fix the double sign testcase

.github/workflows/nancy.yml

@@ -0,0 +1,37 @@
+name: Go Nancy
+
+on:
+    # Scan changed files in PRs (diff-aware scanning):
+    pull_request: {}
+    # Scan on-demand through GitHub Actions interface:
+    workflow_dispatch: {}
+    # Scan mainline branches and report all findings:
+    push:
+      branches: ["master", "develop"]
+
+jobs:
+  build:
+    strategy:
+        matrix:
+          go-version: [1.21.x]
+          os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Set up Go 1.x in order to write go.list file
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ matrix.go-version }}
+    
+    - name: Go mod tidy
+      run: go mod tidy
+
+    - name: WriteGoList
+      run:  go list -json -deps ./... > go.list
+
+    - name: Nancy
+      uses: sonatype-nexus-community/nancy-github-action@main
+      with:
+        nancyCommand: sleuth --loud

cmd/geth/blsaccountcmd.go

@@ -633,19 +633,24 @@ func blsAccountDelete(ctx *cli.Context) error {
 
 // blsAccountGenerateProof generate ownership proof for a selected BLS account.
 func blsAccountGenerateProof(ctx *cli.Context) error {
-	pubkeyString := ctx.Args().First()
+	addrString := ctx.Args().First()
-	if pubkeyString == "" {
+	if addrString == "" {
-		utils.Fatalf("BLS account must be given as argument.")
+		utils.Fatalf("Operator account must be given as argument.")
 	}
-	pubkeyBz, err := hex.DecodeString(strings.TrimPrefix(pubkeyString, "0x"))
+	addr := common.HexToAddress(addrString)
+
+	blsPubkeyString := ctx.Args().Get(1)
+	if blsPubkeyString == "" {
+		utils.Fatalf("BLS pubkey must be given as argument.")
+	}
+	blsPubkeyBz, err := hex.DecodeString(strings.TrimPrefix(blsPubkeyString, "0x"))
 	if err != nil {
-		utils.Fatalf("Could not decode string %s as hex.", pubkeyString)
+		utils.Fatalf("Could not decode string %s as hex.", blsPubkeyString)
 	}
-	blsPublicKey, err := bls.PublicKeyFromBytes(pubkeyBz)
+	blsPublicKey, err := bls.PublicKeyFromBytes(blsPubkeyBz)
 	if err != nil {
-		utils.Fatalf("%#x is not a valid BLS public key.", pubkeyBz)
+		utils.Fatalf("%#x is not a valid BLS public key.", blsPubkeyBz)
 	}
-	blsPublicKeyBz := blsPublicKey.Marshal()
 
 	cfg := gethConfig{Node: defaultNodeConfig()}
 	// Load config file.
@@ -682,10 +687,10 @@ func blsAccountGenerateProof(ctx *cli.Context) error {
 	chainId := new(big.Int).SetInt64(chainIdInt64)
 	paddedChainIdBytes := make([]byte, 32)
 	copy(paddedChainIdBytes[32-len(chainId.Bytes()):], chainId.Bytes())
-	msgHash := crypto.Keccak256(append(blsPublicKeyBz, paddedChainIdBytes...))
+	msgHash := crypto.Keccak256(append(addr.Bytes(), append(blsPublicKey.Marshal(), paddedChainIdBytes...)...))
 
 	req := &validatorpb.SignRequest{
-		PublicKey:   blsPublicKeyBz,
+		PublicKey:   blsPublicKey.Marshal(),
 		SigningRoot: msgHash,
 	}
 	sig, err := km.Sign(context.Background(), req)

consensus/parlia/parlia.go

@@ -1629,7 +1629,7 @@ func (p *Parlia) getCurrentValidators(blockHash common.Hash, blockNum *big.Int)
 	return valSet, voteAddrMap, nil
 }
 
-// slash spoiled validators
+// distributeIncoming distributes system incoming of the block
 func (p *Parlia) distributeIncoming(val common.Address, state *state.StateDB, header *types.Header, chain core.ChainContext,
 	txs *[]*types.Transaction, receipts *[]*types.Receipt, receivedTxs *[]*types.Transaction, usedGas *uint64, mining bool) error {
 	coinbase := header.Coinbase
@@ -1719,7 +1719,7 @@ func (p *Parlia) distributeToSystem(amount *big.Int, state *state.StateDB, heade
 	return p.applyTransaction(msg, state, header, chain, txs, receipts, receivedTxs, usedGas, mining)
 }
 
-// slash spoiled validators
+// distributeToValidator deposits validator reward to validator contract
 func (p *Parlia) distributeToValidator(amount *big.Int, validator common.Address,
 	state *state.StateDB, header *types.Header, chain core.ChainContext,
 	txs *[]*types.Transaction, receipts *[]*types.Receipt, receivedTxs *[]*types.Transaction, usedGas *uint64, mining bool) error {

core/vm/contracts.go

@@ -233,7 +233,7 @@ var PrecompiledContractsFeynman = map[common.Address]PrecompiledContract{
 	common.BytesToAddress([]byte{2}): &sha256hash{},
 	common.BytesToAddress([]byte{3}): &ripemd160hash{},
 	common.BytesToAddress([]byte{4}): &dataCopy{},
-	common.BytesToAddress([]byte{5}): &bigModExp{},
+	common.BytesToAddress([]byte{5}): &bigModExp{eip2565: true},
 	common.BytesToAddress([]byte{6}): &bn256AddIstanbul{},
 	common.BytesToAddress([]byte{7}): &bn256ScalarMulIstanbul{},
 	common.BytesToAddress([]byte{8}): &bn256PairingIstanbul{},
@@ -242,7 +242,7 @@ var PrecompiledContractsFeynman = map[common.Address]PrecompiledContract{
 	common.BytesToAddress([]byte{100}): &tmHeaderValidate{},
 	common.BytesToAddress([]byte{101}): &iavlMerkleProofValidatePlato{},
 	common.BytesToAddress([]byte{102}): &blsSignatureVerify{},
-	common.BytesToAddress([]byte{103}): &cometBFTLightBlockValidate{},
+	common.BytesToAddress([]byte{103}): &cometBFTLightBlockValidateHertz{},
 	common.BytesToAddress([]byte{104}): &verifyDoubleSignEvidence{},
 	common.BytesToAddress([]byte{105}): &secp256k1SignatureRecover{},
 }

core/vm/contracts_lightclient.go

@@ -408,23 +408,23 @@ func (c *secp256k1SignatureRecover) RequiredGas(input []byte) uint64 {
 }
 
 const (
-	tmPubKeyLength           uint8 = 33
+	secp256k1PubKeyLength           uint8 = 33
-	tmSignatureLength        uint8 = 64
+	secp256k1SignatureLength        uint8 = 64
-	tmSignatureMsgHashLength uint8 = 32
+	secp256k1SignatureMsgHashLength uint8 = 32
 )
 
 // input:
-// | tmPubKey | tmSignature  |  tmSignatureMsgHash  |
+// | PubKey | Signature  |  SignatureMsgHash  |
 // | 33 bytes |  64 bytes    |       32 bytes       |
 func (c *secp256k1SignatureRecover) Run(input []byte) (result []byte, err error) {
-	if len(input) != int(tmPubKeyLength)+int(tmSignatureLength)+int(tmSignatureMsgHashLength) {
+	if len(input) != int(secp256k1PubKeyLength)+int(secp256k1SignatureLength)+int(secp256k1SignatureMsgHashLength) {
 		return nil, fmt.Errorf("invalid input")
 	}
 
 	return c.runTMSecp256k1Signature(
-		input[:tmPubKeyLength],
+		input[:secp256k1PubKeyLength],
-		input[tmPubKeyLength:tmPubKeyLength+tmSignatureLength],
+		input[secp256k1PubKeyLength:secp256k1PubKeyLength+secp256k1SignatureLength],
-		input[tmPubKeyLength+tmSignatureLength:],
+		input[secp256k1PubKeyLength+secp256k1SignatureLength:],
 	)
 }
 

core/vm/contracts_test.go

@@ -411,7 +411,7 @@ func TestDoubleSignSlash(t *testing.T) {
 	tc := precompiledTest{
 		Input:    "f906278202cab9030ff9030ca01062d3d5015b9242bc193a9b0769f3d3780ecb55f97f40a752ae26d0b68cd0d8a0fae1a05fcb14bfd9b8a9f2b65007a9b6c2000de0627a73be644dd993d32342c494976ea74026e726554db657fa54763abd0c3a0aa9a0f385cc58ed297ff0d66eb5580b02853d3478ba418b1819ac659ee05df49b9794a0bf88464af369ed6b8cf02db00f0b9556ffa8d49cd491b00952a7f83431446638a00a6d0870e586a76278fbfdcedf76ef6679af18fc1f9137cfad495f434974ea81b901000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001820cdf830f4240830f4240846555fa64b90111d983010301846765746888676f312e32302e378664617277696e00007abd731ef8ae07b86091cb8836d58f5444b883422a18825d899035d3e6ea39ad1a50069bf0b86da8b5573dde1cb4a0a34f19ce94e0ef78ff7518c80265b8a3ca56e3c60167523590d4e8dcc324900559465fc0fa403774096614e135de280949b58a45cc96f2ba9e17f848820d41a08429d0d8b33ee72a84f750fefea846cbca54e487129c7961c680bb72309ca888820d42a08c9db14d938b19f9e2261bbeca2679945462be2b58103dfff73665d0d150fb8a804ae755e0fe64b59753f4db6308a1f679747bce186aa2c62b95fa6eeff3fbd08f3b0667e45428a54ade15bad19f49641c499b431b36f65803ea71b379e6b61de501a0232c9ba2d41b40d36ed794c306747bcbc49bf61a0f37409c18bfe2b5bef26a2d880000000000000000b9030ff9030ca01062d3d5015b9242bc193a9b0769f3d3780ecb55f97f40a752ae26d0b68cd0d8a0b2789a5357827ed838335283e15c4dcc42b9bebcbf2919a18613246787e2f96094976ea74026e726554db657fa54763abd0c3a0aa9a071ce4c09ee275206013f0063761bc19c93c13990582f918cc57333634c94ce89a00e095703e5c9b149f253fe89697230029e32484a410b4b1f2c61442d73c3095aa0d317ae19ede7c8a2d3ac9ef98735b049bcb7278d12f48c42b924538b60a25e12b901000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001820cdf830f4240830f4240846555fa64b90111d983010301846765746888676f312e32302e378664617277696e00007abd731ef8ae07b86091cb8836d58f5444b883422a18825d899035d3e6ea39ad1a50069bf0b86da8b5573dde1cb4a0a34f19ce94e0ef78ff7518c80265b8a3ca56e3c60167523590d4e8dcc324900559465fc0fa403774096614e135de280949b58a45cc96f2ba9e17f848820d41a08429d0d8b33ee72a84f750fefea846cbca54e487129c7961c680bb72309ca888820d42a08c9db14d938b19f9e2261bbeca2679945462be2b58103dfff73665d0d150fb8a80c0b17bfe88534296ff064cb7156548f6deba2d6310d5044ed6485f087dc6ef232e051c28e1909c2b50a3b4f29345d66681c319bef653e52e5d746480d5a3983b00a0b56228685be711834d0f154292d07826dea42a0fad3e4f56c31470b7fbfbea26880000000000000000",
 		Expected: "15d34aaf54267db7d7c367839aaf71a00a2c6a650000000000000000000000000000000000000000000000000000000000000cdf",
-		Gas:      1000,
+		Gas:      10000,
 		Name:     "",
 	}
 

params/protocol_params.go

@@ -135,16 +135,16 @@ const (
 	IAVLMerkleProofValidateGas    uint64 = 3000 // Gas for validate merkle proof
 	CometBFTLightBlockValidateGas uint64 = 3000 // Gas for validate cometBFT light block
 
-	EcrecoverGas                uint64 = 3000 // Elliptic curve sender recovery gas price
+	EcrecoverGas                uint64 = 3000  // Elliptic curve sender recovery gas price
-	Sha256BaseGas               uint64 = 60   // Base price for a SHA256 operation
+	Sha256BaseGas               uint64 = 60    // Base price for a SHA256 operation
-	Sha256PerWordGas            uint64 = 12   // Per-word price for a SHA256 operation
+	Sha256PerWordGas            uint64 = 12    // Per-word price for a SHA256 operation
-	Ripemd160BaseGas            uint64 = 600  // Base price for a RIPEMD160 operation
+	Ripemd160BaseGas            uint64 = 600   // Base price for a RIPEMD160 operation
-	Ripemd160PerWordGas         uint64 = 120  // Per-word price for a RIPEMD160 operation
+	Ripemd160PerWordGas         uint64 = 120   // Per-word price for a RIPEMD160 operation
-	IdentityBaseGas             uint64 = 15   // Base price for a data copy operation
+	IdentityBaseGas             uint64 = 15    // Base price for a data copy operation
-	IdentityPerWordGas          uint64 = 3    // Per-work price for a data copy operation
+	IdentityPerWordGas          uint64 = 3     // Per-work price for a data copy operation
-	BlsSignatureVerifyBaseGas   uint64 = 1000 // base price for a BLS signature verify operation
+	BlsSignatureVerifyBaseGas   uint64 = 1000  // base price for a BLS signature verify operation
-	BlsSignatureVerifyPerKeyGas uint64 = 3500 // Per-key price for a BLS signature verify operation
+	BlsSignatureVerifyPerKeyGas uint64 = 3500  // Per-key price for a BLS signature verify operation
-	DoubleSignEvidenceVerifyGas uint64 = 1000 // Gas for verify double sign evidence
+	DoubleSignEvidenceVerifyGas uint64 = 10000 // Gas for verify double sign evidence
 
 	Bn256AddGasByzantium             uint64 = 500    // Byzantium gas needed for an elliptic curve addition
 	Bn256AddGasIstanbul              uint64 = 150    // Gas needed for an elliptic curve addition