abci: Precommits added to the LastCommit set don't have vote extensions verified #2361
Description
Bug Report
Setup
CometBFT version
v0.38 and main
What happened?
Invalid vote extensions are included in the ExtendedCommitInfo offered to the ABCI application via PrepareProposal.
What did you expect to happen?
ExtendedCommitInfo only includes valid vote extensions.
Moreover, the LastCommit field of a block should only contain Precommits whose extensions were accepted by the application.
How to reproduce it
A validator receives a Precommit from the previous height with an invalid vote extension during the NewHeightRoundStep.
How to fix it
There are a few options:
- do not fix
- instead, inform applications that
PrepareProposalmay receive non-validated extensions - the downsides are
- 2/3N extensions may be verified twice by the proposer, once in
VerifyVoteExtensionand once inPrepareProposal. - the
LastCommitfield of a block may contain information of Precommits whose vote extensions are invalid.
- 2/3N extensions may be verified twice by the proposer, once in
- instead, inform applications that
- verify the extensions of Precommits received while waiting for
timeout_commit- the downsides are
- the application has already moved on to the next height and will now be required to validate extensions from the previous height.
- makes the spec more complex.
- a simple and correct option here is to reject extensions for the previous height, however this would impact in the reward distribution (undo what
timeout_commitis supposed to enable).
- the downsides are