fix(block/syncing): verify header data hash vs actual data hash (#2724)

<!--
Please read and fill out this form before submitting your PR.

Please make sure you have reviewed our contributors guide before
submitting your
first PR.

NOTE: PR titles should follow semantic commits:
https://www.conventionalcommits.org/en/v1.0.0/
-->

## Overview

Verify header data hash vs actual data hash in syncer.

<!-- 
Please provide an explanation of the PR, including the appropriate
context,
background, goal, and rationale. If there is an issue with this
information,
please provide a tl;dr and link the issue. 

Ex: Closes #<issue number>
-->

Author: julienrbrt

block/internal/syncing/da_retriever.go

@@ -163,11 +163,25 @@ func (r *DARetriever) processBlobs(ctx context.Context, blobs [][]byte, daHeight
 		}
 
 		if header := r.tryDecodeHeader(bz, daHeight); header != nil {
+			if _, ok := r.pendingHeaders[header.Height()]; ok {
+				// a (malicious) node may have re-published valid header to another da height (should never happen)
+				// we can already discard it, only the first one is valid
+				r.logger.Debug().Uint64("height", header.Height()).Uint64("da_height", daHeight).Msg("header blob already exists for height, discarding")
+				continue
+			}
+
 			r.pendingHeaders[header.Height()] = header
 			continue
 		}
 
 		if data := r.tryDecodeData(bz, daHeight); data != nil {
+			if _, ok := r.pendingData[data.Height()]; ok {
+				// a (malicious) node may have re-published valid data to another da height (should never happen)
+				// we can already discard it, only the first one is valid
+				r.logger.Debug().Uint64("height", data.Height()).Uint64("da_height", daHeight).Msg("data blob already exists for height, discarding")
+				continue
+			}
+
 			r.pendingData[data.Height()] = data
 		}
 	}

block/internal/syncing/da_retriever_test.go

@@ -27,27 +27,6 @@ import (
 	"github.com/evstack/ev-node/types"
 )
 
-// makeSignedHeaderBytes builds a valid SignedHeader and returns its binary encoding and the object
-func makeSignedHeaderBytes(tb testing.TB, chainID string, height uint64, proposer []byte, pub crypto.PubKey, signer signerpkg.Signer, appHash []byte, dataHash []byte) ([]byte, *types.SignedHeader) {
-	hdr := &types.SignedHeader{
-		Header: types.Header{
-			BaseHeader:      types.BaseHeader{ChainID: chainID, Height: height, Time: uint64(time.Now().Add(time.Duration(height) * time.Second).UnixNano())},
-			AppHash:         appHash,
-			DataHash:        dataHash,
-			ProposerAddress: proposer,
-		},
-		Signer: types.Signer{PubKey: pub, Address: proposer},
-	}
-	bz, err := types.DefaultAggregatorNodeSignatureBytesProvider(&hdr.Header)
-	require.NoError(tb, err)
-	sig, err := signer.Sign(bz)
-	require.NoError(tb, err)
-	hdr.Signature = sig
-	bin, err := hdr.MarshalBinary()
-	require.NoError(tb, err)
-	return bin, hdr
-}
-
 // makeSignedDataBytes builds SignedData containing the provided Data and returns its binary encoding
 func makeSignedDataBytes(t *testing.T, chainID string, height uint64, proposer []byte, pub crypto.PubKey, signer signerpkg.Signer, txs int) ([]byte, *types.SignedData) {
 	d := &types.Data{Metadata: &types.Metadata{ChainID: chainID, Height: height, Time: uint64(time.Now().UnixNano())}}
@@ -189,7 +168,7 @@ func TestDARetriever_ProcessBlobs_HeaderAndData_Success(t *testing.T) {
 	r := NewDARetriever(nil, cm, config.DefaultConfig(), gen, common.DefaultBlockOptions(), zerolog.Nop())
 
 	dataBin, data := makeSignedDataBytes(t, gen.ChainID, 2, addr, pub, signer, 2)
-	hdrBin, _ := makeSignedHeaderBytes(t, gen.ChainID, 2, addr, pub, signer, nil, data.Hash())
+	hdrBin, _ := makeSignedHeaderBytes(t, gen.ChainID, 2, addr, pub, signer, nil, &data.Data)
 
 	events := r.processBlobs(context.Background(), [][]byte{hdrBin, dataBin}, 77)
 	require.Len(t, events, 1)
@@ -310,7 +289,7 @@ func TestDARetriever_RetrieveFromDA_TwoNamespaces_Success(t *testing.T) {
 
 	// Prepare header/data blobs
 	dataBin, data := makeSignedDataBytes(t, gen.ChainID, 9, addr, pub, signer, 1)
-	hdrBin, _ := makeSignedHeaderBytes(t, gen.ChainID, 9, addr, pub, signer, nil, data.Hash())
+	hdrBin, _ := makeSignedHeaderBytes(t, gen.ChainID, 9, addr, pub, signer, nil, &data.Data)
 
 	cfg := config.DefaultConfig()
 	cfg.DA.Namespace = "nsHdr"
@@ -353,7 +332,7 @@ func TestDARetriever_ProcessBlobs_CrossDAHeightMatching(t *testing.T) {
 
 	// Create header and data for the same block height but from different DA heights
 	dataBin, data := makeSignedDataBytes(t, gen.ChainID, 5, addr, pub, signer, 2)
-	hdrBin, _ := makeSignedHeaderBytes(t, gen.ChainID, 5, addr, pub, signer, nil, data.Hash())
+	hdrBin, _ := makeSignedHeaderBytes(t, gen.ChainID, 5, addr, pub, signer, nil, &data.Data)
 
 	// Process header from DA height 100 first
 	events1 := r.processBlobs(context.Background(), [][]byte{hdrBin}, 100)
@@ -392,9 +371,9 @@ func TestDARetriever_ProcessBlobs_MultipleHeadersCrossDAHeightMatching(t *testin
 	data4Bin, data4 := makeSignedDataBytes(t, gen.ChainID, 4, addr, pub, signer, 2)
 	data5Bin, data5 := makeSignedDataBytes(t, gen.ChainID, 5, addr, pub, signer, 1)
 
-	hdr3Bin, _ := makeSignedHeaderBytes(t, gen.ChainID, 3, addr, pub, signer, nil, data3.Hash())
-	hdr4Bin, _ := makeSignedHeaderBytes(t, gen.ChainID, 4, addr, pub, signer, nil, data4.Hash())
-	hdr5Bin, _ := makeSignedHeaderBytes(t, gen.ChainID, 5, addr, pub, signer, nil, data5.Hash())
+	hdr3Bin, _ := makeSignedHeaderBytes(t, gen.ChainID, 3, addr, pub, signer, nil, &data3.Data)
+	hdr4Bin, _ := makeSignedHeaderBytes(t, gen.ChainID, 4, addr, pub, signer, nil, &data4.Data)
+	hdr5Bin, _ := makeSignedHeaderBytes(t, gen.ChainID, 5, addr, pub, signer, nil, &data5.Data)
 
 	// Process multiple headers from DA height 200 - should be stored as pending
 	events1 := r.processBlobs(context.Background(), [][]byte{hdr3Bin, hdr4Bin, hdr5Bin}, 200)

block/internal/syncing/p2p_handler_test.go

@@ -51,19 +51,6 @@ func p2pMakeSignedHeader(t *testing.T, chainID string, height uint64, proposer [
 	return hdr
 }
 
-// p2pMakeData creates Data with the given number of txs
-func p2pMakeData(t *testing.T, chainID string, height uint64, txs int) *types.Data {
-	t.Helper()
-	d := &types.Data{Metadata: &types.Metadata{ChainID: chainID, Height: height, Time: uint64(time.Now().UnixNano())}}
-	if txs > 0 {
-		d.Txs = make(types.Txs, txs)
-		for i := 0; i < txs; i++ {
-			d.Txs[i] = []byte{byte(height), byte(i)}
-		}
-	}
-	return d
-}
-
 // P2PTestData aggregates all dependencies used by P2P handler tests.
 type P2PTestData struct {
 	Handler      *P2PHandler
@@ -104,7 +91,7 @@ func TestP2PHandler_ProcessHeaderRange_HeaderAndDataHappyPath(t *testing.T) {
 	// Signed header at height 5 with non-empty data
 	require.Equal(t, string(p2pData.Genesis.ProposerAddress), string(p2pData.ProposerAddr), "test signer must match genesis proposer for P2P validation")
 	signedHeader := p2pMakeSignedHeader(t, p2pData.Genesis.ChainID, 5, p2pData.ProposerAddr, p2pData.ProposerPub, p2pData.Signer)
-	blockData := p2pMakeData(t, p2pData.Genesis.ChainID, 5, 1)
+	blockData := makeData(p2pData.Genesis.ChainID, 5, 1)
 	signedHeader.DataHash = blockData.DACommitment()
 
 	// Re-sign after setting DataHash so signature matches header bytes
@@ -135,7 +122,7 @@ func TestP2PHandler_ProcessHeaderRange_MissingData_NonEmptyHash(t *testing.T) {
 	signedHeader := p2pMakeSignedHeader(t, p2pData.Genesis.ChainID, 7, p2pData.ProposerAddr, p2pData.ProposerPub, p2pData.Signer)
 
 	// Non-empty data: set header.DataHash to a commitment; expect data store lookup to fail and event skipped
-	blockData := p2pMakeData(t, p2pData.Genesis.ChainID, 7, 1)
+	blockData := makeData(p2pData.Genesis.ChainID, 7, 1)
 	signedHeader.DataHash = blockData.DACommitment()
 
 	p2pData.HeaderStore.EXPECT().GetByHeight(ctx, uint64(7)).Return(signedHeader, nil).Once()
@@ -149,7 +136,7 @@ func TestP2PHandler_ProcessDataRange_HeaderMissing(t *testing.T) {
 	p2pData := setupP2P(t)
 	ctx := context.Background()
 
-	blockData := p2pMakeData(t, p2pData.Genesis.ChainID, 9, 1)
+	blockData := makeData(p2pData.Genesis.ChainID, 9, 1)
 	p2pData.DataStore.EXPECT().GetByHeight(ctx, uint64(9)).Return(blockData, nil).Once()
 	p2pData.HeaderStore.EXPECT().GetByHeight(ctx, uint64(9)).Return(nil, errors.New("no header")).Once()
 
@@ -182,7 +169,7 @@ func TestP2PHandler_CreateEmptyDataForHeader_UsesPreviousDataHash(t *testing.T)
 	signedHeader.DataHash = common.DataHashForEmptyTxs
 
 	// Mock previous data at height 9 so handler can propagate its hash
-	previousData := p2pMakeData(t, p2pData.Genesis.ChainID, 9, 1)
+	previousData := makeData(p2pData.Genesis.ChainID, 9, 1)
 	p2pData.DataStore.EXPECT().GetByHeight(ctx, uint64(9)).Return(previousData, nil).Once()
 
 	emptyData := p2pData.Handler.createEmptyDataForHeader(ctx, signedHeader)
@@ -220,7 +207,7 @@ func TestP2PHandler_ProcessHeaderRange_MultipleHeightsHappyPath(t *testing.T) {
 	// Build two consecutive heights with valid headers and data
 	// Height 5
 	header5 := p2pMakeSignedHeader(t, p2pData.Genesis.ChainID, 5, p2pData.ProposerAddr, p2pData.ProposerPub, p2pData.Signer)
-	data5 := p2pMakeData(t, p2pData.Genesis.ChainID, 5, 1)
+	data5 := makeData(p2pData.Genesis.ChainID, 5, 1)
 	header5.DataHash = data5.DACommitment()
 	// Re-sign after setting DataHash to keep signature valid
 	bz5, err := types.DefaultAggregatorNodeSignatureBytesProvider(&header5.Header)
@@ -232,7 +219,7 @@ func TestP2PHandler_ProcessHeaderRange_MultipleHeightsHappyPath(t *testing.T) {
 
 	// Height 6
 	header6 := p2pMakeSignedHeader(t, p2pData.Genesis.ChainID, 6, p2pData.ProposerAddr, p2pData.ProposerPub, p2pData.Signer)
-	data6 := p2pMakeData(t, p2pData.Genesis.ChainID, 6, 2)
+	data6 := makeData(p2pData.Genesis.ChainID, 6, 2)
 	header6.DataHash = data6.DACommitment()
 	bz6, err := types.DefaultAggregatorNodeSignatureBytesProvider(&header6.Header)
 	require.NoError(t, err, "failed to get signature bytes for height 6")
@@ -260,7 +247,7 @@ func TestP2PHandler_ProcessDataRange_HeaderValidateHeaderFails(t *testing.T) {
 	ctx := context.Background()
 
 	// Data exists at height 3
-	blockData := p2pMakeData(t, p2pData.Genesis.ChainID, 3, 1)
+	blockData := makeData(p2pData.Genesis.ChainID, 3, 1)
 	p2pData.DataStore.EXPECT().GetByHeight(ctx, uint64(3)).Return(blockData, nil).Once()
 
 	// Header proposer does not match genesis -> validateHeader should fail

block/internal/syncing/syncer.go

@@ -431,7 +431,7 @@ func (s *Syncer) trySyncNextBlock(event *common.DAHeightEvent) error {
 	// Compared to the executor logic where the current block needs to be applied first,
 	// here only the previous block needs to be applied to proceed to the verification.
 	// The header validation must be done before applying the block to avoid executing gibberish
-	if err := s.validateBlock(currentState, header, data); err != nil {
+	if err := s.validateBlock(header, data); err != nil {
 		// remove header as da included (not per se needed, but keep cache clean)
 		s.cache.RemoveHeaderDAIncluded(header.Hash().String())
 		return errors.Join(errInvalidBlock, fmt.Errorf("failed to validate block: %w", err))
@@ -525,8 +525,10 @@ func (s *Syncer) executeTxsWithRetry(ctx context.Context, rawTxs [][]byte, heade
 }
 
 // validateBlock validates a synced block
+// NOTE: if the header was gibberish and somehow passed all validation prior but the data was correct
+// or if the data was gibberish and somehow passed all validation prior but the header was correct
+// we are still losing both in the pending event. This should never happen.
 func (s *Syncer) validateBlock(
-	lastState types.State,
 	header *types.SignedHeader,
 	data *types.Data,
 ) error {
@@ -535,6 +537,11 @@ func (s *Syncer) validateBlock(
 
 	// Validate header with data
 	if err := header.ValidateBasicWithData(data); err != nil {
+		return fmt.Errorf("invalid header: %w", err)
+	}
+
+	// Validate header against data
+	if err := types.Validate(header, data); err != nil {
 		return fmt.Errorf("header-data validation failed: %w", err)
 	}
 

block/internal/syncing/syncer_test.go

@@ -42,26 +42,41 @@ func buildSyncTestSigner(tb testing.TB) (addr []byte, pub crypto.PubKey, signer
 	return a, p, n
 }
 
-func makeSignedHeader(t *testing.T, chainID string, height uint64, proposer []byte, pub crypto.PubKey, signer signerpkg.Signer, appHash []byte) *types.SignedHeader {
+// makeSignedHeaderBytes builds a valid SignedHeader and returns its binary encoding and the object
+func makeSignedHeaderBytes(tb testing.TB, chainID string, height uint64, proposer []byte, pub crypto.PubKey, signer signerpkg.Signer, appHash []byte, data *types.Data) ([]byte, *types.SignedHeader) {
+	time := uint64(time.Now().UnixNano())
+	dataHash := common.DataHashForEmptyTxs
+	if data != nil {
+		time = uint64(data.Time().UnixNano())
+		dataHash = data.DACommitment()
+	}
+
 	hdr := &types.SignedHeader{
 		Header: types.Header{
-			BaseHeader:      types.BaseHeader{ChainID: chainID, Height: height, Time: uint64(time.Now().Add(time.Duration(height) * time.Second).UnixNano())},
+			BaseHeader:      types.BaseHeader{ChainID: chainID, Height: height, Time: time},
 			AppHash:         appHash,
+			DataHash:        dataHash,
 			ProposerAddress: proposer,
 		},
 		Signer: types.Signer{PubKey: pub, Address: proposer},
 	}
-	// sign using aggregator provider (sync node will re-verify using sync provider, which defaults to same header bytes)
 	bz, err := types.DefaultAggregatorNodeSignatureBytesProvider(&hdr.Header)
-	require.NoError(t, err)
+	require.NoError(tb, err)
 	sig, err := signer.Sign(bz)
-	require.NoError(t, err)
+	require.NoError(tb, err)
 	hdr.Signature = sig
-	return hdr
+	bin, err := hdr.MarshalBinary()
+	require.NoError(tb, err)
+	return bin, hdr
 }
 
 func makeData(chainID string, height uint64, txs int) *types.Data {
-	d := &types.Data{Metadata: &types.Metadata{ChainID: chainID, Height: height, Time: uint64(time.Now().UnixNano())}}
+	d := &types.Data{
+		Metadata: &types.Metadata{
+			ChainID: chainID,
+			Height:  height,
+			Time:    uint64(time.Now().Add(time.Duration(height) * time.Second).UnixNano())},
+	}
 	if txs > 0 {
 		d.Txs = make(types.Txs, txs)
 		for i := 0; i < txs; i++ {
@@ -71,6 +86,54 @@ func makeData(chainID string, height uint64, txs int) *types.Data {
 	return d
 }
 
+func TestSyncer_validateBlock_DataHashMismatch(t *testing.T) {
+	ds := dssync.MutexWrap(datastore.NewMapDatastore())
+	st := store.New(ds)
+	cm, err := cache.NewManager(config.DefaultConfig(), st, zerolog.Nop())
+	require.NoError(t, err)
+
+	addr, pub, signer := buildSyncTestSigner(t)
+
+	cfg := config.DefaultConfig()
+	gen := genesis.Genesis{ChainID: "tchain", InitialHeight: 1, StartTime: time.Now().Add(-time.Second), ProposerAddress: addr}
+
+	mockExec := testmocks.NewMockExecutor(t)
+
+	s := NewSyncer(
+		st,
+		mockExec,
+		nil,
+		cm,
+		common.NopMetrics(),
+		cfg,
+		gen,
+		nil,
+		nil,
+		zerolog.Nop(),
+		common.DefaultBlockOptions(),
+		make(chan error, 1),
+	)
+
+	// Create header and data with correct hash
+	data := makeData(gen.ChainID, 1, 2) // non-empty
+	_, header := makeSignedHeaderBytes(t, gen.ChainID, 1, addr, pub, signer, nil, data)
+
+	err = s.validateBlock(header, data)
+	require.NoError(t, err)
+
+	// Create header and data with mismatched hash
+	data = makeData(gen.ChainID, 1, 2) // non-empty
+	_, header = makeSignedHeaderBytes(t, gen.ChainID, 1, addr, pub, signer, nil, nil)
+	err = s.validateBlock(header, data)
+	require.Error(t, err)
+
+	// Create header and empty data
+	data = makeData(gen.ChainID, 1, 0) // empty
+	_, header = makeSignedHeaderBytes(t, gen.ChainID, 2, addr, pub, signer, nil, nil)
+	err = s.validateBlock(header, data)
+	require.Error(t, err)
+}
+
 func TestProcessHeightEvent_SyncsAndUpdatesState(t *testing.T) {
 	ds := dssync.MutexWrap(datastore.NewMapDatastore())
 	st := store.New(ds)
@@ -104,9 +167,8 @@ func TestProcessHeightEvent_SyncsAndUpdatesState(t *testing.T) {
 	s.ctx = context.Background()
 	// Create signed header & data for height 1
 	lastState := s.GetLastState()
-	hdr := makeSignedHeader(t, gen.ChainID, 1, addr, pub, signer, lastState.AppHash)
 	data := makeData(gen.ChainID, 1, 0)
-	// For empty data, header.DataHash should be set by producer; here we don't rely on it for syncing
+	_, hdr := makeSignedHeaderBytes(t, gen.ChainID, 1, addr, pub, signer, lastState.AppHash, data)
 
 	// Expect ExecuteTxs call for height 1
 	mockExec.EXPECT().ExecuteTxs(mock.Anything, mock.Anything, uint64(1), mock.Anything, lastState.AppHash).
@@ -154,17 +216,17 @@ func TestSequentialBlockSync(t *testing.T) {
 
 	// Sync two consecutive blocks via processHeightEvent so ExecuteTxs is called and state stored
 	st0 := s.GetLastState()
-	hdr1 := makeSignedHeader(t, gen.ChainID, 1, addr, pub, signer, st0.AppHash)
 	data1 := makeData(gen.ChainID, 1, 1) // non-empty
+	_, hdr1 := makeSignedHeaderBytes(t, gen.ChainID, 1, addr, pub, signer, st0.AppHash, data1)
 	// Expect ExecuteTxs call for height 1
 	mockExec.EXPECT().ExecuteTxs(mock.Anything, mock.Anything, uint64(1), mock.Anything, st0.AppHash).
 		Return([]byte("app1"), uint64(1024), nil).Once()
 	evt1 := common.DAHeightEvent{Header: hdr1, Data: data1, DaHeight: 10}
 	s.processHeightEvent(&evt1)
 
 	st1, _ := st.GetState(context.Background())
-	hdr2 := makeSignedHeader(t, gen.ChainID, 2, addr, pub, signer, st1.AppHash)
 	data2 := makeData(gen.ChainID, 2, 0) // empty data
+	_, hdr2 := makeSignedHeaderBytes(t, gen.ChainID, 2, addr, pub, signer, st1.AppHash, data2)
 	// Expect ExecuteTxs call for height 2
 	mockExec.EXPECT().ExecuteTxs(mock.Anything, mock.Anything, uint64(2), mock.Anything, st1.AppHash).
 		Return([]byte("app2"), uint64(1024), nil).Once()
@@ -287,17 +349,17 @@ func TestSyncLoopPersistState(t *testing.T) {
 	// with n da blobs fetched
 	for i := range myFutureDAHeight - myDAHeightOffset {
 		chainHeight, daHeight := i, i+myDAHeightOffset
-		_, sigHeader := makeSignedHeaderBytes(t, gen.ChainID, chainHeight, addr, pub, signer, nil, nil)
-		emptyData := types.Data{
+		emptyData := &types.Data{
 			Metadata: &types.Metadata{
-				ChainID: sigHeader.ChainID(),
-				Height:  sigHeader.Height(),
-				Time:    sigHeader.BaseHeader.Time,
+				ChainID: gen.ChainID,
+				Height:  chainHeight,
+				Time:    uint64(time.Now().Add(time.Duration(chainHeight) * time.Second).UnixNano()),
 			},
 		}
+		_, sigHeader := makeSignedHeaderBytes(t, gen.ChainID, chainHeight, addr, pub, signer, nil, emptyData)
 		evts := []common.DAHeightEvent{{
 			Header:   sigHeader,
-			Data:     &emptyData,
+			Data:     emptyData,
 			DaHeight: daHeight,
 		}}
 		daRtrMock.On("RetrieveFromDA", mock.Anything, daHeight).Return(evts, nil)