feat(ledger): validate metadata during rule checks

Signed-off-by: Chris Gianelloni <wolf31o2@blinklabs.io>

Author: wolf31o2

ledger/allegra/errors.go

@@ -16,6 +16,8 @@ package allegra
 
 import (
 	"fmt"
+
+	"github.com/blinklabs-io/gouroboros/ledger/common"
 )
 
 type OutsideValidityIntervalUtxoError struct {
@@ -30,3 +32,38 @@ func (e OutsideValidityIntervalUtxoError) Error() string {
 		e.Slot,
 	)
 }
+
+type MissingTransactionMetadataError struct {
+	Hash common.Blake2b256
+}
+
+func (e MissingTransactionMetadataError) Error() string {
+	return fmt.Sprintf(
+		"missing transaction metadata: body declares hash %x but no metadata provided",
+		e.Hash,
+	)
+}
+
+type MissingTransactionAuxiliaryDataHashError struct {
+	Hash common.Blake2b256
+}
+
+func (e MissingTransactionAuxiliaryDataHashError) Error() string {
+	return fmt.Sprintf(
+		"missing transaction auxiliary data hash: metadata provided with hash %x but body has no hash",
+		e.Hash,
+	)
+}
+
+type ConflictingMetadataHashError struct {
+	Supplied common.Blake2b256
+	Expected common.Blake2b256
+}
+
+func (e ConflictingMetadataHashError) Error() string {
+	return fmt.Sprintf(
+		"conflicting metadata hash: body declares %x, actual metadata hash is %x",
+		e.Supplied,
+		e.Expected,
+	)
+}

ledger/allegra/rules.go

@@ -22,6 +22,7 @@ import (
 )
 
 var UtxoValidationRules = []common.UtxoValidationRuleFunc{
+	UtxoValidateMetadata,
 	UtxoValidateOutsideValidityIntervalUtxo,
 	UtxoValidateInputSetEmptyUtxo,
 	UtxoValidateFeeTooSmallUtxo,
@@ -167,3 +168,46 @@ func UtxoValidateMaxTxSizeUtxo(
 		tmpPparams,
 	)
 }
+
+// UtxoValidateMetadata validates that auxiliary data (metadata) matches the hash in transaction body
+// This is a cheap structural check that should run before expensive ledger lookups
+func UtxoValidateMetadata(
+	tx common.Transaction,
+	slot uint64,
+	ls common.LedgerState,
+	pp common.ProtocolParameters,
+) error {
+	bodyAuxDataHash := tx.AuxDataHash()
+	txAuxData := tx.Metadata()
+
+	// Case 1: Neither body hash nor aux data present - OK
+	if bodyAuxDataHash == nil && txAuxData == nil {
+		return nil
+	}
+
+	// Case 2: Body has hash but no aux data provided - error
+	if bodyAuxDataHash != nil && txAuxData == nil {
+		return MissingTransactionMetadataError{
+			Hash: *bodyAuxDataHash,
+		}
+	}
+
+	// Case 3: Aux data provided but body has no hash - error
+	if bodyAuxDataHash == nil && txAuxData != nil {
+		actualHash := common.Blake2b256(txAuxData.Cbor())
+		return MissingTransactionAuxiliaryDataHashError{
+			Hash: actualHash,
+		}
+	}
+
+	// Case 4: Both present - verify hash matches
+	actualHash := common.Blake2b256(txAuxData.Cbor())
+	if *bodyAuxDataHash != actualHash {
+		return ConflictingMetadataHashError{
+			Supplied: *bodyAuxDataHash,
+			Expected: actualHash,
+		}
+	}
+
+	return nil
+}

ledger/alonzo/errors.go

@@ -64,3 +64,38 @@ type NoCollateralInputsError struct{}
 func (NoCollateralInputsError) Error() string {
 	return "no collateral inputs"
 }
+
+type MissingTransactionMetadataError struct {
+	Hash common.Blake2b256
+}
+
+func (e MissingTransactionMetadataError) Error() string {
+	return fmt.Sprintf(
+		"missing transaction metadata: body declares hash %x but no metadata provided",
+		e.Hash,
+	)
+}
+
+type MissingTransactionAuxiliaryDataHashError struct {
+	Hash common.Blake2b256
+}
+
+func (e MissingTransactionAuxiliaryDataHashError) Error() string {
+	return fmt.Sprintf(
+		"missing transaction auxiliary data hash: metadata provided with hash %x but body has no hash",
+		e.Hash,
+	)
+}
+
+type ConflictingMetadataHashError struct {
+	Supplied common.Blake2b256
+	Expected common.Blake2b256
+}
+
+func (e ConflictingMetadataHashError) Error() string {
+	return fmt.Sprintf(
+		"conflicting metadata hash: body declares %x, actual metadata hash is %x",
+		e.Supplied,
+		e.Expected,
+	)
+}

ledger/alonzo/rules.go

@@ -25,6 +25,7 @@ import (
 )
 
 var UtxoValidationRules = []common.UtxoValidationRuleFunc{
+	UtxoValidateMetadata,
 	UtxoValidateOutsideValidityIntervalUtxo,
 	UtxoValidateInputSetEmptyUtxo,
 	UtxoValidateFeeTooSmallUtxo,
@@ -428,3 +429,46 @@ func MinCoinTxOut(
 	minCoinTxOut := uint64(tmpPparams.MinUtxoValue)
 	return minCoinTxOut, nil
 }
+
+// UtxoValidateMetadata validates that auxiliary data (metadata) matches the hash in transaction body
+// This is a cheap structural check that should run before expensive ledger lookups
+func UtxoValidateMetadata(
+	tx common.Transaction,
+	slot uint64,
+	ls common.LedgerState,
+	pp common.ProtocolParameters,
+) error {
+	bodyAuxDataHash := tx.AuxDataHash()
+	txAuxData := tx.Metadata()
+
+	// Case 1: Neither body hash nor aux data present - OK
+	if bodyAuxDataHash == nil && txAuxData == nil {
+		return nil
+	}
+
+	// Case 2: Body has hash but no aux data provided - error
+	if bodyAuxDataHash != nil && txAuxData == nil {
+		return MissingTransactionMetadataError{
+			Hash: *bodyAuxDataHash,
+		}
+	}
+
+	// Case 3: Aux data provided but body has no hash - error
+	if bodyAuxDataHash == nil && txAuxData != nil {
+		actualHash := common.Blake2b256(txAuxData.Cbor())
+		return MissingTransactionAuxiliaryDataHashError{
+			Hash: actualHash,
+		}
+	}
+
+	// Case 4: Both present - verify hash matches
+	actualHash := common.Blake2b256(txAuxData.Cbor())
+	if *bodyAuxDataHash != actualHash {
+		return ConflictingMetadataHashError{
+			Supplied: *bodyAuxDataHash,
+			Expected: actualHash,
+		}
+	}
+
+	return nil
+}

ledger/babbage/errors.go

@@ -16,6 +16,8 @@ package babbage
 
 import (
 	"fmt"
+
+	"github.com/blinklabs-io/gouroboros/ledger/common"
 )
 
 type TooManyCollateralInputsError struct {
@@ -43,3 +45,38 @@ func (e IncorrectTotalCollateralFieldError) Error() string {
 		e.TotalCollateral,
 	)
 }
+
+type MissingTransactionMetadataError struct {
+	Hash common.Blake2b256
+}
+
+func (e MissingTransactionMetadataError) Error() string {
+	return fmt.Sprintf(
+		"missing transaction metadata: auxiliary data hash %s",
+		e.Hash,
+	)
+}
+
+type MissingTransactionAuxiliaryDataHashError struct {
+	Hash common.Blake2b256
+}
+
+func (e MissingTransactionAuxiliaryDataHashError) Error() string {
+	return fmt.Sprintf(
+		"missing auxiliary data hash in transaction body: metadata hash %s",
+		e.Hash,
+	)
+}
+
+type ConflictingMetadataHashError struct {
+	Supplied common.Blake2b256
+	Expected common.Blake2b256
+}
+
+func (e ConflictingMetadataHashError) Error() string {
+	return fmt.Sprintf(
+		"metadata hash mismatch: supplied %s expected %s",
+		e.Supplied,
+		e.Expected,
+	)
+}

ledger/babbage/rules.go

@@ -26,6 +26,7 @@ import (
 )
 
 var UtxoValidationRules = []common.UtxoValidationRuleFunc{
+	UtxoValidateMetadata,
 	UtxoValidateOutsideValidityIntervalUtxo,
 	UtxoValidateInputSetEmptyUtxo,
 	UtxoValidateFeeTooSmallUtxo,
@@ -499,3 +500,46 @@ func MinCoinTxOut(
 	minCoinTxOut := tmpPparams.AdaPerUtxoByte * uint64(len(txOutBytes))
 	return minCoinTxOut, nil
 }
+
+// UtxoValidateMetadata validates that auxiliary data (metadata) matches the hash in transaction body
+// This is a cheap structural check that should run before expensive ledger lookups
+func UtxoValidateMetadata(
+	tx common.Transaction,
+	slot uint64,
+	ls common.LedgerState,
+	pp common.ProtocolParameters,
+) error {
+	bodyAuxDataHash := tx.AuxDataHash()
+	txAuxData := tx.Metadata()
+
+	// Case 1: Neither body hash nor aux data present - OK
+	if bodyAuxDataHash == nil && txAuxData == nil {
+		return nil
+	}
+
+	// Case 2: Body has hash but no aux data provided - error
+	if bodyAuxDataHash != nil && txAuxData == nil {
+		return MissingTransactionMetadataError{
+			Hash: *bodyAuxDataHash,
+		}
+	}
+
+	// Case 3: Aux data provided but body has no hash - error
+	if bodyAuxDataHash == nil && txAuxData != nil {
+		actualHash := common.Blake2b256(txAuxData.Cbor())
+		return MissingTransactionAuxiliaryDataHashError{
+			Hash: actualHash,
+		}
+	}
+
+	// Case 4: Both present - verify hash matches
+	actualHash := common.Blake2b256(txAuxData.Cbor())
+	if *bodyAuxDataHash != actualHash {
+		return ConflictingMetadataHashError{
+			Supplied: *bodyAuxDataHash,
+			Expected: actualHash,
+		}
+	}
+
+	return nil
+}

ledger/conway/errors.go

@@ -15,6 +15,7 @@
 package conway
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/blinklabs-io/gouroboros/ledger/common"
@@ -31,3 +32,38 @@ func (e NonDisjointRefInputsError) Error() string {
 	}
 	return "non-disjoint reference inputs: " + strings.Join(tmpInputs, ", ")
 }
+
+type MissingTransactionMetadataError struct {
+	Hash common.Blake2b256
+}
+
+func (e MissingTransactionMetadataError) Error() string {
+	return fmt.Sprintf(
+		"missing transaction metadata: auxiliary data hash %s",
+		e.Hash,
+	)
+}
+
+type MissingTransactionAuxiliaryDataHashError struct {
+	Hash common.Blake2b256
+}
+
+func (e MissingTransactionAuxiliaryDataHashError) Error() string {
+	return fmt.Sprintf(
+		"missing auxiliary data hash in transaction body: metadata hash %s",
+		e.Hash,
+	)
+}
+
+type ConflictingMetadataHashError struct {
+	Supplied common.Blake2b256
+	Expected common.Blake2b256
+}
+
+func (e ConflictingMetadataHashError) Error() string {
+	return fmt.Sprintf(
+		"metadata hash mismatch: supplied %s expected %s",
+		e.Supplied,
+		e.Expected,
+	)
+}