test(fc): store from anchor rejects mismatched state root#678
Merged
tcoratger merged 1 commit intoleanEthereum:mainfrom Apr 26, 2026
Conversation
Add a fork choice filler asserting that Store.from_anchor aborts when the anchor block's state_root disagrees with hash_tree_root(anchor_state). Extend ForkChoiceTest with two optional fields to express expected failure at anchor initialization (which runs before any step): - anchor_valid: bool = True - expected_anchor_error: str | None = None When anchor_valid is False, the fixture skips the validator pubkey sync (which would silently overwrite the anchor block's state_root), wraps Store.from_anchor in try/except, and verifies the raised exception's message contains expected_anchor_error. No store is returned. Default behavior is unchanged: anchor_valid defaults to True, and every existing filler (545 consensus fixtures) regenerates identically. Closes leanEthereum#570
tcoratger
force-pushed
the
test/fc-store-from-anchor-rejects-mismatched-state-root
branch
from
6dabd0a to
1dcc76d
Compare
tcoratger
approved these changes
Apr 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🗒️ Description
Adds a fork choice filler asserting that
Store.from_anchoraborts when the anchor block'sstate_rootdisagrees withhash_tree_root(anchor_state). This is a safety precondition every client must enforce: an anchor pair where the block and state disagree on the post state would corrupt every subsequent block-root-to-state lookup.Test
tests/consensus/devnet/fc/test_checkpoint_sync.py::test_store_from_anchor_rejects_mismatched_state_rootBuilds a valid mid-chain anchor via
build_anchor, overrides the anchor block'sstate_rootwith an unrelated value, and feeds the pair to the filler. The fixture verifiesStore.from_anchorraisesAssertionErrorwhose message contains the exact precondition text ("Anchor block state root must match anchor state hash"), pinning the failure to the state-root check rather than any later crash.Framework extension
Store.from_anchorruns before any step, so the existing per-stepvalid=False/expected_errormechanism cannot express an expected failure at initialization. Two optional fields are added toForkChoiceTestto fill this gap:anchor_valid: bool = Trueexpected_anchor_error: str | None = NoneWhen
anchor_valid=False, the fixture:steps == [](no step can run if init aborts).state_rootto match the state.Store.from_anchorintry/exceptand verifies the raised exception's message containsexpected_anchor_error.Defaults preserve existing behaviour: all 545 consensus fixtures regenerate byte-identical.
Serialised as
anchorValid/expectedAnchorErrorviaCamelModel. Clients consuming fixtures branch onanchorValid=falseand verify their equivalentStore.from_anchorrejects the input.🔗 Related Issues or PRs
Closes #570
✅ Checklist
toxchecks to avoid unnecessary CI fails:uvx tox -e all-checks