Do not precommit to the block with irrelevant generation time

HoOngEe · HoOngEe · commit 33201e2eb200 · 2019-05-03T20:19:56.000+09:00
If the proposal generation time is 30 seconds or more before from now or
if 5 seconds or more later from now, the block generation time is now considered irrelevant.
diff --git a/core/src/consensus/tendermint/worker.rs b/core/src/consensus/tendermint/worker.rs
@@ -18,6 +18,7 @@ use std::iter::Iterator;
 use std::mem;
 use std::sync::{Arc, Weak};
 use std::thread::{Builder, JoinHandle};
+use std::time::{Duration, SystemTime, UNIX_EPOCH};
 
 use ccrypto::blake256;
 use ckey::{public_to_address, verify_schnorr, Address, SchnorrSignature};
@@ -667,15 +668,17 @@ impl Worker {
                 self.request_messages_to_all(vote_step, &BitSet::all_set() - &self.votes_received);
                 if !self.already_generated_message() {
                     let block_hash = match &self.last_two_thirds_majority {
-                        TwoThirdsMajority::Empty => None,
-                        TwoThirdsMajority::Unlock(_) => None,
-                        TwoThirdsMajority::Lock(locked_view, block_hash) => {
-                            if locked_view == &self.view {
-                                Some(*block_hash)
-                            } else {
-                                None
-                            }
+                        TwoThirdsMajority::Lock(locked_view, block_hash)
+                            if locked_view == &self.view && {
+                                let locked_proposal_block = self
+                                    .locked_proposal_block(*locked_view)
+                                    .expect("In precommit step, block was imported and we have hash");
+                                self.is_generation_time_relevant(&locked_proposal_block.decode_header())
+                            } =>
+                        {
+                            Some(*block_hash)
                         }
+                        _ => None,
                     };
                     self.generate_and_broadcast_message(block_hash, is_restoring);
                 }
@@ -686,6 +689,21 @@ impl Worker {
         }
     }
 
+    fn is_generation_time_relevant(&self, proposal: &Header) -> bool {
+        const ACCEPTABLE_FUTURE_GAP: Duration = Duration::from_secs(5);
+        const ACCEPTABLE_PAST_GAP: Duration = Duration::from_secs(30);
+        let now = SystemTime::now();
+        let allowed_min = now - ACCEPTABLE_PAST_GAP;
+        let allowed_max = now + ACCEPTABLE_FUTURE_GAP;
+        let block_generation_time = UNIX_EPOCH.checked_add(Duration::from_secs(proposal.timestamp()));
+
+        match block_generation_time {
+            Some(generation_time) => generation_time <= allowed_max && allowed_min <= generation_time,
+            // Overflow occurred
+            None => false,
+        }
+    }
+
     fn locked_proposal_block(&self, locked_view: View) -> Result<encoded::Block, String> {
         let vote_step = VoteStep::new(self.height, locked_view, Step::Propose);
         let locked_proposal_hash = self.votes.get_block_hashes(&vote_step).first().cloned();
