downloader_test.go 28.3 KB
Newer Older
1 2 3
package downloader

import (
4
	"crypto/rand"
5
	"errors"
6
	"fmt"
7
	"math/big"
8
	"sync/atomic"
9 10 11 12
	"testing"
	"time"

	"github.com/ethereum/go-ethereum/common"
13
	"github.com/ethereum/go-ethereum/core"
14
	"github.com/ethereum/go-ethereum/core/types"
15
	"github.com/ethereum/go-ethereum/ethdb"
O
obscuren 已提交
16
	"github.com/ethereum/go-ethereum/event"
17 18
)

19 20 21 22 23
const (
	eth60 = 60
	eth61 = 61
)

24
var (
25 26
	testdb, _ = ethdb.NewMemDatabase()
	genesis   = core.GenesisBlockForTesting(testdb, common.Address{}, big.NewInt(0))
27
)
28

29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
// makeChain creates a chain of n blocks starting at and including
// parent. the returned hash chain is ordered head->parent.
func makeChain(n int, seed byte, parent *types.Block) ([]common.Hash, map[common.Hash]*types.Block) {
	blocks := core.GenerateChain(parent, testdb, n, func(i int, gen *core.BlockGen) {
		gen.SetCoinbase(common.Address{seed})
	})
	hashes := make([]common.Hash, n+1)
	hashes[len(hashes)-1] = parent.Hash()
	blockm := make(map[common.Hash]*types.Block, n+1)
	blockm[parent.Hash()] = parent
	for i, b := range blocks {
		hashes[len(hashes)-i-2] = b.Hash()
		blockm[b.Hash()] = b
	}
	return hashes, blockm
}

// makeChainFork creates two chains of length n, such that h1[:f] and
// h2[:f] are different but have a common suffix of length n-f.
func makeChainFork(n, f int, parent *types.Block) (h1, h2 []common.Hash, b1, b2 map[common.Hash]*types.Block) {
	// Create the common suffix.
	h, b := makeChain(n-f-1, 0, parent)
	// Create the forks.
	h1, b1 = makeChain(f, 1, b[h[0]])
	h1 = append(h1, h[1:]...)
	h2, b2 = makeChain(f, 2, b[h[0]])
	h2 = append(h2, h[1:]...)
	for hash, block := range b {
		b1[hash] = block
		b2[hash] = block
	}
	return h1, h2, b1, b2
61 62
}

63
// downloadTester is a test simulator for mocking out local block chain.
64
type downloadTester struct {
65 66
	downloader *Downloader

67 68 69 70
	ownHashes  []common.Hash                           // Hash chain belonging to the tester
	ownBlocks  map[common.Hash]*types.Block            // Blocks belonging to the tester
	peerHashes map[string][]common.Hash                // Hash chain belonging to different test peers
	peerBlocks map[string]map[common.Hash]*types.Block // Blocks belonging to different test peers
71

72
	maxHashFetch int // Overrides the maximum number of retrieved hashes
73 74
}

75
// newTester creates a new downloader test mocker.
76
func newTester() *downloadTester {
77
	tester := &downloadTester{
78 79
		ownHashes:  []common.Hash{genesis.Hash()},
		ownBlocks:  map[common.Hash]*types.Block{genesis.Hash(): genesis},
80 81
		peerHashes: make(map[string][]common.Hash),
		peerBlocks: make(map[string]map[common.Hash]*types.Block),
82
	}
83
	tester.downloader = New(new(event.TypeMux), tester.hasBlock, tester.getBlock, tester.insertChain, tester.dropPeer)
84 85 86 87

	return tester
}

88 89
// sync starts synchronizing with a remote peer, blocking until it completes.
func (dl *downloadTester) sync(id string) error {
90 91 92 93 94
	err := dl.downloader.synchronise(id, dl.peerHashes[id][0])
	for atomic.LoadInt32(&dl.downloader.processing) == 1 {
		time.Sleep(time.Millisecond)
	}
	return err
O
obscuren 已提交
95 96
}

97
// hasBlock checks if a block is pres	ent in the testers canonical chain.
98
func (dl *downloadTester) hasBlock(hash common.Hash) bool {
99
	return dl.getBlock(hash) != nil
100 101
}

102
// getBlock retrieves a block from the testers canonical chain.
103
func (dl *downloadTester) getBlock(hash common.Hash) *types.Block {
104 105 106
	return dl.ownBlocks[hash]
}

107 108 109 110 111 112 113 114 115 116 117 118
// insertChain injects a new batch of blocks into the simulated chain.
func (dl *downloadTester) insertChain(blocks types.Blocks) (int, error) {
	for i, block := range blocks {
		if _, ok := dl.ownBlocks[block.ParentHash()]; !ok {
			return i, errors.New("unknown parent")
		}
		dl.ownHashes = append(dl.ownHashes, block.Hash())
		dl.ownBlocks[block.Hash()] = block
	}
	return len(blocks), nil
}

119
// newPeer registers a new block download source into the downloader.
120 121
func (dl *downloadTester) newPeer(id string, version int, hashes []common.Hash, blocks map[common.Hash]*types.Block) error {
	return dl.newSlowPeer(id, version, hashes, blocks, 0)
122 123 124 125 126
}

// newSlowPeer registers a new block download source into the downloader, with a
// specific delay time on processing the network packets sent to it, simulating
// potentially slow network IO.
127 128
func (dl *downloadTester) newSlowPeer(id string, version int, hashes []common.Hash, blocks map[common.Hash]*types.Block, delay time.Duration) error {
	err := dl.downloader.RegisterPeer(id, version, hashes[0], dl.peerGetHashesFn(id, delay), dl.peerGetBlocksFn(id, delay))
129
	if err == nil {
130 131 132 133 134
		// Assign the owned hashes and blocks to the peer (deep copy)
		dl.peerHashes[id] = make([]common.Hash, len(hashes))
		copy(dl.peerHashes[id], hashes)
		dl.peerBlocks[id] = make(map[common.Hash]*types.Block)
		for hash, block := range blocks {
135
			dl.peerBlocks[id][hash] = block
136
		}
137 138
	}
	return err
139 140
}

141 142 143 144 145 146 147 148
// dropPeer simulates a hard peer removal from the connection pool.
func (dl *downloadTester) dropPeer(id string) {
	delete(dl.peerHashes, id)
	delete(dl.peerBlocks, id)

	dl.downloader.UnregisterPeer(id)
}

149 150 151
// peerGetBlocksFn constructs a getHashes function associated with a particular
// peer in the download tester. The returned function can be used to retrieve
// batches of hashes from the particularly requested peer.
152
func (dl *downloadTester) peerGetHashesFn(id string, delay time.Duration) func(head common.Hash) error {
153
	return func(head common.Hash) error {
154 155
		time.Sleep(delay)

156 157 158 159 160 161 162 163 164
		limit := MaxHashFetch
		if dl.maxHashFetch > 0 {
			limit = dl.maxHashFetch
		}
		// Gather the next batch of hashes
		hashes := dl.peerHashes[id]
		result := make([]common.Hash, 0, limit)
		for i, hash := range hashes {
			if hash == head {
165
				i++
166 167 168 169 170
				for len(result) < cap(result) && i < len(hashes) {
					result = append(result, hashes[i])
					i++
				}
				break
171 172
			}
		}
173 174 175 176 177 178
		// Delay delivery a bit to allow attacks to unfold
		go func() {
			time.Sleep(time.Millisecond)
			dl.downloader.DeliverHashes(id, result)
		}()
		return nil
179
	}
180 181
}

182 183 184
// peerGetBlocksFn constructs a getBlocks function associated with a particular
// peer in the download tester. The returned function can be used to retrieve
// batches of blocks from the particularly requested peer.
185
func (dl *downloadTester) peerGetBlocksFn(id string, delay time.Duration) func([]common.Hash) error {
186
	return func(hashes []common.Hash) error {
187 188
		time.Sleep(delay)

189 190
		blocks := dl.peerBlocks[id]
		result := make([]*types.Block, 0, len(hashes))
191
		for _, hash := range hashes {
192 193
			if block, ok := blocks[hash]; ok {
				result = append(result, block)
194
			}
195
		}
196
		go dl.downloader.DeliverBlocks(id, result)
197 198 199 200 201

		return nil
	}
}

202 203 204 205
// Tests that simple synchronization, without throttling from a good peer works.
func TestSynchronisation(t *testing.T) {
	// Create a small enough block chain to download and the tester
	targetBlocks := blockCacheLimit - 15
206
	hashes, blocks := makeChain(targetBlocks, 0, genesis)
207

208
	tester := newTester()
209
	tester.newPeer("peer", eth60, hashes, blocks)
210

211
	// Synchronise with the peer and make sure all blocks were retrieved
212
	if err := tester.sync("peer"); err != nil {
213
		t.Fatalf("failed to synchronise blocks: %v", err)
214
	}
215 216
	if imported := len(tester.ownBlocks); imported != targetBlocks+1 {
		t.Fatalf("synchronised block mismatch: have %v, want %v", imported, targetBlocks+1)
217
	}
218
}
219

220
// Tests that an inactive downloader will not accept incoming hashes and blocks.
221
func TestInactiveDownloader(t *testing.T) {
222
	tester := newTester()
223

224
	// Check that neither hashes nor blocks are accepted
225
	if err := tester.downloader.DeliverHashes("bad peer", []common.Hash{}); err != errNoSyncActive {
226 227
		t.Errorf("error mismatch: have %v, want %v", err, errNoSyncActive)
	}
228
	if err := tester.downloader.DeliverBlocks("bad peer", []*types.Block{}); err != errNoSyncActive {
229
		t.Errorf("error mismatch: have %v, want %v", err, errNoSyncActive)
230 231 232
	}
}

233
// Tests that a canceled download wipes all previously accumulated state.
234
func TestCancel(t *testing.T) {
235 236
	// Create a small enough block chain to download and the tester
	targetBlocks := blockCacheLimit - 15
237
	hashes, blocks := makeChain(targetBlocks, 0, genesis)
238

239
	tester := newTester()
240
	tester.newPeer("peer", eth60, hashes, blocks)
241

242
	// Make sure canceling works with a pristine downloader
243
	tester.downloader.cancel()
244 245 246 247
	hashCount, blockCount := tester.downloader.queue.Size()
	if hashCount > 0 || blockCount > 0 {
		t.Errorf("block or hash count mismatch: %d hashes, %d blocks, want 0", hashCount, blockCount)
	}
248
	// Synchronise with the peer, but cancel afterwards
249
	if err := tester.sync("peer"); err != nil {
250
		t.Fatalf("failed to synchronise blocks: %v", err)
251
	}
252
	tester.downloader.cancel()
253
	hashCount, blockCount = tester.downloader.queue.Size()
254 255 256
	if hashCount > 0 || blockCount > 0 {
		t.Errorf("block or hash count mismatch: %d hashes, %d blocks, want 0", hashCount, blockCount)
	}
257 258
}

259 260
// Tests that if a large batch of blocks are being downloaded, it is throttled
// until the cached blocks are retrieved.
261
func TestThrottling(t *testing.T) {
262 263
	// Create a long block chain to download and the tester
	targetBlocks := 8 * blockCacheLimit
264
	hashes, blocks := makeChain(targetBlocks, 0, genesis)
265

266
	tester := newTester()
267
	tester.newPeer("peer", eth60, hashes, blocks)
268

269 270 271 272 273 274 275
	// Wrap the importer to allow stepping
	done := make(chan int)
	tester.downloader.insertChain = func(blocks types.Blocks) (int, error) {
		n, err := tester.insertChain(blocks)
		done <- n
		return n, err
	}
276 277 278
	// Start a synchronisation concurrently
	errc := make(chan error)
	go func() {
279
		errc <- tester.sync("peer")
280 281
	}()
	// Iteratively take some blocks, always checking the retrieval count
282 283 284
	for len(tester.ownBlocks) < targetBlocks+1 {
		// Wait a bit for sync to throttle itself
		var cached int
285 286
		for start := time.Now(); time.Since(start) < 3*time.Second; {
			time.Sleep(25 * time.Millisecond)
287 288 289

			cached = len(tester.downloader.queue.blockPool)
			if cached == blockCacheLimit || len(tester.ownBlocks)+cached == targetBlocks+1 {
290 291 292
				break
			}
		}
293 294 295 296
		// Make sure we filled up the cache, then exhaust it
		time.Sleep(25 * time.Millisecond) // give it a chance to screw up
		if cached != blockCacheLimit && len(tester.ownBlocks)+cached < targetBlocks+1 {
			t.Fatalf("block count mismatch: have %v, want %v", cached, blockCacheLimit)
297
		}
298 299 300
		<-done // finish previous blocking import
		for cached > maxBlockProcess {
			cached -= <-done
301
		}
302 303 304 305 306 307 308
		time.Sleep(25 * time.Millisecond) // yield to the insertion
	}
	<-done // finish the last blocking import

	// Check that we haven't pulled more blocks than available
	if len(tester.ownBlocks) > targetBlocks+1 {
		t.Fatalf("target block count mismatch: have %v, want %v", len(tester.ownBlocks), targetBlocks+1)
309
	}
310 311
	if err := <-errc; err != nil {
		t.Fatalf("block synchronization failed: %v", err)
312 313
	}
}
314

315 316 317 318 319
// Tests that synchronisation from multiple peers works as intended (multi thread sanity test).
func TestMultiSynchronisation(t *testing.T) {
	// Create various peers with various parts of the chain
	targetPeers := 16
	targetBlocks := targetPeers*blockCacheLimit - 15
320
	hashes, blocks := makeChain(targetBlocks, 0, genesis)
321 322 323 324

	tester := newTester()
	for i := 0; i < targetPeers; i++ {
		id := fmt.Sprintf("peer #%d", i)
325
		tester.newPeer(id, eth60, hashes[i*blockCacheLimit:], blocks)
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343
	}
	// Synchronise with the middle peer and make sure half of the blocks were retrieved
	id := fmt.Sprintf("peer #%d", targetPeers/2)
	if err := tester.sync(id); err != nil {
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
	if imported := len(tester.ownBlocks); imported != len(tester.peerHashes[id]) {
		t.Fatalf("synchronised block mismatch: have %v, want %v", imported, len(tester.peerHashes[id]))
	}
	// Synchronise with the best peer and make sure everything is retrieved
	if err := tester.sync("peer #0"); err != nil {
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
	if imported := len(tester.ownBlocks); imported != targetBlocks+1 {
		t.Fatalf("synchronised block mismatch: have %v, want %v", imported, targetBlocks+1)
	}
}

344 345 346 347 348 349 350 351
// Tests that synchronising with a peer who's very slow at network IO does not
// stall the other peers in the system.
func TestSlowSynchronisation(t *testing.T) {
	tester := newTester()

	// Create a batch of blocks, with a slow and a full speed peer
	targetCycles := 2
	targetBlocks := targetCycles*blockCacheLimit - 15
352
	targetIODelay := time.Second
353
	hashes, blocks := makeChain(targetBlocks, 0, genesis)
354

355 356
	tester.newSlowPeer("fast", eth60, hashes, blocks, 0)
	tester.newSlowPeer("slow", eth60, hashes, blocks, targetIODelay)
357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372

	// Try to sync with the peers (pull hashes from fast)
	start := time.Now()
	if err := tester.sync("fast"); err != nil {
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
	if imported := len(tester.ownBlocks); imported != targetBlocks+1 {
		t.Fatalf("synchronised block mismatch: have %v, want %v", imported, targetBlocks+1)
	}
	// Check that the slow peer got hit at most once per block-cache-size import
	limit := time.Duration(targetCycles+1) * targetIODelay
	if delay := time.Since(start); delay >= limit {
		t.Fatalf("synchronisation exceeded delay limit: have %v, want %v", delay, limit)
	}
}

373 374 375
// Tests that if a peer returns an invalid chain with a block pointing to a non-
// existing parent, it is correctly detected and handled.
func TestNonExistingParentAttack(t *testing.T) {
376 377
	tester := newTester()

378
	// Forge a single-link chain with a forged header
379
	hashes, blocks := makeChain(1, 0, genesis)
380
	tester.newPeer("valid", eth60, hashes, blocks)
381

382 383 384
	wrongblock := types.NewBlock(&types.Header{}, nil, nil, nil)
	wrongblock.Td = blocks[hashes[0]].Td
	hashes, blocks = makeChain(1, 0, wrongblock)
385
	tester.newPeer("attack", eth60, hashes, blocks)
386 387

	// Try and sync with the malicious node and check that it fails
388 389
	if err := tester.sync("attack"); err == nil {
		t.Fatalf("block synchronization succeeded")
390
	}
391 392
	if tester.hasBlock(hashes[0]) {
		t.Fatalf("tester accepted unknown-parent block: %v", blocks[hashes[0]])
393
	}
394 395
	// Try to synchronize with the valid chain and make sure it succeeds
	if err := tester.sync("valid"); err != nil {
396 397
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
398 399
	if !tester.hasBlock(tester.peerHashes["valid"][0]) {
		t.Fatalf("tester didn't accept known-parent block: %v", tester.peerBlocks["valid"][hashes[0]])
400
	}
401
}
402 403 404

// Tests that if a malicious peers keeps sending us repeating hashes, we don't
// loop indefinitely.
405 406 407
func TestRepeatingHashAttack(t *testing.T) { // TODO: Is this thing valid??
	tester := newTester()

408
	// Create a valid chain, but drop the last link
409
	hashes, blocks := makeChain(blockCacheLimit, 0, genesis)
410 411
	tester.newPeer("valid", eth60, hashes, blocks)
	tester.newPeer("attack", eth60, hashes[:len(hashes)-1], blocks)
412 413 414 415

	// Try and sync with the malicious node
	errc := make(chan error)
	go func() {
416
		errc <- tester.sync("attack")
417 418 419
	}()
	// Make sure that syncing returns and does so with a failure
	select {
420
	case <-time.After(time.Second):
421 422 423 424 425 426
		t.Fatalf("synchronisation blocked")
	case err := <-errc:
		if err == nil {
			t.Fatalf("synchronisation succeeded")
		}
	}
427
	// Ensure that a valid chain can still pass sync
428
	if err := tester.sync("valid"); err != nil {
429 430
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
431
}
432 433 434 435

// Tests that if a malicious peers returns a non-existent block hash, it should
// eventually time out and the sync reattempted.
func TestNonExistingBlockAttack(t *testing.T) {
436 437
	tester := newTester()

438
	// Create a valid chain, but forge the last link
439
	hashes, blocks := makeChain(blockCacheLimit, 0, genesis)
440
	tester.newPeer("valid", eth60, hashes, blocks)
441

442
	hashes[len(hashes)/2] = common.Hash{}
443
	tester.newPeer("attack", eth60, hashes, blocks)
444 445

	// Try and sync with the malicious node and check that it fails
446
	if err := tester.sync("attack"); err != errPeersUnavailable {
447 448
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errPeersUnavailable)
	}
449
	// Ensure that a valid chain can still pass sync
450
	if err := tester.sync("valid"); err != nil {
451 452
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
453
}
454 455 456 457

// Tests that if a malicious peer is returning hashes in a weird order, that the
// sync throttler doesn't choke on them waiting for the valid blocks.
func TestInvalidHashOrderAttack(t *testing.T) {
458 459
	tester := newTester()

460
	// Create a valid long chain, but reverse some hashes within
461
	hashes, blocks := makeChain(4*blockCacheLimit, 0, genesis)
462
	tester.newPeer("valid", eth60, hashes, blocks)
463

464 465 466 467 468
	chunk1 := make([]common.Hash, blockCacheLimit)
	chunk2 := make([]common.Hash, blockCacheLimit)
	copy(chunk1, hashes[blockCacheLimit:2*blockCacheLimit])
	copy(chunk2, hashes[2*blockCacheLimit:3*blockCacheLimit])

469 470
	copy(hashes[2*blockCacheLimit:], chunk1)
	copy(hashes[blockCacheLimit:], chunk2)
471
	tester.newPeer("attack", eth60, hashes, blocks)
472 473

	// Try and sync with the malicious node and check that it fails
474
	if err := tester.sync("attack"); err != errInvalidChain {
475
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errInvalidChain)
476 477
	}
	// Ensure that a valid chain can still pass sync
478
	if err := tester.sync("valid"); err != nil {
479 480 481
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
}
482 483 484 485

// Tests that if a malicious peer makes up a random hash chain and tries to push
// indefinitely, it actually gets caught with it.
func TestMadeupHashChainAttack(t *testing.T) {
486
	tester := newTester()
487
	blockSoftTTL = 100 * time.Millisecond
488 489 490
	crossCheckCycle = 25 * time.Millisecond

	// Create a long chain of hashes without backing blocks
491 492 493 494 495 496
	hashes, blocks := makeChain(4*blockCacheLimit, 0, genesis)

	randomHashes := make([]common.Hash, 1024*blockCacheLimit)
	for i := range randomHashes {
		rand.Read(randomHashes[i][:])
	}
497

498 499
	tester.newPeer("valid", eth60, hashes, blocks)
	tester.newPeer("attack", eth60, randomHashes, nil)
500 501

	// Try and sync with the malicious node and check that it fails
502
	if err := tester.sync("attack"); err != errCrossCheckFailed {
503
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errCrossCheckFailed)
504
	}
505
	// Ensure that a valid chain can still pass sync
506
	if err := tester.sync("valid"); err != nil {
507 508
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
509
}
510

511 512 513 514 515 516
// Tests that if a malicious peer makes up a random hash chain, and tries to push
// indefinitely, one hash at a time, it actually gets caught with it. The reason
// this is separate from the classical made up chain attack is that sending hashes
// one by one prevents reliable block/parent verification.
func TestMadeupHashChainDrippingAttack(t *testing.T) {
	// Create a random chain of hashes to drip
517 518 519 520 521
	randomHashes := make([]common.Hash, 16*blockCacheLimit)
	for i := range randomHashes {
		rand.Read(randomHashes[i][:])
	}
	randomHashes[len(randomHashes)-1] = genesis.Hash()
522
	tester := newTester()
523 524 525

	// Try and sync with the attacker, one hash at a time
	tester.maxHashFetch = 1
526
	tester.newPeer("attack", eth60, randomHashes, nil)
527
	if err := tester.sync("attack"); err != errStallingPeer {
528
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errStallingPeer)
529 530 531
	}
}

532 533 534
// Tests that if a malicious peer makes up a random block chain, and tried to
// push indefinitely, it actually gets caught with it.
func TestMadeupBlockChainAttack(t *testing.T) {
535
	defaultBlockTTL := blockSoftTTL
536 537
	defaultCrossCheckCycle := crossCheckCycle

538
	blockSoftTTL = 100 * time.Millisecond
539 540 541
	crossCheckCycle = 25 * time.Millisecond

	// Create a long chain of blocks and simulate an invalid chain by dropping every second
542
	hashes, blocks := makeChain(16*blockCacheLimit, 0, genesis)
543 544 545 546 547
	gapped := make([]common.Hash, len(hashes)/2)
	for i := 0; i < len(gapped); i++ {
		gapped[i] = hashes[2*i]
	}
	// Try and sync with the malicious node and check that it fails
548
	tester := newTester()
549
	tester.newPeer("attack", eth60, gapped, blocks)
550
	if err := tester.sync("attack"); err != errCrossCheckFailed {
551
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errCrossCheckFailed)
552 553
	}
	// Ensure that a valid chain can still pass sync
554
	blockSoftTTL = defaultBlockTTL
555 556
	crossCheckCycle = defaultCrossCheckCycle

557
	tester.newPeer("valid", eth60, hashes, blocks)
558
	if err := tester.sync("valid"); err != nil {
559 560 561
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
}
562

563
// Tests that if one/multiple malicious peers try to feed a banned blockchain to
564
// the downloader, it will not keep refetching the same chain indefinitely, but
565
// gradually block pieces of it, until its head is also blocked.
566
func TestBannedChainStarvationAttack(t *testing.T) {
567 568 569
	n := 8 * blockCacheLimit
	fork := n/2 - 23
	hashes, forkHashes, blocks, forkBlocks := makeChainFork(n, fork, genesis)
570

571 572 573
	// Create the tester and ban the selected hash.
	tester := newTester()
	tester.downloader.banned.Add(forkHashes[fork-1])
574 575
	tester.newPeer("valid", eth60, hashes, blocks)
	tester.newPeer("attack", eth60, forkHashes, forkBlocks)
576

577 578 579 580
	// Iteratively try to sync, and verify that the banned hash list grows until
	// the head of the invalid chain is blocked too.
	for banned := tester.downloader.banned.Size(); ; {
		// Try to sync with the attacker, check hash chain failure
581
		if err := tester.sync("attack"); err != errInvalidChain {
582
			if tester.downloader.banned.Has(forkHashes[0]) && err == errBannedHead {
583 584
				break
			}
585
			t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errInvalidChain)
586 587 588 589 590 591 592 593
		}
		// Check that the ban list grew with at least 1 new item, or all banned
		bans := tester.downloader.banned.Size()
		if bans < banned+1 {
			t.Fatalf("ban count mismatch: have %v, want %v+", bans, banned+1)
		}
		banned = bans
	}
594
	// Check that after banning an entire chain, bad peers get dropped
595
	if err := tester.newPeer("new attacker", eth60, forkHashes, forkBlocks); err != errBannedHead {
596 597
		t.Fatalf("peer registration mismatch: have %v, want %v", err, errBannedHead)
	}
598
	if peer := tester.downloader.peers.Peer("new attacker"); peer != nil {
599 600
		t.Fatalf("banned attacker registered: %v", peer)
	}
601
	// Ensure that a valid chain can still pass sync
602
	if err := tester.sync("valid"); err != nil {
603 604
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
605
}
606 607 608 609 610

// Tests that if a peer sends excessively many/large invalid chains that are
// gradually banned, it will have an upper limit on the consumed memory and also
// the origin bad hashes will not be evacuated.
func TestBannedChainMemoryExhaustionAttack(t *testing.T) {
611 612 613 614 615 616
	// Construct a banned chain with more chunks than the ban limit
	n := 8 * blockCacheLimit
	fork := n/2 - 23
	hashes, forkHashes, blocks, forkBlocks := makeChainFork(n, fork, genesis)

	// Create the tester and ban the root hash of the fork.
617
	tester := newTester()
618
	tester.downloader.banned.Add(forkHashes[fork-1])
619

620
	// Reduce the test size a bit
621 622 623
	defaultMaxBlockFetch := MaxBlockFetch
	defaultMaxBannedHashes := maxBannedHashes

624 625 626
	MaxBlockFetch = 4
	maxBannedHashes = 256

627 628
	tester.newPeer("valid", eth60, hashes, blocks)
	tester.newPeer("attack", eth60, forkHashes, forkBlocks)
629 630 631 632 633

	// Iteratively try to sync, and verify that the banned hash list grows until
	// the head of the invalid chain is blocked too.
	for {
		// Try to sync with the attacker, check hash chain failure
634
		if err := tester.sync("attack"); err != errInvalidChain {
635
			t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errInvalidChain)
636
		}
637 638
		// Short circuit if the entire chain was banned.
		if tester.downloader.banned.Has(forkHashes[0]) {
639 640 641 642 643 644 645 646 647 648 649 650
			break
		}
		// Otherwise ensure we never exceed the memory allowance and the hard coded bans are untouched
		if bans := tester.downloader.banned.Size(); bans > maxBannedHashes {
			t.Fatalf("ban cap exceeded: have %v, want max %v", bans, maxBannedHashes)
		}
		for hash, _ := range core.BadHashes {
			if !tester.downloader.banned.Has(hash) {
				t.Fatalf("hard coded ban evacuated: %x", hash)
			}
		}
	}
651 652 653 654
	// Ensure that a valid chain can still pass sync
	MaxBlockFetch = defaultMaxBlockFetch
	maxBannedHashes = defaultMaxBannedHashes

655
	if err := tester.sync("valid"); err != nil {
656 657
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
658
}
659

660 661 662 663 664 665 666 667 668
// Tests a corner case (potential attack) where a peer delivers both good as well
// as unrequested blocks to a hash request. This may trigger a different code
// path than the fully correct or fully invalid delivery, potentially causing
// internal state problems
//
// No, don't delete this test, it actually did happen!
func TestOverlappingDeliveryAttack(t *testing.T) {
	// Create an arbitrary batch of blocks ( < cache-size not to block)
	targetBlocks := blockCacheLimit - 23
669
	hashes, blocks := makeChain(targetBlocks, 0, genesis)
670 671 672

	// Register an attacker that always returns non-requested blocks too
	tester := newTester()
673
	tester.newPeer("attack", eth60, hashes, blocks)
674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692

	rawGetBlocks := tester.downloader.peers.Peer("attack").getBlocks
	tester.downloader.peers.Peer("attack").getBlocks = func(request []common.Hash) error {
		// Add a non requested hash the screw the delivery (genesis should be fine)
		return rawGetBlocks(append(request, hashes[0]))
	}
	// Test that synchronisation can complete, check for import success
	if err := tester.sync("attack"); err != nil {
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
	start := time.Now()
	for len(tester.ownHashes) != len(hashes) && time.Since(start) < time.Second {
		time.Sleep(50 * time.Millisecond)
	}
	if len(tester.ownHashes) != len(hashes) {
		t.Fatalf("chain length mismatch: have %v, want %v", len(tester.ownHashes), len(hashes))
	}
}

693
// Tests that misbehaving peers are disconnected, whilst behaving ones are not.
694 695
func TestHashAttackerDropping(t *testing.T) {
	// Define the disconnection requirement for individual hash fetch errors
696 697 698 699
	tests := []struct {
		result error
		drop   bool
	}{
700 701 702 703 704 705 706 707 708 709 710 711 712 713 714
		{nil, false},                 // Sync succeeded, all is well
		{errBusy, false},             // Sync is already in progress, no problem
		{errUnknownPeer, false},      // Peer is unknown, was already dropped, don't double drop
		{errBadPeer, true},           // Peer was deemed bad for some reason, drop it
		{errStallingPeer, true},      // Peer was detected to be stalling, drop it
		{errBannedHead, true},        // Peer's head hash is a known bad hash, drop it
		{errNoPeers, false},          // No peers to download from, soft race, no issue
		{errPendingQueue, false},     // There are blocks still cached, wait to exhaust, no issue
		{errTimeout, true},           // No hashes received in due time, drop the peer
		{errEmptyHashSet, true},      // No hashes were returned as a response, drop as it's a dead end
		{errPeersUnavailable, true},  // Nobody had the advertised blocks, drop the advertiser
		{errInvalidChain, true},      // Hash chain was detected as invalid, definitely drop
		{errCrossCheckFailed, true},  // Hash-origin failed to pass a block cross check, drop
		{errCancelHashFetch, false},  // Synchronisation was canceled, origin may be innocent, don't drop
		{errCancelBlockFetch, false}, // Synchronisation was canceled, origin may be innocent, don't drop
715 716 717 718 719 720
	}
	// Run the tests and check disconnection status
	tester := newTester()
	for i, tt := range tests {
		// Register a new peer and ensure it's presence
		id := fmt.Sprintf("test %d", i)
721
		if err := tester.newPeer(id, eth60, []common.Hash{genesis.Hash()}, nil); err != nil {
722 723 724 725 726 727 728 729
			t.Fatalf("test %d: failed to register new peer: %v", i, err)
		}
		if _, ok := tester.peerHashes[id]; !ok {
			t.Fatalf("test %d: registered peer not found", i)
		}
		// Simulate a synchronisation and check the required result
		tester.downloader.synchroniseMock = func(string, common.Hash) error { return tt.result }

730
		tester.downloader.Synchronise(id, genesis.Hash())
731 732 733 734 735
		if _, ok := tester.peerHashes[id]; !ok != tt.drop {
			t.Errorf("test %d: peer drop mismatch for %v: have %v, want %v", i, tt.result, !ok, tt.drop)
		}
	}
}
736 737 738 739 740 741 742

// Tests that feeding bad blocks will result in a peer drop.
func TestBlockAttackerDropping(t *testing.T) {
	// Define the disconnection requirement for individual block import errors
	tests := []struct {
		failure bool
		drop    bool
743 744 745 746
	}{
		{true, true},
		{false, false},
	}
747 748 749 750 751 752

	// Run the tests and check disconnection status
	tester := newTester()
	for i, tt := range tests {
		// Register a new peer and ensure it's presence
		id := fmt.Sprintf("test %d", i)
753
		if err := tester.newPeer(id, eth60, []common.Hash{common.Hash{}}, nil); err != nil {
754 755 756 757 758 759
			t.Fatalf("test %d: failed to register new peer: %v", i, err)
		}
		if _, ok := tester.peerHashes[id]; !ok {
			t.Fatalf("test %d: registered peer not found", i)
		}
		// Assemble a good or bad block, depending of the test
760
		raw := core.GenerateChain(genesis, testdb, 1, nil)[0]
761
		if tt.failure {
762 763
			parent := types.NewBlock(&types.Header{}, nil, nil, nil)
			raw = core.GenerateChain(parent, testdb, 1, nil)[0]
764 765 766 767 768 769 770 771 772 773 774
		}
		block := &Block{OriginPeer: id, RawBlock: raw}

		// Simulate block processing and check the result
		tester.downloader.queue.blockCache[0] = block
		tester.downloader.process()
		if _, ok := tester.peerHashes[id]; !ok != tt.drop {
			t.Errorf("test %d: peer drop mismatch for %v: have %v, want %v", i, tt.failure, !ok, tt.drop)
		}
	}
}