@freedomofpress/cometbft 0.1.2 → 0.1.3

package/src/tests/fixtures/webcat.json

@@ -5,42 +5,54 @@
         "block": "11",
         "app": "0"
       },
-      "chain_id": "test-chain-hGjZNv",
-      "height": "493",
-      "time": "2025-11-26T21:34:06.159025Z",
+      "chain_id": "webcat-test-02",
+      "height": "18720",
+      "time": "2026-03-08T03:00:52.980342151Z",
       "last_block_id": {
-        "hash": "6ABE9483553796549941230EFFC982A4B389FE475D37C43815E6B735E5AEDE7B",
+        "hash": "8271A9B3A0689FF0CB095E39175403A74BC374ABBE23184B20D902199FDC0BA7",
         "parts": {
           "total": 1,
-          "hash": "FA7002E34B341CC2625B2A2EB546ED9A1D2B77D1146A5650D9D2E3682940EE29"
+          "hash": "AEB84D5BAB13692BCBD9603B9A94AA310203648DF16A755EA2BA9A2A1D667BCB"
         }
       },
-      "last_commit_hash": "C7B78BBAF834E298EB6570836DAA9116A56BED2F652D8BAF6C28B1F33ABC8AE8",
+      "last_commit_hash": "9E3394940C1C94504E0465CCED1CE7047639BDF5506E34EA07FE729C5E4EA5FC",
       "data_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855",
-      "validators_hash": "04C72627103FD466C7B4C30C0E654D2B58EA140493C009B8BAB66749FFEBE60C",
-      "next_validators_hash": "04C72627103FD466C7B4C30C0E654D2B58EA140493C009B8BAB66749FFEBE60C",
+      "validators_hash": "166D75D14EE1555615C57D2F013454152214BDB143D458C00A02B2AC0F2AC128",
+      "next_validators_hash": "166D75D14EE1555615C57D2F013454152214BDB143D458C00A02B2AC0F2AC128",
       "consensus_hash": "048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F",
-      "app_hash": "180B4624DAB5D631EAD41DC7BEC0F63D2A25DF826B068604B7D858206ED92DD6",
+      "app_hash": "6068FFC66BC857FE76B4E8A779176ABBA6CBFC3F119F961915AF01C293EDC9D3",
       "last_results_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855",
       "evidence_hash": "E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855",
-      "proposer_address": "F588CF8C0CA8D88CDD2F909C8262018B361CF5D5"
+      "proposer_address": "B734AC6CC1F14AAC8315FE8DBB07402ED4E45D72"
     },
     "commit": {
-      "height": "493",
+      "height": "18720",
       "round": 0,
       "block_id": {
-        "hash": "2A1D00CC2A092465E85EA2C24986BEE0105285039DC1873BB6B0CA7F610EC89D",
+        "hash": "1E1B52E922F1E20D8113D38A70675BFB0CF83609C00CD6CE637FC79B0C73A890",
         "parts": {
           "total": 1,
-          "hash": "379E62CC2B2741AD07E1F325307BBDECDAA10F2405A22C9B9350615A5DAF2725"
+          "hash": "CC7EAC61FA5FB28ADC4F26BEB76CD54CDB66C2A952E81CBEE33B55D0ED1B0A78"
         }
       },
       "signatures": [
         {
           "block_id_flag": 2,
-          "validator_address": "F588CF8C0CA8D88CDD2F909C8262018B361CF5D5",
-          "timestamp": "2025-11-26T21:34:07.1855Z",
-          "signature": "ttukjhivwXmf9YKEFSceZe0b6D98esb+9nMCeEz6e1z5MDfxMKun7O0nPis0PoDWcqBifWJy2NdbfO0zySILDQ=="
+          "validator_address": "48926DF1CC10DBBFAA78953F9BE38E59020DE01D",
+          "timestamp": "2026-03-08T03:01:53.984641899Z",
+          "signature": "V1swep5n+4AX155lTrNXSyS7k0L5Wnx2E8zrBGqWEDHf8pW5tFO1ron1xHqfMmJh9BSK3FaOWnIVToqcrvCiBg=="
+        },
+        {
+          "block_id_flag": 2,
+          "validator_address": "A39CFEBE6E8CA10B6101C46884A6EB8E62D04417",
+          "timestamp": "2026-03-08T03:01:54.033082245Z",
+          "signature": "VLIvwTw5aC15Oq8AkmiXudyIFKIo3VBOgU1eIQN+JxgsNtJwr8tuZsaGf6ds7BY6kQ8E93pxDm1CUk2pYrrZDQ=="
+        },
+        {
+          "block_id_flag": 2,
+          "validator_address": "B734AC6CC1F14AAC8315FE8DBB07402ED4E45D72",
+          "timestamp": "2026-03-08T03:01:54.025260639Z",
+          "signature": "ODjl80UkQB7uBQmf0TUCbgg+p8Mvv9ihvmbyYou3YWB7nqcwp5tzz8MiFkoPo8zfiLL+83AqKeYm7S3y3kPxDQ=="
         }
       ]
     }
@@ -48,24 +60,42 @@
   "validator_set": {
     "validators": [
       {
-        "address": "F588CF8C0CA8D88CDD2F909C8262018B361CF5D5",
+        "address": "48926DF1CC10DBBFAA78953F9BE38E59020DE01D",
+        "pub_key": {
+          "type": "tendermint/PubKeyEd25519",
+          "value": "zEK+pyAEhhCaoHYhhT+rrorJoc9kZbfY+JkbMtF8u5Y="
+        },
+        "power": "1",
+        "name": null
+      },
+      {
+        "address": "A39CFEBE6E8CA10B6101C46884A6EB8E62D04417",
+        "pub_key": {
+          "type": "tendermint/PubKeyEd25519",
+          "value": "8dZUej72UriKCPIDvk01c6yLaAB2ssYIli3fT3jKwSM="
+        },
+        "power": "1",
+        "name": null
+      },
+      {
+        "address": "B734AC6CC1F14AAC8315FE8DBB07402ED4E45D72",
         "pub_key": {
           "type": "tendermint/PubKeyEd25519",
-          "value": "Pn7hPwDPYkoBBTKxdxL0QZLdPCupGXyds/qSyOIBSZg="
+          "value": "WBK6Af3uKtC+VTv8x48f2TPoNnsebSXSBTIsJku/nQw="
         },
-        "power": "10",
+        "power": "1",
         "name": null
       }
     ],
     "proposer": {
-      "address": "F588CF8C0CA8D88CDD2F909C8262018B361CF5D5",
+      "address": "B734AC6CC1F14AAC8315FE8DBB07402ED4E45D72",
       "pub_key": {
         "type": "tendermint/PubKeyEd25519",
-        "value": "Pn7hPwDPYkoBBTKxdxL0QZLdPCupGXyds/qSyOIBSZg="
+        "value": "WBK6Af3uKtC+VTv8x48f2TPoNnsebSXSBTIsJku/nQw="
       },
-      "power": "10",
+      "power": "1",
       "name": null
     },
-    "total_voting_power": "10"
+    "total_voting_power": "3"
   }
 }

package/src/tests/lightclient.test.ts

@@ -38,7 +38,7 @@ describe("lightclient.verifyCommit", () => {
     expect(out.countedSignatures).toBeGreaterThan(0);
   });
 
-  it("throws when commit block_id.hash does not match the header hash", async () => {
+  it("fails quorum and invalidates all signatures when block_id.hash is tampered", async () => {
     const vResp = validatorsFixture as unknown as ValidatorJson;
     const { proto: vset, cryptoIndex } = await importValidators(vResp);
 
@@ -48,26 +48,11 @@ describe("lightclient.verifyCommit", () => {
       h.slice(0, -2) + (h.slice(-2) === "00" ? "01" : "00");
 
     const sh = importCommit(badCommit as CommitJson);
+    const out = await verifyCommit(sh, vset, cryptoIndex);
 
-    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
-      /header hash does not match commit blockid hash/i,
-    );
-  });
-
-  it("throws when app_hash is tampered", async () => {
-    const vResp = validatorsFixture as unknown as ValidatorJson;
-    const { proto: vset, cryptoIndex } = await importValidators(vResp);
-
-    const badHeader = clone(commitFixture) as any;
-    const appHash: string = badHeader.signed_header.header.app_hash;
-    badHeader.signed_header.header.app_hash =
-      appHash.slice(0, -2) + (appHash.slice(-2) === "00" ? "01" : "00");
-
-    const sh = importCommit(badHeader as CommitJson);
-
-    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
-      /header hash does not match commit blockid hash/i,
-    );
+    expect(out.quorum).toBe(false);
+    expect(out.invalidSignatures.length).toBe(out.countedSignatures);
+    expect(out.ok).toBe(false);
   });
 
   it("drops below 2/3 quorum when two votes are ABSENT", async () => {

package/src/tests/webcat.test.ts

@@ -1,7 +1,7 @@
 import { describe, expect, it } from "vitest";
 
 import { importCommit } from "../commit";
-import { Uint8ArrayToBase64 } from "../encoding";
+import { Uint8ArrayToBase64, Uint8ArrayToHex } from "../encoding";
 import { verifyCommit } from "../lightclient";
 import type { CommitJson, ValidatorJson } from "../types";
 import { importValidators } from "../validators";
@@ -11,35 +11,61 @@ function clone<T>(x: T): T {
   return JSON.parse(JSON.stringify(x));
 }
 
+function flipLastHexNibble(hex: string): string {
+  const last = hex.at(-1);
+  if (!last) throw new Error("Cannot mutate an empty hex string");
+
+  const replacement = last.toLowerCase() === "0" ? "1" : "0";
+  return `${hex.slice(0, -1)}${replacement}`;
+}
+
 describe("lightclient.verifyCommit", () => {
-  it("rejects this fixture when header hash does not match commit block_id.hash", async () => {
+  it("verifies a valid commit against the validator set", async () => {
     const validators = blockFixture.validator_set as unknown as ValidatorJson;
     const commit = blockFixture as unknown as CommitJson;
 
     const { proto: vset, cryptoIndex } = await importValidators(validators);
     const sh = importCommit(commit);
 
-    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
-      /header hash does not match commit blockid hash/i,
-    );
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(true);
+    expect(out.ok).toBe(true);
+    expect(out.signedPower > 0n).toBe(true);
+    expect(out.signedPower <= out.totalPower).toBe(true);
+    expect(out.headerTime).toBeDefined();
+    expect(out.appHash instanceof Uint8Array).toBe(true);
+    expect(out.blockIdHash instanceof Uint8Array).toBe(true);
+    expect(out.unknownValidators.length).toBe(0);
+    expect(out.invalidSignatures.length).toBe(0);
+    expect(out.countedSignatures).toBeGreaterThan(0);
   });
 
-  it("throws when commit block_id.hash does not match header hash", async () => {
+  it("flags invalid signatures", async () => {
     const validators = blockFixture.validator_set as unknown as ValidatorJson;
     const commit = clone(blockFixture) as unknown as CommitJson;
 
+    // Flip one byte of the BlockID hash to keep the signature well-formed but
+    // cryptographically invalid for the mutated sign-bytes.
     commit.signed_header.commit.block_id.hash =
       "3A1D00CC2A092465E85EA2C24986BEE0105285039DC1873BB6B0CA7F610EC89D";
 
     const { proto: vset, cryptoIndex } = await importValidators(validators);
     const sh = importCommit(commit);
 
-    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
-      /header hash does not match commit blockid hash/i,
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(false);
+    expect(out.ok).toBe(false);
+    expect(out.signedPower).toBe(0n);
+    expect(out.invalidSignatures).toHaveLength(vset.validators.length);
+    expect(out.invalidSignatures).toContain(
+      Uint8ArrayToHex(vset.validators[0].address).toUpperCase(),
     );
+    expect(out.countedSignatures).toBe(vset.validators.length);
   });
 
-  it("still rejects on header/commit hash mismatch even when a signature is corrupted", async () => {
+  it("flags invalid signatures", async () => {
     const validators = blockFixture.validator_set as unknown as ValidatorJson;
     const commit = clone(blockFixture) as unknown as CommitJson;
 
@@ -50,9 +76,15 @@ describe("lightclient.verifyCommit", () => {
     const { proto: vset, cryptoIndex } = await importValidators(validators);
     const sh = importCommit(commit);
 
-    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
-      /header hash does not match commit blockid hash/i,
-    );
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(false);
+    expect(out.ok).toBe(false);
+    expect(out.signedPower).toBe(2n);
+    expect(out.invalidSignatures).toEqual([
+      Uint8ArrayToHex(vset.validators[0].address).toUpperCase(),
+    ]);
+    expect(out.countedSignatures).toBe(vset.validators.length);
   });
 
   it("rejects malformed signature bytes", async () => {
@@ -67,7 +99,7 @@ describe("lightclient.verifyCommit", () => {
     );
   });
 
-  it("still rejects on header/commit hash mismatch even when validator is unknown", async () => {
+  it("reports unknown validators", async () => {
     const validators = blockFixture.validator_set as unknown as ValidatorJson;
     const commit = clone(blockFixture) as unknown as CommitJson;
 
@@ -77,8 +109,117 @@ describe("lightclient.verifyCommit", () => {
     const { proto: vset, cryptoIndex } = await importValidators(validators);
     const sh = importCommit(commit);
 
-    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
-      /header hash does not match commit blockid hash/i,
-    );
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(false);
+    expect(out.ok).toBe(false);
+    expect(out.signedPower).toBe(2n);
+    expect(out.invalidSignatures).toEqual([]);
+    expect(out.unknownValidators).toEqual([
+      "0000000000000000000000000000000000000000",
+    ]);
+    expect(out.countedSignatures).toBe(vset.validators.length - 1);
+  });
+
+  it("detects tampering of every header field by checking the header merkle root against commit.block_id.hash", async () => {
+    const validators = blockFixture.validator_set as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(validators);
+
+    const mutators: Record<string, (commit: any) => void> = {
+      "header.version.block": (commit) => {
+        commit.signed_header.header.version.block = String(
+          BigInt(commit.signed_header.header.version.block) + 1n,
+        );
+      },
+      "header.version.app": (commit) => {
+        commit.signed_header.header.version.app = String(
+          BigInt(commit.signed_header.header.version.app) + 1n,
+        );
+      },
+      "header.chain_id": (commit) => {
+        commit.signed_header.header.chain_id = `${commit.signed_header.header.chain_id}-tampered`;
+      },
+      "header.height": (commit) => {
+        commit.signed_header.header.height = String(
+          BigInt(commit.signed_header.header.height) + 1n,
+        );
+        commit.signed_header.commit.height = commit.signed_header.header.height;
+      },
+      "header.time": (commit) => {
+        commit.signed_header.header.time = "2026-03-08T03:00:52.980342152Z";
+      },
+      "header.last_block_id.hash": (commit) => {
+        commit.signed_header.header.last_block_id.hash = flipLastHexNibble(
+          commit.signed_header.header.last_block_id.hash,
+        );
+      },
+      "header.last_block_id.parts.total": (commit) => {
+        commit.signed_header.header.last_block_id.parts.total += 1;
+      },
+      "header.last_block_id.parts.hash": (commit) => {
+        commit.signed_header.header.last_block_id.parts.hash =
+          flipLastHexNibble(
+            commit.signed_header.header.last_block_id.parts.hash,
+          );
+      },
+      "header.last_commit_hash": (commit) => {
+        commit.signed_header.header.last_commit_hash = flipLastHexNibble(
+          commit.signed_header.header.last_commit_hash,
+        );
+      },
+      "header.data_hash": (commit) => {
+        commit.signed_header.header.data_hash = flipLastHexNibble(
+          commit.signed_header.header.data_hash,
+        );
+      },
+      "header.validators_hash": (commit) => {
+        commit.signed_header.header.validators_hash = flipLastHexNibble(
+          commit.signed_header.header.validators_hash,
+        );
+      },
+      "header.next_validators_hash": (commit) => {
+        commit.signed_header.header.next_validators_hash = flipLastHexNibble(
+          commit.signed_header.header.next_validators_hash,
+        );
+      },
+      "header.consensus_hash": (commit) => {
+        commit.signed_header.header.consensus_hash = flipLastHexNibble(
+          commit.signed_header.header.consensus_hash,
+        );
+      },
+      "header.app_hash": (commit) => {
+        commit.signed_header.header.app_hash = flipLastHexNibble(
+          commit.signed_header.header.app_hash,
+        );
+      },
+      "header.last_results_hash": (commit) => {
+        commit.signed_header.header.last_results_hash = flipLastHexNibble(
+          commit.signed_header.header.last_results_hash,
+        );
+      },
+      "header.evidence_hash": (commit) => {
+        commit.signed_header.header.evidence_hash = flipLastHexNibble(
+          commit.signed_header.header.evidence_hash,
+        );
+      },
+      "header.proposer_address": (commit) => {
+        commit.signed_header.header.proposer_address = flipLastHexNibble(
+          commit.signed_header.header.proposer_address,
+        );
+      },
+    };
+
+    for (const [field, mutate] of Object.entries(mutators)) {
+      const tampered = clone(blockFixture);
+      mutate(tampered);
+
+      const out = await verifyCommit(
+        importCommit(tampered as unknown as CommitJson),
+        vset,
+        cryptoIndex,
+      );
+
+      expect(out.ok, `${field} tampering should be detected`).toBe(false);
+    }
   });
 });