fix(f3): validate F3 snapshot against manifest before importing (#1059)

* fix(f3): validate F3 snapshot against manifest before importing

* fix bootstrap epoch check logic

* unit test

* Fix bootstrap epoch calculation

* no bootstrap epoch check

Author: hanabi1224

certstore/snapshot.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/filecoin-project/go-f3/certs"
 	"github.com/filecoin-project/go-f3/gpbft"
+	"github.com/filecoin-project/go-f3/manifest"
 	"github.com/filecoin-project/go-state-types/cbor"
 	cid "github.com/ipfs/go-cid"
 	"github.com/ipfs/go-datastore"
@@ -87,14 +88,14 @@ type SnapshotReader interface {
 	io.ByteReader
 }
 
-// ImportSnapshotToDatastore imports an F3 snapshot into the specified Datastore
-//
+// ImportSnapshotToDatastore imports an F3 snapshot into the specified Datastore.
+// This function optionally validates the F3 snapshot against the manifest if provided.
 // Checkout the snapshot format specification at <https://github.com/filecoin-project/FIPs/blob/master/FRCs/frc-0108.md>
-func ImportSnapshotToDatastore(ctx context.Context, snapshot SnapshotReader, ds datastore.Batching) error {
-	return importSnapshotToDatastoreWithTestingPowerTableFrequency(ctx, snapshot, ds, 0)
+func ImportSnapshotToDatastore(ctx context.Context, snapshot SnapshotReader, ds datastore.Batching, m *manifest.Manifest) error {
+	return importSnapshotToDatastoreWithTestingPowerTableFrequency(ctx, snapshot, ds, m, 0)
 }
 
-func importSnapshotToDatastoreWithTestingPowerTableFrequency(ctx context.Context, snapshot SnapshotReader, ds datastore.Batching, testingPowerTableFrequency uint64) error {
+func importSnapshotToDatastoreWithTestingPowerTableFrequency(ctx context.Context, snapshot SnapshotReader, ds datastore.Batching, m *manifest.Manifest, testingPowerTableFrequency uint64) error {
 	headerBytes, err := readSnapshotBlockBytes(snapshot)
 	if err != nil {
 		return err
@@ -104,6 +105,20 @@ func importSnapshotToDatastoreWithTestingPowerTableFrequency(ctx context.Context
 	if err != nil {
 		return fmt.Errorf("failed to decode snapshot header: %w", err)
 	}
+	// validate the header against the manifest if provided
+	if m != nil {
+		if m.InitialInstance != header.FirstInstance {
+			return fmt.Errorf("F3 initial instance in the snapshot(%d) does not match that in the manifest(%d)", header.FirstInstance, m.InitialInstance)
+		}
+		if m.InitialPowerTable.Defined() {
+			ptCid, err := certs.MakePowerTableCID(header.InitialPowerTable)
+			if err != nil {
+				return fmt.Errorf("failed to make initial power table CID: %w", err)
+			} else if m.InitialPowerTable != ptCid {
+				return fmt.Errorf("F3 initial power table CID in the snapshot(%s) does not match that in the manifest(%s)", ptCid, m.InitialPowerTable)
+			}
+		}
+	}
 	dsb := autobatch.NewAutoBatching(ds, 1000)
 	defer dsb.Flush(ctx)
 	cs, err := OpenOrCreateStore(ctx, dsb, header.FirstInstance, header.InitialPowerTable)

certstore/snapshot_test.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/filecoin-project/go-f3/certchain"
+	"github.com/filecoin-project/go-f3/certs"
 	"github.com/filecoin-project/go-f3/gpbft"
 	"github.com/filecoin-project/go-f3/internal/clock"
 	"github.com/filecoin-project/go-f3/internal/consensus"
@@ -41,6 +42,9 @@ func Test_SnapshotExportImportRoundTrip(t *testing.T) {
 		return signVerifier.Allow(int(id))
 	}
 	initialPowerTable := generatePowerTable(t, rng, generatePublicKey, nil)
+	ptCid, err := certs.MakePowerTableCID(initialPowerTable)
+	require.NoError(t, err)
+	m.InitialPowerTable = ptCid
 
 	ec := consensus.NewFakeEC(
 		consensus.WithClock(clk),
@@ -103,16 +107,31 @@ func Test_SnapshotExportImportRoundTrip(t *testing.T) {
 	require.Equal(t, c.Hash(), multihash.Multihash(mh))
 
 	ds2 := datastore.NewMapDatastore()
-	err = importSnapshotToDatastoreWithTestingPowerTableFrequency(ctx, bytes.NewReader(snapshot.Bytes()), ds2, testingPowerTableFreqency)
+	err = importSnapshotToDatastoreWithTestingPowerTableFrequency(ctx, bytes.NewReader(snapshot.Bytes()), ds2, &m, testingPowerTableFreqency)
 	require.NoError(t, err)
 
 	require.Equal(t, ds1, ds2)
 
 	ds3 := datastore.NewMapDatastore()
-	err = ImportSnapshotToDatastore(ctx, bytes.NewReader(snapshot.Bytes()), ds3)
+	err = ImportSnapshotToDatastore(ctx, bytes.NewReader(snapshot.Bytes()), ds3, &m)
 	require.NoError(t, err)
 
 	require.NotEqual(t, ds1, ds3)
+
+	// Test manifest validation logic
+	ds4 := datastore.NewMapDatastore()
+	m2 := manifest.LocalDevnetManifest()
+
+	// bad initial instance
+	m2.InitialInstance = m.InitialInstance + 1
+	err = ImportSnapshotToDatastore(ctx, bytes.NewReader(snapshot.Bytes()), ds4, &m2)
+	require.ErrorContains(t, err, "initial instance")
+
+	// bad InitialPowerTable
+	m2.InitialInstance = m.InitialInstance
+	m2.InitialPowerTable = generatedChain[1].ECChain.Head().PowerTable
+	err = ImportSnapshotToDatastore(ctx, bytes.NewReader(snapshot.Bytes()), ds4, &m2)
+	require.ErrorContains(t, err, "initial power table CID")
 }
 
 func generatePowerTable(t *testing.T, rng *rand.Rand, generatePublicKey func(id gpbft.ActorID) gpbft.PubKey, previousEntries gpbft.PowerEntries) gpbft.PowerEntries {