Closed JamesHinshelwood closed 2 months ago
BlockHeader
hash doesn't include the timestamp
either, but it should:
https://github.com/Zilliqa/zq2/blob/main/zilliqa/src/message.rs#L586
Btw, computing the block hash is duplicated at least 4 times - shouldn't we add a function which implements it at one place? https://github.com/Zilliqa/zq2/blob/main/zilliqa/src/message.rs#L586 https://github.com/Zilliqa/zq2/blob/main/zilliqa/src/message.rs#L618 https://github.com/Zilliqa/zq2/blob/main/zilliqa/src/message.rs#L654 https://github.com/Zilliqa/zq2/blob/main/zilliqa/src/message.rs#L690
Imo, AggregateQC
hash should include the view number too:
https://github.com/Zilliqa/zq2/blob/main/zilliqa/src/message.rs#L359
There are a lot more things missing from the block signature. Imo the signature should attest to all fields of the block header and e.g. Polygon's validators do sign everything afaic: https://github.com/maticnetwork/bor/blob/master/consensus/bor/bor.go#L1034 https://github.com/maticnetwork/bor/blob/master/core/types/block.go#L74
Agreed. We should centralise the computation of message hashes and ensure all fields are included. I'll edit this issue's title and description to state that.
For all messages that include signatures: