snarkvm_ledger/check_next_block.rs
1// Copyright (c) 2019-2026 Provable Inc.
2// This file is part of the snarkVM library.
3
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at:
7
8// http://www.apache.org/licenses/LICENSE-2.0
9
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15
16use super::*;
17
18use crate::{narwhal::BatchHeader, puzzle::SolutionID};
19
20use anyhow::{Context, bail};
21
22/// Wrapper for a block that has a valid subDAG, but where the block header,
23/// solutions, and transmissions have not been verified yet.
24///
25/// This type is created by `Ledger::check_block_subdag` and consumed by `Ledger::check_block_content`.
26#[derive(Clone, PartialEq, Eq)]
27pub struct PendingBlock<N: Network>(Block<N>);
28
29impl<N: Network> Deref for PendingBlock<N> {
30 type Target = Block<N>;
31
32 fn deref(&self) -> &Block<N> {
33 &self.0
34 }
35}
36
37impl<N: Network> Debug for PendingBlock<N> {
38 fn fmt(&self, f: &mut Formatter) -> fmt::Result {
39 write!(f, "PendingBlock {{ height: {}, hash: {} }}", self.height(), self.hash())
40 }
41}
42
43/// Error returned by [`Self::check_block_subdag`] and [`Self::check_block_subdag_inner`].
44///
45/// This allows parsing for begning errors, such as the block already existing in the ledger.
46#[derive(thiserror::Error, Debug)]
47pub enum CheckBlockError<N: Network> {
48 #[error("Block with hash {hash} already exists in the ledger")]
49 BlockAlreadyExists { hash: N::BlockHash },
50 #[error("Block has invalid height. Expected {expected}, but got {actual}")]
51 InvalidHeight { expected: u32, actual: u32 },
52 #[error("Block has invalid round. Was {new}, but must be greater than previous round ({previous})")]
53 InvalidRound { new: u64, previous: u64 },
54 #[error("Block has invalid hash")]
55 InvalidHash,
56 /// An error related to the given prefix of pending blocks.
57 #[error("The prefix as an error at index {index} - {error:?}")]
58 InvalidPrefix { index: usize, error: Box<CheckBlockError<N>> },
59 #[error("The block contains solution '{solution_id}', but it already exists in the ledger")]
60 SolutionAlreadyExists { solution_id: SolutionID<N> },
61 #[error("Failed to speculate over unconfirmed transactions - {inner}")]
62 SpeculationFailed { inner: anyhow::Error },
63 #[error("Failed to verify block - {inner}")]
64 VerificationFailed { inner: anyhow::Error },
65 #[error("Prover '{prover_address}' has reached their solution limit for the current epoch")]
66 SolutionLimitReached { prover_address: Address<N> },
67 #[error("The previous block should contain solution '{solution_id}', but it does not exist in the ledger")]
68 PreviousSolutionNotFound { solution_id: SolutionID<N> },
69 #[error("The previous block should contain solution '{transaction_id}', but it does not exist in the ledger")]
70 PreviousTransactionNotFound { transaction_id: N::TransactionID },
71 #[error(transparent)]
72 Other(#[from] anyhow::Error),
73}
74
75impl<N: Network> CheckBlockError<N> {
76 pub fn into_anyhow(self) -> anyhow::Error {
77 match self {
78 Self::Other(err) => err,
79 _ => anyhow::anyhow!("{self:?}"),
80 }
81 }
82}
83
84impl<N: Network, C: ConsensusStorage<N>> Ledger<N, C> {
85 /// Checks that the subDAG in a given block is valid, but does not fully verify the block.
86 ///
87 /// # Arguments
88 /// * `block` - The block to check.
89 /// * `prefix` - A sequence of blocks between the block to check and the current height of the ledger.
90 ///
91 /// # Returns
92 /// * On success, a [`PendingBlock`] representing the block that was checked. Once the prefix of this block has been fully added to the ledger,
93 /// the [`PendingBlock`] can then be passed to [`Self::check_block_content`] to fully verify it.
94 /// * On failure, a [`CheckBlockError`] describing the reason the block was rejected.
95 ///
96 /// # Notes
97 /// * This does *not* check that the header of the block is correct or execute/verify any of the transmissions contained within it.
98 /// * In most cases, you want to use [`Self::check_next_block`] instead to perform a full verification.
99 /// * This will reject any blocks with a height <= the current height and any blocks with a height >= the current height + GC.
100 /// For the former, a valid block already exists and,for the latter, the comittee is still unknown.
101 /// * This function executes atomically, in that there is guaranteed to be no concurrent updates to the ledger during its execution.
102 /// However there are no ordering guarantees *between* multiple invocations of this function, [`Self::check_block_content`] and [`Self::advance_to_next_block`].
103 pub fn check_block_subdag(
104 &self,
105 block: Block<N>,
106 prefix: &[PendingBlock<N>],
107 ) -> Result<PendingBlock<N>, CheckBlockError<N>> {
108 self.check_block_subdag_inner(&block, prefix)?;
109 Ok(PendingBlock(block))
110 }
111
112 fn check_block_subdag_inner(&self, block: &Block<N>, prefix: &[PendingBlock<N>]) -> Result<(), CheckBlockError<N>> {
113 // Grab a lock to the latest_block in the ledger, to prevent concurrent writes to the ledger,
114 // and to ensure that this check is atomic.
115 //
116 // Note: The latest block in the ledger is not necessarily the direct predecessor of `block`.
117 // If `prefix` is non-empty the direct predecessor is the last entry in the prefix.
118 let latest_block = self.current_block.read();
119
120 // First check that the heights and hashes of the pending block sequence and of the new block are correct.
121 // The hash checks should be redundant, but we perform them out of extra caution.
122 let mut expected_height = latest_block.height() + 1;
123 for (index, prefix_block) in prefix.iter().enumerate() {
124 if prefix_block.height() != expected_height {
125 return Err(CheckBlockError::InvalidPrefix {
126 index,
127 error: Box::new(CheckBlockError::InvalidHeight {
128 expected: expected_height,
129 actual: prefix_block.height(),
130 }),
131 });
132 }
133
134 if self.contains_block_hash(&prefix_block.hash())? {
135 return Err(CheckBlockError::InvalidPrefix {
136 index,
137 error: Box::new(CheckBlockError::BlockAlreadyExists { hash: prefix_block.hash() }),
138 });
139 }
140
141 expected_height += 1;
142 }
143
144 if self.contains_block_hash(&block.hash())? {
145 return Err(CheckBlockError::BlockAlreadyExists { hash: block.hash() });
146 }
147
148 if block.height() != expected_height {
149 return Err(CheckBlockError::InvalidHeight { expected: expected_height, actual: block.height() });
150 }
151
152 // Ensure the certificates in the block subdag have met quorum requirements.
153 self.check_block_subdag_quorum(block)?;
154
155 // Check subDAG atomicity against the latest block in the prefix.
156 // Only if the prefix is empty, check against the latest block in the ledger.
157 let predecessor = prefix.last().map_or(&*latest_block, |b| &**b);
158 self.check_block_subdag_atomicity(block, predecessor)?;
159
160 // Ensure that all leaves of the subdag point to valid batches in other subdags/blocks.
161 self.check_block_subdag_leaves(block, prefix)?;
162
163 Ok(())
164 }
165
166 /// Checks the given block is a valid next block with regard to the current state/height of the Ledger.
167 ///
168 /// # Panics
169 /// This function panics if called from an async context.
170 pub fn check_next_block<R: CryptoRng + Rng>(&self, block: &Block<N>, rng: &mut R) -> Result<()> {
171 self.check_block_subdag_inner(block, &[]).map_err(|err| err.into_anyhow())?;
172 self.check_block_content_inner(block, rng).map_err(|err| err.into_anyhow())?;
173
174 Ok(())
175 }
176
177 /// Takes a pending block and performs the remaining checks to full verify it.
178 ///
179 /// # Arguments
180 /// This takes a [`PendingBlock`] as input, which is the output of a successful call to [`Self::check_block_subdag`].
181 /// The latter already verified the block's DAG and certificate signatures.
182 ///
183 /// # Return Value
184 /// This returns a [`Block`] on success representing the fully verified block.
185 ///
186 /// # Notes
187 /// - This check can only succeed for pending blocks that are a direct successor of the latest block in the ledger.
188 /// - Execution of this function is atomic, and there is guaranteed to be no concurrent update to the ledger during its execution.
189 /// - Even though this function may return `Ok(block)`, advancing the ledger to this block may still fail, if there was an update to the ledger
190 /// *between* calling `check_block_content` and `advance_to_next_block`.
191 /// If your implementation requires atomicity across these two steps, you need to implement your own locking mechanism.
192 ///
193 /// # Panics
194 /// This function panics if called from an async context.
195 pub fn check_block_content<R: CryptoRng + Rng>(
196 &self,
197 block: PendingBlock<N>,
198 rng: &mut R,
199 ) -> Result<Block<N>, CheckBlockError<N>> {
200 self.check_block_content_inner(&block.0, rng)?;
201 Ok(block.0)
202 }
203
204 /// # Panics
205 /// This function panics if called from an async context.
206 fn check_block_content_inner<R: CryptoRng + Rng>(
207 &self,
208 block: &Block<N>,
209 rng: &mut R,
210 ) -> Result<(), CheckBlockError<N>> {
211 let latest_block = self.current_block.read();
212 let latest_block_timestamp = latest_block.timestamp();
213
214 // Ensure, again, that the ledger has not advanced yet. This prevents cryptic errors form appearing during the block check.
215 if block.height() != latest_block.height() + 1 {
216 return Err(CheckBlockError::InvalidHeight { expected: latest_block.height() + 1, actual: block.height() });
217 }
218
219 // Also ensure the round is valid, otherwise speculation on transactions will fail with a cryptic error.
220 if block.round() <= latest_block.round() {
221 return Err(CheckBlockError::InvalidRound { new: block.round(), previous: latest_block.round() });
222 }
223
224 // Ensure the solutions do not already exist.
225 for solution_id in block.solutions().solution_ids() {
226 if self.contains_solution_id(solution_id)? {
227 return Err(CheckBlockError::SolutionAlreadyExists { solution_id: *solution_id });
228 }
229 }
230
231 // Determine if the block timestamp should be included.
232 let block_timestamp = (block.height() >= N::CONSENSUS_HEIGHT(ConsensusVersion::V12).unwrap_or_default())
233 .then_some(block.timestamp());
234 // Construct the finalize state.
235 let state = FinalizeGlobalState::new::<N>(
236 block.round(),
237 block.height(),
238 block_timestamp,
239 block.cumulative_weight(),
240 block.cumulative_proof_target(),
241 block.previous_hash(),
242 )?;
243
244 // Ensure speculation over the unconfirmed transactions is correct and ensure each transaction is well-formed and unique.
245 let time_since_last_block = block.timestamp().saturating_sub(latest_block_timestamp);
246 let ratified_finalize_operations = self.vm.check_speculate(
247 state,
248 time_since_last_block,
249 block.ratifications(),
250 block.solutions(),
251 block.transactions(),
252 rng,
253 )?;
254
255 // Retrieve the committee lookback.
256 let committee_lookback = self
257 .get_committee_lookback_for_round(block.round())?
258 .ok_or(anyhow!("Failed to fetch committee lookback for round {}", block.round()))?;
259
260 // Retrieve the previous committee lookback.
261 let previous_committee_lookback = {
262 // Calculate the penultimate round, which is the round before the anchor round.
263 let penultimate_round = block.round().saturating_sub(1);
264 // Output the committee lookback for the penultimate round.
265 self.get_committee_lookback_for_round(penultimate_round)?
266 .ok_or(anyhow!("Failed to fetch committee lookback for round {penultimate_round}"))?
267 };
268
269 // Get the latest epoch hash.
270 let latest_epoch_hash = match self.current_epoch_hash.read().as_ref() {
271 Some(epoch_hash) => *epoch_hash,
272 None => self.get_epoch_hash(latest_block.height())?,
273 };
274
275 // Ensure the block is correct.
276 let (expected_existing_solution_ids, expected_existing_transaction_ids) = block
277 .verify(
278 &latest_block,
279 self.latest_state_root(),
280 &previous_committee_lookback,
281 &committee_lookback,
282 self.puzzle(),
283 latest_epoch_hash,
284 OffsetDateTime::now_utc().unix_timestamp(),
285 ratified_finalize_operations,
286 )
287 .map_err(|err| CheckBlockError::VerificationFailed { inner: err })?;
288
289 // Ensure that the provers are within their stake bounds.
290 if let Some(solutions) = block.solutions().deref() {
291 let mut accepted_solutions: IndexMap<Address<N>, u64> = IndexMap::new();
292 for solution in solutions.values() {
293 let prover_address = solution.address();
294 let num_accepted_solutions = *accepted_solutions.get(&prover_address).unwrap_or(&0);
295 // Check if the prover has reached their solution limit.
296 if self.is_solution_limit_reached_at_timestamp(
297 &prover_address,
298 num_accepted_solutions,
299 latest_block_timestamp,
300 ) {
301 return Err(CheckBlockError::SolutionLimitReached { prover_address });
302 }
303 // Track the already accepted solutions.
304 *accepted_solutions.entry(prover_address).or_insert(0) += 1;
305 }
306 }
307
308 // Ensure that each existing solution ID from the block exists in the ledger.
309 for existing_solution_id in expected_existing_solution_ids {
310 if !self.contains_solution_id(&existing_solution_id)? {
311 return Err(CheckBlockError::PreviousSolutionNotFound { solution_id: existing_solution_id });
312 }
313 }
314
315 // Ensure that each existing transaction ID from the block exists in the ledger.
316 for existing_transaction_id in expected_existing_transaction_ids {
317 if !self.contains_transaction_id(&existing_transaction_id)? {
318 return Err(CheckBlockError::PreviousTransactionNotFound { transaction_id: existing_transaction_id });
319 }
320 }
321
322 Ok(())
323 }
324
325 /// Check that leaves in the subdag point to batches in other blocks that are valid.
326 ///
327 //
328 /// # Arguments
329 /// * `block` - The block to check.
330 /// * `prefix` - A sequence of [`PendingBlock`]s between the block to check and the current height of the ledger.
331 ///
332 /// # Notes
333 /// This only checks that leaves point to valid batch in the previous round, and *not* hat the batches are signed correctly
334 /// or that the edges are valid, as those checks already happened when the node received the batch.
335 fn check_block_subdag_leaves(&self, block: &Block<N>, prefix: &[PendingBlock<N>]) -> Result<()> {
336 // Check if the block has a subdag.
337 let Authority::Quorum(subdag) = block.authority() else {
338 return Ok(());
339 };
340
341 let previous_certs: HashSet<_> = prefix
342 .iter()
343 .filter_map(|block| match block.authority() {
344 Authority::Quorum(subdag) => Some(subdag.certificate_ids()),
345 Authority::Beacon(_) => None,
346 })
347 .flatten()
348 .collect();
349
350 // Store the IDs of all certificates in this subDAG.
351 // This allows determining which edges point to other subDAGs/blocks.
352 let subdag_certs: HashSet<_> = subdag.certificate_ids().collect();
353
354 // Generate a set of all external certificates this subDAG references.
355 // If multiple certificates reference the same external certificate, the id and round number will be
356 // identical and the set will contain only one entry for the external certificate.
357 let leaf_edges: HashSet<_> = subdag
358 .certificates()
359 .flat_map(|cert| cert.previous_certificate_ids().iter().map(|prev_id| (cert.round() - 1, prev_id)))
360 .filter(|(_, prev_id)| !subdag_certs.contains(prev_id))
361 .collect();
362
363 cfg_iter!(leaf_edges).try_for_each(|(prev_round, prev_id)| {
364 if prev_round + (BatchHeader::<N>::MAX_GC_ROUNDS as u64) - 1 <= block.round() {
365 // If the previous round is at the end of GC, we cannot (and do not need to) verify the next batch.
366 // For this leaf we are at the maximum length of the DAG, so any following batches are not allowed
367 // to be part of the block and, thus, a malicious actor cannot remove them.
368 return Ok::<(), Error>(());
369 }
370
371 // Ensure that the certificate is associated with a previous block.
372 if !previous_certs.contains(prev_id) && !self.vm.block_store().contains_block_for_certificate(prev_id)? {
373 bail!(
374 "Batch(es) in the block point(s) to a certificate {prev_id} in round {prev_round} that is not associated with a previous block"
375 )
376 }
377
378 Ok(())
379 })
380 }
381
382 /// Check that the certificates in the block subdag have met quorum requirements.
383 ///
384 /// Called by [`Self::check_block_subdag`]
385 fn check_block_subdag_quorum(&self, block: &Block<N>) -> Result<()> {
386 // Check if the block has a subdag.
387 let subdag = match block.authority() {
388 Authority::Quorum(subdag) => subdag,
389 _ => return Ok(()),
390 };
391
392 // Check that all certificates on each round have met quorum requirements.
393 cfg_iter!(subdag).try_for_each(|(round, certificates)| {
394 // Retrieve the committee lookback for the round.
395 let committee_lookback = self
396 .get_committee_lookback_for_round(*round)
397 .with_context(|| format!("Failed to get committee lookback for round {round}"))?
398 .ok_or_else(|| anyhow!("No committee lookback for round {round}"))?;
399
400 // Check that each certificate for this round has met quorum requirements.
401 // Note that we do not need to check the quorum requirement for the previous certificates
402 // because that is done during construction in `BatchCertificate::new`.
403 cfg_iter!(certificates).try_for_each(|certificate| {
404 // Collect the certificate signers.
405 let mut signers: HashSet<_> =
406 certificate.signatures().map(|signature| signature.to_address()).collect();
407 // Append the certificate author.
408 signers.insert(certificate.author());
409
410 // Ensure that the signers of the certificate reach the quorum threshold.
411 ensure!(
412 committee_lookback.is_quorum_threshold_reached(&signers),
413 "Certificate '{}' for round {round} does not meet quorum requirements",
414 certificate.id()
415 );
416
417 Ok::<_, Error>(())
418 })?;
419
420 Ok::<_, Error>(())
421 })?;
422
423 Ok(())
424 }
425
426 /// Checks that the block subdag can not be split into multiple valid subdags.
427 ///
428 /// Called by [`Self::check_block_subdag`]
429 fn check_block_subdag_atomicity(&self, block: &Block<N>, latest_block: &Block<N>) -> Result<()> {
430 let latest_round = latest_block.round();
431
432 // Returns `true` if there is a path from the previous certificate to the current certificate.
433 fn is_linked<N: Network>(
434 subdag: &Subdag<N>,
435 previous_certificate: &BatchCertificate<N>,
436 current_certificate: &BatchCertificate<N>,
437 ) -> Result<bool> {
438 // Initialize the list containing the traversal.
439 let mut traversal = vec![current_certificate];
440 // Iterate over the rounds from the current certificate to the previous certificate.
441 for round in (previous_certificate.round()..current_certificate.round()).rev() {
442 // Retrieve all of the certificates for this past round.
443 let certificates = subdag.get(&round).ok_or(anyhow!("No certificates found for round {round}"))?;
444 // Filter the certificates to only include those that are in the traversal.
445 traversal = certificates
446 .into_iter()
447 .filter(|p| traversal.iter().any(|c| c.previous_certificate_ids().contains(&p.id())))
448 .collect();
449 }
450 Ok(traversal.contains(&previous_certificate))
451 }
452
453 // Check if the block has a subdag.
454 let subdag = match block.authority() {
455 Authority::Quorum(subdag) => subdag,
456 _ => return Ok(()),
457 };
458
459 // Iterate over the rounds to find possible leader certificates.
460 for round in (latest_round.saturating_add(2)..=subdag.anchor_round().saturating_sub(2)).rev().step_by(2) {
461 // Retrieve the previous committee lookback.
462 let previous_committee_lookback = self
463 .get_committee_lookback_for_round(round)?
464 .ok_or_else(|| anyhow!("No committee lookback found for round {round}"))?;
465
466 // Compute the leader for the commit round.
467 let computed_leader = previous_committee_lookback
468 .get_leader(round)
469 .with_context(|| format!("Failed to compute leader for round {round}"))?;
470
471 // Retrieve the previous leader certificates.
472 let previous_certificate = match subdag.get(&round).and_then(|certificates| {
473 certificates.iter().find(|certificate| certificate.author() == computed_leader)
474 }) {
475 Some(cert) => cert,
476 None => continue,
477 };
478
479 // Determine if there is a path between the previous certificate and the subdag's leader certificate.
480 if is_linked(subdag, previous_certificate, subdag.leader_certificate())? {
481 bail!(
482 "The previous certificate should not be linked to the current certificate in block {}",
483 block.height()
484 );
485 }
486 }
487
488 Ok(())
489 }
490}