test: add test for commit message handling without proposal acceptance

diegomrsantos · diegomrsantos · commit e702cf6df2c6 · 2025-08-28T20:50:27.000+02:00
Add failing test that demonstrates QBFT incorrectly drops commit messages
when no proposal has been accepted for the current round. This prevents
proper catch-up scenarios where nodes should be able to achieve consensus
based on commit quorum even without seeing the original proposal.

The test shows that commit messages are dropped in the commit message
handling logic, which should buffer these messages instead for later
processing when a proposal arrives.
diff --git a/anchor/common/qbft/src/tests.rs b/anchor/common/qbft/src/tests.rs
@@ -223,3 +223,128 @@ fn test_node_recovery() {
     let num_consensus = test_instance.wait_until_end();
     assert_eq!(num_consensus, 5); // Should reach full consensus after recovery
 }
+
+#[test]
+/// Test that demonstrates QBFT incorrectly drops commit messages when no proposal accepted
+///
+/// In a proper QBFT implementation, commit messages should be buffered when they arrive
+/// before a proposal, allowing catch-up scenarios where a node can achieve consensus
+/// based on a commit quorum even without seeing the original proposal.
+///
+/// Current bug: Individual commit messages are dropped when
+/// proposal_accepted_for_current_round is false, preventing nodes from ever
+/// reaching commit quorum in catch-up scenarios.
+fn test_commit_messages_dropped_without_proposal_acceptance() {
+    if ENABLE_TEST_LOGGING {
+        let env_filter = EnvFilter::new("debug");
+        let _ = tracing_subscriber::fmt()
+            .compact()
+            .with_env_filter(env_filter)
+            .try_init();
+    }
+
+    use ssv_types::{
+        consensus::QbftMessage,
+        message::{MsgType, RSA_SIGNATURE_SIZE, SSVMessage, SignedSSVMessage},
+    };
+
+    // Create QBFT instance with 3 nodes (f=0, quorum=3)
+    let config = ConfigBuilder::<DefaultLeaderFunction>::new(
+        1.into(),
+        InstanceHeight::default(),
+        (1..4).map(OperatorId::from).collect(), // 3 nodes, quorum = 3
+    )
+    .with_operator_id(OperatorId::from(1))
+    .build()
+    .expect("config should be valid");
+
+    let test_data = TestData(789);
+    let mut qbft_instance = Qbft::new(
+        config,
+        test_data.clone(),
+        Box::new(NoDataValidation),
+        MessageId::from([0; 56]),
+        |_| {},
+    );
+
+    // Verify initial state: no proposal accepted
+    assert!(!qbft_instance.proposal_accepted_for_current_round);
+    assert!(matches!(
+        qbft_instance.state,
+        InstanceState::AwaitingProposal
+    ));
+
+    // STEP 1: Send commit messages BEFORE accepting any proposal (catch-up scenario)
+    // This simulates a node that missed the proposal but receives commit messages from other nodes
+
+    let _commit_messages_before = qbft_instance
+        .commit_container
+        .get_messages_for_round(1.into())
+        .len();
+
+    // Create 3 valid commit messages for the same data
+    for operator_id in [1, 2, 3] {
+        let commit_msg = QbftMessage {
+            qbft_message_type: QbftMessageType::Commit,
+            height: 0,
+            round: 1,
+            identifier: [0; 56].to_vec().try_into().unwrap(),
+            root: test_data.hash(),
+            data_round: 0,
+            round_change_justification: vec![],
+            prepare_justification: vec![],
+        };
+
+        let commit_ssv_message = SSVMessage::new(
+            MsgType::SSVConsensusMsgType,
+            MessageId::from([0; 56]),
+            commit_msg.as_ssz_bytes(),
+        )
+        .expect("should create commit SSVMessage");
+
+        let signed_commit = SignedSSVMessage::new(
+            vec![vec![0; RSA_SIGNATURE_SIZE]],
+            vec![OperatorId::from(operator_id)],
+            commit_ssv_message,
+            vec![], // no full_data for commit
+        )
+        .expect("should create signed commit");
+
+        let wrapped_commit = WrappedQbftMessage {
+            signed_message: signed_commit,
+            qbft_message: commit_msg,
+        };
+
+        // Send the commit message - this should be buffered, not dropped
+        qbft_instance.receive(wrapped_commit);
+    }
+
+    let commit_messages_after = qbft_instance
+        .commit_container
+        .get_messages_for_round(1.into())
+        .len();
+
+    // The commit messages should be buffered for catch-up scenario processing
+    // This assertion FAILS due to the bug in commit message handling
+    assert_eq!(
+        commit_messages_after, 3,
+        "BUG: Commit messages should be buffered when no proposal accepted for catch-up scenarios. \
+         Expected: 3 commit messages buffered. Actual: {} messages. \
+         Commit messages are dropped when proposal_accepted_for_current_round \
+         is false, preventing nodes from achieving consensus in catch-up scenarios where they \
+         receive commits before proposals.",
+        commit_messages_after
+    );
+
+    // Instance should still be in AwaitingProposal state since commits were dropped
+    assert!(
+        matches!(qbft_instance.state, InstanceState::AwaitingProposal),
+        "Instance should remain in AwaitingProposal state since commits were incorrectly dropped"
+    );
+
+    // The instance should NOT have reached consensus due to dropped commits
+    assert!(
+        qbft_instance.completed.is_none(),
+        "Instance should not have completed consensus due to dropped commit messages"
+    );
+}
