From 3721723a1b0df281fd8cc5b5cf805a858fa9511f Mon Sep 17 00:00:00 2001
From: "Luca G.F" <luca.georges-francois@epitech.eu>
Date: Mon, 4 Jul 2022 12:30:15 +0200
Subject: [PATCH] Add verifications in getHeader handler (#182)

* Add parent hash verification in getHeader

Signed-off-by: Luca Georges Francois <luca.georges-francois@epitech.eu>

* Remove unnecessary nil check

Co-authored-by: Chris Hager <chris@linuxuser.at>

* Update error log in getHeader handler

Signed-off-by: Luca Georges Francois <luca.georges-francois@epitech.eu>

Co-authored-by: Chris Hager <chris@linuxuser.at>
---
 server/mock_relay.go   |  3 ++-
 server/service.go      | 10 ++++++++++
 server/service_test.go | 10 ++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/server/mock_relay.go b/server/mock_relay.go
index e08de7d7..cc57bada 100644
--- a/server/mock_relay.go
+++ b/server/mock_relay.go
@@ -144,7 +144,8 @@ func (m *mockRelay) MakeGetHeaderResponse(value uint64, hash, publicKey string)
 	// Fill the payload with custom values.
 	message := &types.BuilderBid{
 		Header: &types.ExecutionPayloadHeader{
-			BlockHash: _HexToHash(hash),
+			BlockHash:  _HexToHash(hash),
+			ParentHash: _HexToHash("0xe28385e7bd68df656cd0042b74b69c3104b5356ed1f20eb69f1f925df47a3ab7"),
 		},
 		Value:  types.IntToU256(value),
 		Pubkey: _HexToPubkey(publicKey),
diff --git a/server/service.go b/server/service.go
index 7cfba33a..970b96e1 100644
--- a/server/service.go
+++ b/server/service.go
@@ -279,6 +279,16 @@ func (m *BoostService) handleGetHeader(w http.ResponseWriter, req *http.Request)
 				return
 			}
 
+			// Verify response coherence with proposer's input data
+			responseParentHash := responsePayload.Data.Message.Header.ParentHash.String()
+			if responseParentHash != parentHashHex {
+				log.WithFields(logrus.Fields{
+					"originalParentHash": parentHashHex,
+					"responseParentHash": responseParentHash,
+				}).Error("proposer and relay parent hashes are not the same")
+				return
+			}
+
 			// Compare value of header, skip processing this result if lower fee than current
 			mu.Lock()
 			defer mu.Unlock()
diff --git a/server/service_test.go b/server/service_test.go
index 668a0060..1846a65a 100644
--- a/server/service_test.go
+++ b/server/service_test.go
@@ -366,6 +366,16 @@ func TestGetHeader(t *testing.T) {
 		require.Equal(t, http.StatusBadRequest, rr.Code, rr.Body.String())
 		require.Equal(t, 0, backend.relays[0].GetRequestCount(path))
 	})
+
+	t.Run("Invalid parent hash", func(t *testing.T) {
+		backend := newTestBackend(t, 1, time.Second)
+
+		invalidParentHashPath := getPath(1, types.Hash{}, pubkey)
+		rr := backend.request(t, http.MethodGet, invalidParentHashPath, nil)
+
+		require.Equal(t, `{"code":502,"message":"no successful relay response"}`+"\n", rr.Body.String())
+		require.Equal(t, 0, backend.relays[0].GetRequestCount(path))
+	})
 }
 
 func TestGetPayload(t *testing.T) {