Snowbridge Ethereum client spec fix (#10793)

claravanstaden · github-actions[bot] · web-flow · commit 2da3987489a7 · 2026-01-26T09:27:22.000Z
This PR fixes a minor discrepancy in the Snowbridge Ethereum cient pallet where the fork version for sync committee signature verification was derived from `signature_slot` instead of `signature_slot - 1` as required by the https://github.com/ethereum/consensus-specs/blob/dev/specs/altair/light-client/sync-protocol.md#validate_light_client_update. This caused valid light client updates to be rejected at Ethereum hard-fork boundaries. The impact is low severity - only affecting liveness once or twice a year for a few minutes. Origin: bug bounty report. --------- Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com>
diff --git a/bridges/snowbridge/pallets/ethereum-client/src/config/mod.rs b/bridges/snowbridge/pallets/ethereum-client/src/config/mod.rs
@@ -14,7 +14,7 @@ pub const MAX_FEE_RECIPIENT_SIZE: usize = 20;
 pub const MAX_BRANCH_PROOF_SIZE: usize = 20;
 
 /// DomainType('0x07000000')
-/// <https://github.com/ethereum/consensus-specs/blob/dev/specs/altair/beacon-chain.md#domain-types>
+/// <https://github.com/ethereum/consensus-specs/blob/master/specs/altair/beacon-chain.md#domains>
 pub const DOMAIN_SYNC_COMMITTEE: [u8; 4] = [7, 0, 0, 0];
 /// Validators public keys are 48 bytes.
 pub const PUBKEY_SIZE: usize = 48;
diff --git a/bridges/snowbridge/pallets/ethereum-client/src/lib.rs b/bridges/snowbridge/pallets/ethereum-client/src/lib.rs
@@ -460,7 +460,7 @@ pub mod pallet {
 			Ok(())
 		}
 
-		/// Reference and strictly follows <https://github.com/ethereum/consensus-specs/blob/dev/specs/altair/light-client/sync-protocol.md#apply_light_client_update
+		/// Reference and strictly follows <https://github.com/ethereum/consensus-specs/blob/master/specs/altair/light-client/sync-protocol.md#apply_light_client_update>
 		/// Applies a finalized beacon header update to the beacon client. If a next sync committee
 		/// is present in the update, verify the sync committee by converting it to a
 		/// SyncCommitteePrepared type. Stores the provided finalized header. Updates are free
@@ -675,8 +675,11 @@ pub mod pallet {
 			validators_root: H256,
 			signature_slot: u64,
 		) -> Result<H256, DispatchError> {
+			// Per Ethereum Altair light-client spec, fork version is derived from signature_slot -
+			// 1. See: https://github.com/ethereum/consensus-specs/blob/dev/specs/altair/light-client/sync-protocol.md#validate_light_client_update
+			// In validate_light_client_update: fork_version_slot = max(signature_slot, 1) - 1
 			let fork_version = Self::compute_fork_version(compute_epoch(
-				signature_slot,
+				signature_slot.saturating_sub(1),
 				config::SLOTS_PER_EPOCH as u64,
 			));
 			let domain_type = config::DOMAIN_SYNC_COMMITTEE.to_vec();
diff --git a/bridges/snowbridge/pallets/ethereum-client/src/tests.rs b/bridges/snowbridge/pallets/ethereum-client/src/tests.rs
@@ -3,7 +3,7 @@
 pub use crate::mock::*;
 use crate::{
 	config::{EPOCHS_PER_SYNC_COMMITTEE_PERIOD, SLOTS_PER_EPOCH, SLOTS_PER_HISTORICAL_ROOT},
-	functions::compute_period,
+	functions::{compute_epoch, compute_period},
 	mock::{
 		get_message_verification_payload, load_checkpoint_update_fixture,
 		load_finalized_header_update_fixture, load_next_finalized_header_update_fixture,
@@ -974,3 +974,83 @@ fn verify_message_invalid_topic() {
 		);
 	});
 }
+
+#[test]
+fn signing_root_uses_previous_slot_for_fork_version() {
+	new_tester().execute_with(|| {
+		// Use a signature_slot at a fork boundary (first slot of the fulu epoch).
+		// In mock.rs: electra.epoch = 0, fulu.epoch = 100000000
+		let fulu_epoch = ChainForkVersions::get().fulu.epoch;
+		let signature_slot: u64 = fulu_epoch * (SLOTS_PER_EPOCH as u64);
+
+		// Verify this is the first slot of the epoch
+		assert_eq!(signature_slot % (SLOTS_PER_EPOCH as u64), 0);
+
+		let header = BeaconHeader {
+			slot: signature_slot - 1,
+			proposer_index: 0,
+			parent_root: H256::repeat_byte(0x11),
+			state_root: H256::repeat_byte(0x22),
+			body_root: H256::repeat_byte(0x33),
+		};
+
+		let validators_root = H256::repeat_byte(0x44);
+
+		// Get fork versions for comparison
+		let fork_version_at_signature_slot = EthereumBeaconClient::compute_fork_version(
+			compute_epoch(signature_slot, SLOTS_PER_EPOCH as u64),
+		);
+		let fork_version_at_previous_slot = EthereumBeaconClient::compute_fork_version(
+			compute_epoch(signature_slot.saturating_sub(1), SLOTS_PER_EPOCH as u64),
+		);
+
+		// At the fork boundary, these should differ
+		assert_ne!(
+			fork_version_at_signature_slot, fork_version_at_previous_slot,
+			"Test setup error: fork versions should differ at fork boundary"
+		);
+
+		// Compute signing roots using both fork versions
+		let domain_type = crate::config::DOMAIN_SYNC_COMMITTEE.to_vec();
+
+		let domain_with_previous_slot = EthereumBeaconClient::compute_domain(
+			domain_type.clone(),
+			fork_version_at_previous_slot,
+			validators_root,
+		)
+		.unwrap();
+
+		let signing_root_with_previous_slot =
+			EthereumBeaconClient::compute_signing_root(&header, domain_with_previous_slot).unwrap();
+
+		// The pallet's signing_root should use the previous slot's fork version (per spec)
+		let pallet_signing_root =
+			EthereumBeaconClient::signing_root(&header, validators_root, signature_slot).unwrap();
+
+		assert_eq!(
+			pallet_signing_root, signing_root_with_previous_slot,
+			"signing_root should use fork version from signature_slot - 1"
+		);
+	});
+}
+
+#[test]
+fn signing_root_handles_signature_slot_zero() {
+	// Per spec: fork_version_slot = max(signature_slot, 1) - 1
+	// When signature_slot = 0, saturating_sub(1) = 0, which matches max(0, 1) - 1 = 0
+	new_tester().execute_with(|| {
+		let header = BeaconHeader {
+			slot: 0,
+			proposer_index: 0,
+			parent_root: H256::repeat_byte(0x11),
+			state_root: H256::repeat_byte(0x22),
+			body_root: H256::repeat_byte(0x33),
+		};
+
+		let validators_root = H256::repeat_byte(0x44);
+
+		// Should not panic and should use epoch 0 fork version
+		let result = EthereumBeaconClient::signing_root(&header, validators_root, 0);
+		assert!(result.is_ok(), "signing_root should handle signature_slot = 0");
+	});
+}
diff --git a/bridges/snowbridge/primitives/beacon/src/merkle_proof.rs b/bridges/snowbridge/primitives/beacon/src/merkle_proof.rs
@@ -4,7 +4,7 @@ use sp_core::H256;
 use sp_io::hashing::sha2_256;
 
 /// Specified by <https://github.com/ethereum/consensus-specs/blob/fe9c1a8cbf0c2da8a4f349efdcd77dd7ac8445c4/specs/phase0/beacon-chain.md?plain=1#L742>
-/// with improvements from <https://github.com/ethereum/consensus-specs/blob/dev/ssz/merkle-proofs.md>
+/// with improvements from <https://github.com/ethereum/consensus-specs/blob/master/ssz/merkle-proofs.md>
 pub fn verify_merkle_branch(
 	leaf: H256,
 	branch: &[H256],
diff --git a/bridges/snowbridge/primitives/beacon/src/types.rs b/bridges/snowbridge/primitives/beacon/src/types.rs
@@ -600,7 +600,7 @@ pub mod deneb {
 	use sp_std::prelude::*;
 
 	/// ExecutionPayloadHeader
-	/// <https://github.com/ethereum/consensus-specs/blob/dev/specs/deneb/beacon-chain.md#executionpayloadheader>
+	/// <https://github.com/ethereum/consensus-specs/blob/master/specs/deneb/beacon-chain.md#executionpayloadheader>
 	#[derive(
 		Default,
 		Encode,
diff --git a/prdoc/pr_10793.prdoc b/prdoc/pr_10793.prdoc
@@ -0,0 +1,10 @@
+title: 'Snowbridge: Fix fork version slot selection for sync committee signature verification'
+doc:
+- audience: Runtime Dev
+  description: |
+    Fixes fork version selection for sync committee signature verification to use `signature_slot - 1` per the Ethereum Altair light-client spec. This prevents valid light client updates from being rejected at fork activation boundaries.
+crates:
+- name: snowbridge-pallet-ethereum-client
+  bump: patch
+- name: snowbridge-beacon-primitives
+  bump: patch
