(format!( + "pubkey not found in memo for block_id: {block_id}" + ))); + } + // Verify signature signature .verify(&memo.block_sign_payload, memo.pubkey_hash) From 87c558b95415b3c7fe17f65073e44c47cdc92891 Mon Sep 17 00:00:00 2001 From: kbizikav <132550763+kbizikav@users.noreply.github.com> Date: Fri, 24 Oct 2025 13:43:41 +0700 Subject: [PATCH 2/4] Update block-builder/src/app/storage/memory_storage.rs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- block-builder/src/app/storage/memory_storage.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block-builder/src/app/storage/memory_storage.rs b/block-builder/src/app/storage/memory_storage.rs index a887c3e8..231d32b8 100644 --- a/block-builder/src/app/storage/memory_storage.rs +++ b/block-builder/src/app/storage/memory_storage.rs @@ -200,7 +200,7 @@ impl Storage for InMemoryStorage { "memo not found for block_id: {block_id}" )))?; - // verify pubkey membership + // Verify pubkey membership if !memo.pubkeys.contains(&signature.pubkey) { return Err(StorageError::AddSignatureError(format!( "pubkey not found in memo for block_id: {block_id}" From eed785327a16e70c9ac5eada584371789ec56e3b Mon Sep 17 00:00:00 2001 From: kbizikav <132550763+kbizikav@users.noreply.github.com> Date: Fri, 24 Oct 2025 13:43:52 +0700 Subject: [PATCH 3/4] Update block-builder/src/app/storage/memory_storage.rs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- block-builder/src/app/storage/memory_storage.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block-builder/src/app/storage/memory_storage.rs b/block-builder/src/app/storage/memory_storage.rs index 231d32b8..3064ee96 100644 --- a/block-builder/src/app/storage/memory_storage.rs +++ b/block-builder/src/app/storage/memory_storage.rs @@ -207,7 +207,7 @@ impl Storage for InMemoryStorage { ))); } - // verify signature + // Verify signature signature .verify(&memo.block_sign_payload, memo.pubkey_hash) .map_err(|e| { From 78f2119e6be029a58fc21e1c19bfce4e32988e20 Mon Sep 17 00:00:00 2001 From: kbizikav <132550763+kbizikav@users.noreply.github.com> Date: Fri, 24 Oct 2025 13:47:47 +0700 Subject: [PATCH 4/4] fix: typo for ci --- validity-prover/src/app/observer_rpc.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/validity-prover/src/app/observer_rpc.rs b/validity-prover/src/app/observer_rpc.rs index 289c7e84..af04952c 100644 --- a/validity-prover/src/app/observer_rpc.rs +++ b/validity-prover/src/app/observer_rpc.rs @@ -469,7 +469,7 @@ impl SyncEvent for RPCObserver { } } -// This function is used to generate an error for trigging RPC error for testing purposes. +// This function is used to generate an error for triggering RPC error for testing purposes. pub fn generate_error_for_test() -> Result<(), ObserverError> { let error_timestamps = match std::env::var("ERROR_TIMESTAMPS") { Ok(val) => val,