db-sync: Add hash checking when maintaining ledger state

Maintenance of ledger state uses code in the consensus packages as a library.

* There are two versions of a function to apply a block to a ledger state; a
  slow one that does full checking and fast one that does fewer checks.
* Since db-sync is getting blocks that have already been validated by the node,
  it seemed sensible to use the fast version.
* I had been told that the checks in the fast version included checking that the
  block's previous hash matches the value of the head hash in the ledger state,
  but this hash check was not being done.

The previous lack of hash checking means the problem was not detected until the
start of the next epoch.

Author: erikd

cardano-db-sync/cardano-db-sync.cabal

@@ -37,33 +37,34 @@ library
                         Cardano.DbSync.Config.Node
                         Cardano.DbSync.Config.Shelley
                         Cardano.DbSync.Config.Types
-                        Cardano.DbSync.Types
-                        Cardano.DbSync.Error
-                        Cardano.DbSync.Util
-                        Cardano.DbSync.Era
-                        Cardano.DbSync.Era.Byron.Util
-                        Cardano.DbSync.Era.Shelley.Util
-
                         Cardano.DbSync.Database
                         Cardano.DbSync.DbAction
-                        Cardano.DbSync.Metrics
-                        Cardano.DbSync.Plugin
-                        Cardano.DbSync.Plugin.Default
-                        Cardano.DbSync.Plugin.Epoch
-
-                        Cardano.DbSync.Rollback
-
-                        Cardano.DbSync.Tracing.ToObjectOrphans
+                        Cardano.DbSync.Error
 
+                        Cardano.DbSync.Era
                         Cardano.DbSync.Era.Byron.Genesis
                         Cardano.DbSync.Era.Byron.Insert
+                        Cardano.DbSync.Era.Byron.Util
+                        Cardano.DbSync.Era.Cardano.Util
                         Cardano.DbSync.Era.Shelley.Genesis
                         Cardano.DbSync.Era.Shelley.Insert
                         Cardano.DbSync.Era.Shelley.Query
                         Cardano.DbSync.Era.Shelley.Metadata
                         Cardano.DbSync.Era.Shelley.Types
+                        Cardano.DbSync.Era.Shelley.Util
+
                         Cardano.DbSync.LedgerState
+                        Cardano.DbSync.Metrics
+
+                        Cardano.DbSync.Plugin
+                        Cardano.DbSync.Plugin.Default
+                        Cardano.DbSync.Plugin.Epoch
+
+                        Cardano.DbSync.Rollback
                         Cardano.DbSync.StateQuery
+                        Cardano.DbSync.Tracing.ToObjectOrphans
+                        Cardano.DbSync.Types
+                        Cardano.DbSync.Util
 
   build-depends:        base                            >= 4.12         && < 4.13
                       , aeson

cardano-db-sync/src/Cardano/DbSync/Era/Cardano/Util.hs

@@ -0,0 +1,23 @@
+{-# LANGUAGE OverloadedStrings #-}
+module Cardano.DbSync.Era.Cardano.Util
+  ( unChainHash
+  ) where
+
+import qualified Data.ByteString.Short as BSS
+
+import           Cardano.DbSync.Config.Types
+
+import           Cardano.Prelude
+
+import qualified Ouroboros.Consensus.HardFork.Combinator as Consensus
+
+import           Ouroboros.Network.Block (ChainHash (..))
+
+
+unChainHash :: ChainHash CardanoBlock -> ByteString
+unChainHash ch =
+  case ch of
+    GenesisHash -> "genesis"
+    BlockHash bh -> BSS.fromShort (Consensus.getOneEraHash bh)
+
+

cardano-db-sync/src/Cardano/DbSync/LedgerState.hs

@@ -23,6 +23,7 @@ import qualified Cardano.Binary as Serialize
 import           Cardano.DbSync.Config
 import           Cardano.DbSync.Config.Cardano
 import           Cardano.DbSync.Config.Types
+import qualified Cardano.DbSync.Era.Cardano.Util as Cardano
 import           Cardano.DbSync.Types
 import           Cardano.DbSync.Util
 
@@ -38,20 +39,20 @@ import           Control.Monad.Extra (firstJustM)
 
 import qualified Data.ByteString.Char8 as BS
 import qualified Data.ByteString.Lazy.Char8 as LBS
+import qualified Data.ByteString.Short as BSS
 import           Data.Either (partitionEithers)
 import qualified Data.List as List
 
-import           Ouroboros.Consensus.Block (CodecConfig, WithOrigin (..))
-import           Ouroboros.Consensus.Cardano.Block
-                   (LedgerState (LedgerStateByron, LedgerStateShelley))
+import           Ouroboros.Consensus.Block (CodecConfig, WithOrigin (..), blockHash, blockPrevHash)
+import           Ouroboros.Consensus.Cardano.Block (LedgerState (..))
 import           Ouroboros.Consensus.Cardano.CanHardFork ()
 import           Ouroboros.Consensus.Config (TopLevelConfig (..), configCodec, configLedger)
 import qualified Ouroboros.Consensus.HardFork.Combinator as Consensus
 import           Ouroboros.Consensus.HardFork.Combinator.Basics (LedgerState (..))
 import           Ouroboros.Consensus.HardFork.Combinator.State (epochInfoLedger)
 import qualified Ouroboros.Consensus.HardFork.Combinator.State as Consensus
 import qualified Ouroboros.Consensus.HeaderValidation as Consensus
-import           Ouroboros.Consensus.Ledger.Abstract (ledgerTipSlot, tickThenApply, tickThenReapply)
+import           Ouroboros.Consensus.Ledger.Abstract (ledgerTipHash, ledgerTipSlot, tickThenReapply)
 import           Ouroboros.Consensus.Ledger.Extended (ExtLedgerCfg (..), ExtLedgerState (..),
                    decodeExtLedgerState, encodeExtLedgerState)
 import qualified Ouroboros.Consensus.Node.ProtocolInfo as Consensus
@@ -61,8 +62,6 @@ import qualified Ouroboros.Consensus.Shelley.Protocol as Consensus
 import           Ouroboros.Consensus.Storage.Serialisation (DecodeDisk (..), EncodeDisk (..))
 import qualified Ouroboros.Consensus.TypeFamilyWrappers as Consensus
 
-
-
 import qualified Shelley.Spec.Ledger.API.Protocol as Shelley
 import qualified Shelley.Spec.Ledger.BaseTypes as Shelley
 import qualified Shelley.Spec.Ledger.EpochBoundary as Shelley
@@ -137,12 +136,9 @@ applyBlock (LedgerStateVar stateVar) blk =
   where
     applyBlk :: ExtLedgerCfg CardanoBlock -> CardanoBlock -> ExtLedgerState CardanoBlock -> ExtLedgerState CardanoBlock
     applyBlk cfg block lsb =
-      -- Set to False to get better error messages from Consensus (but slower block application).
-      if True
-        then tickThenReapply cfg block lsb
-        else case runExcept $ tickThenApply cfg block lsb of
-                Left err -> panic $ textShow err
-                Right result -> result
+      case tickThenReapplyCheckHash cfg block lsb of
+        Left err -> panic err
+        Right result -> result
 
 saveLedgerState :: LedgerStateDir -> LedgerStateVar -> CardanoLedgerState -> SyncState -> IO ()
 saveLedgerState lsd@(LedgerStateDir stateDir) (LedgerStateVar stateVar) ledger synced = do
@@ -234,7 +230,6 @@ loadState stateDir ledger slotNo = do
         Left (_ :: IOException) -> pure Nothing
         Right bs -> pure $ decode bs
 
-
     codecConfig :: CodecConfig CardanoBlock
     codecConfig = configCodec (clsConfig ledger)
 
@@ -297,7 +292,7 @@ ledgerEpochUpdate els mRewards =
         , euRewards = fromMaybe Shelley.emptyRewardUpdate mRewards
 
         -- Use '_pstakeSet' here instead of '_pstateMark' because the stake addresses for the
-        -- later may not have been added to the database yet. That means that whne these values
+        -- later may not have been added to the database yet. That means that when these values
         -- are added to the database, the epoch number where they become active is the current
         -- epoch plus one.
         , euStakeDistribution = Shelley._stake . Shelley._pstakeSet . Shelley.esSnapshots
@@ -326,3 +321,21 @@ extractEpochNonce extLedgerState =
             $ Consensus.tpraosStateChainDepState (Consensus.unwrapChainDepState chainDepStateShelley)
     Consensus.TS {} ->
       Nothing
+
+-- Like 'Consensus.tickThenReapply' but also checks that the previous hash from the block matches
+-- the head hash of the ledger state.
+tickThenReapplyCheckHash
+    :: ExtLedgerCfg CardanoBlock -> CardanoBlock -> ExtLedgerState CardanoBlock
+    -> Either Text (ExtLedgerState CardanoBlock)
+tickThenReapplyCheckHash cfg block lsb =
+  if blockPrevHash block == ledgerTipHash (ledgerState lsb)
+    then Right $ tickThenReapply cfg block lsb
+    else Left $ mconcat
+                  [ "Ledger state hash mismatch. Ledger head is slot "
+                  , textShow (unSlotNo $ fromWithOrigin (SlotNo 0) (ledgerTipSlot $ ledgerState lsb))
+                  , " hash ", renderByteArray (Cardano.unChainHash (ledgerTipHash $ ledgerState lsb))
+                  , " but block previous hash is "
+                  , renderByteArray (Cardano.unChainHash $ blockPrevHash block)
+                  , " and block current hash is "
+                  , renderByteArray (BSS.fromShort . Consensus.getOneEraHash $ blockHash block), "."
+                  ]