chore: add more checks for block (#115) (#126)

karim-en · web-flow · commit 35f2b2a875e1 · 2025-08-20T17:37:20.000+01:00
* Zcash: add timestamps verification

* Remove irrelevant comment

* Fix error message

* Fix typo

* Add timestamp &amp; version verification for bitcoin

* litecoin: add timestamp verification

* Align error message
diff --git a/btc-types/src/network.rs b/btc-types/src/network.rs
@@ -2,7 +2,19 @@ use near_sdk::near;
 
 use crate::u256::U256;
 
-pub const ZCASH_MEDIAN_TIME_SPAN: usize = 11;
+pub const MEDIAN_TIME_SPAN: usize = 11;
+
+/**
+ * Maximum amount of time that a block timestamp is allowed to be ahead of the
+ * median-time-past of the previous block.
+ */
+pub const MAX_FUTURE_BLOCK_TIME_MTP: u32 = 90 * 60;
+
+/**
+ * Maximum amount of time that a block timestamp is allowed to be ahead of the
+ * current local time.
+ */
+pub const MAX_FUTURE_BLOCK_TIME_LOCAL: u32 = 2 * 60 * 60;
 
 #[near(serializers = [borsh, json])]
 #[derive(Clone, Copy, Debug)]
diff --git a/contract/src/bitcoin.rs b/contract/src/bitcoin.rs
@@ -1,9 +1,9 @@
-use crate::utils::BlocksGetter;
+use crate::utils::{get_median_time_past, BlocksGetter};
 use crate::{BtcLightClient, BtcLightClientExt, Header, U256};
 use btc_types::header::ExtendedHeader;
-use btc_types::network::{Network, NetworkConfig};
+use btc_types::network::{Network, NetworkConfig, MAX_FUTURE_BLOCK_TIME_LOCAL};
 use btc_types::utils::target_from_bits;
-use near_sdk::{near, require};
+use near_sdk::{env, near, require};
 
 #[near]
 impl BtcLightClient {
@@ -15,16 +15,33 @@ impl BtcLightClient {
         ("Bitcoin".to_owned(), self.network)
     }
 
+    // reference implementation: https://github.com/bitcoin/bitcoin/blob/ae024137bda9fe189f4e7ccf26dbaffd44cbbeb6/src/validation.cpp#L4200
     pub(crate) fn check_pow(&self, block_header: &Header, prev_block_header: &ExtendedHeader) {
         let config = self.get_config();
         let expected_bits = get_next_work_required(&config, block_header, prev_block_header, self);
 
         require!(
             expected_bits == block_header.bits,
-            format!(
-                "Error: Incorrect target. Expected bits: {:?}, Actual bits: {:?}",
-                expected_bits, block_header.bits
-            )
+            "bad-diffbits: incorrect proof of work"
+        );
+
+        // Check timestamp against prev
+        require!(
+            block_header.time > get_median_time_past(prev_block_header.clone(), self),
+            "time-too-old: block's timestamp is too early"
+        );
+
+        // Check timestamp
+        let current_timestamp = u32::try_from(env::block_timestamp_ms() / 1000).unwrap(); // Convert to seconds
+        require!(
+            block_header.time <= current_timestamp + MAX_FUTURE_BLOCK_TIME_LOCAL,
+            "time-too-new: block timestamp too far in the future"
+        );
+
+        // Reject blocks with outdated version
+        require!(
+            block_header.version >= 4,
+            "bad-version: block version must be at least 4"
         );
     }
 }
diff --git a/contract/src/lib.rs b/contract/src/lib.rs
@@ -381,7 +381,7 @@ impl BtcLightClient {
         #[cfg(feature = "zcash")]
         {
             require!(
-                btc_types::network::ZCASH_MEDIAN_TIME_SPAN
+                btc_types::network::MEDIAN_TIME_SPAN
                     + usize::try_from(config.pow_averaging_window).unwrap()
                     == submit_blocks.len() - 1,
                 "ERR_NOT_ENOUGH_BLOCKS_FOR_ZCASH"
diff --git a/contract/src/litecoin.rs b/contract/src/litecoin.rs
@@ -1,9 +1,9 @@
-use crate::utils::BlocksGetter;
+use crate::utils::{get_median_time_past, BlocksGetter};
 use crate::{BtcLightClient, BtcLightClientExt, Header, U256};
 use btc_types::header::ExtendedHeader;
-use btc_types::network::{Network, NetworkConfig};
+use btc_types::network::{Network, NetworkConfig, MAX_FUTURE_BLOCK_TIME_LOCAL};
 use btc_types::utils::target_from_bits;
-use near_sdk::{near, require};
+use near_sdk::{env, near, require};
 
 #[near]
 impl BtcLightClient {
@@ -15,16 +15,34 @@ impl BtcLightClient {
         ("Litecoin".to_owned(), self.network)
     }
 
+    // Reference implementation: https://github.com/litecoin-project/litecoin/blob/09a67c25495e2398437d6a388ee96fb6a266460e/src/validation.cpp#L3630
     pub(crate) fn check_pow(&self, block_header: &Header, prev_block_header: &ExtendedHeader) {
         let config = self.get_config();
         let expected_bits = get_next_work_required(&config, block_header, prev_block_header, self);
 
+        // Check proof of work
         require!(
             expected_bits == block_header.bits,
-            format!(
-                "Error: Incorrect target. Expected bits: {:?}, Actual bits: {:?}",
-                expected_bits, block_header.bits
-            )
+            "bad-diffbits: incorrect proof of work"
+        );
+
+        // Check timestamp against prev
+        require!(
+            block_header.time > get_median_time_past(prev_block_header.clone(), self),
+            "time-too-old: block's timestamp is too early"
+        );
+
+        // Check timestamp
+        let current_timestamp = u32::try_from(env::block_timestamp_ms() / 1000).unwrap(); // Convert to seconds
+        require!(
+            block_header.time <= current_timestamp + MAX_FUTURE_BLOCK_TIME_LOCAL,
+            "time-too-new: block timestamp too far in the future"
+        );
+
+        // Reject blocks with outdated version
+        require!(
+            block_header.version >= 4,
+            "bad-version: block version must be at least 4"
         );
     }
 }
diff --git a/contract/src/utils.rs b/contract/src/utils.rs
@@ -5,3 +5,22 @@ pub trait BlocksGetter {
     #[allow(unused)]
     fn get_header_by_height(&self, height: u64) -> ExtendedHeader;
 }
+
+#[allow(unused)]
+pub fn get_median_time_past(
+    block_header: ExtendedHeader,
+    prev_block_getter: &impl BlocksGetter,
+) -> u32 {
+    use btc_types::network::MEDIAN_TIME_SPAN;
+
+    let mut median_time = [0u32; MEDIAN_TIME_SPAN];
+    let mut current_header = block_header;
+
+    for i in 0..MEDIAN_TIME_SPAN {
+        median_time[i] = current_header.block_header.time;
+        current_header = prev_block_getter.get_prev_header(&current_header.block_header);
+    }
+
+    median_time.sort_unstable();
+    median_time[median_time.len() / 2]
+}
diff --git a/contract/src/zcash.rs b/contract/src/zcash.rs
@@ -1,7 +1,7 @@
 use crate::{utils::BlocksGetter, BtcLightClient, BtcLightClientExt};
 use btc_types::{
     header::{ExtendedHeader, Header},
-    network::{Network, ZcashConfig},
+    network::{Network, ZcashConfig, MAX_FUTURE_BLOCK_TIME_LOCAL, MAX_FUTURE_BLOCK_TIME_MTP},
     u256::U256,
     utils::target_from_bits,
 };
@@ -17,16 +17,43 @@ impl BtcLightClient {
         ("Zcash".to_owned(), self.network)
     }
 
+    // Reference implementation: https://github.com/zcash/zcash/blob/v6.2.0/src/main.cpp#L5019
     pub(crate) fn check_pow(&self, block_header: &Header, prev_block_header: &ExtendedHeader) {
-        let expected_bits =
+        let next_work_result =
             zcash_get_next_work_required(&self.get_config(), block_header, prev_block_header, self);
 
         require!(
-            expected_bits == block_header.bits,
-            format!(
-                "Error: Incorrect target. Expected bits: {:?}, Actual bits: {:?}",
-                expected_bits, block_header.bits
-            )
+            next_work_result.expected_bits == block_header.bits,
+            "bad-diffbits: incorrect proof of work"
+        );
+
+        // Check timestamp against prev
+        require!(
+            block_header.time > next_work_result.prev_block_median_time_past,
+            "time-too-old: block time is before the median time of the previous block"
+        );
+
+        // Check future timestamp soft fork rule introduced in v2.1.1-1.
+        // This retrospectively activates at block height 2 for mainnet and regtest,
+        // and 6 blocks after Blossom activation for testnet.
+        //
+        // MAX_FUTURE_BLOCK_TIME_MTP is typically 129600 seconds (36 hours) in Zcash
+        require!(
+            block_header.time
+                <= next_work_result.prev_block_median_time_past + MAX_FUTURE_BLOCK_TIME_MTP,
+            "time-too-far-ahead-of-mtp: block timestamp is too far ahead of median-time-past"
+        );
+
+        // Check timestamp
+        let current_timestamp = u32::try_from(env::block_timestamp_ms() / 1000).unwrap(); // Convert to seconds
+        require!(
+            block_header.time <= current_timestamp + MAX_FUTURE_BLOCK_TIME_LOCAL,
+            "time-too-new: block timestamp is too far ahead of local time"
+        );
+
+        require!(
+            block_header.version >= 4,
+            "bad-version: block version must be at least 4"
         );
 
         // Check Equihash solution
@@ -41,40 +68,29 @@ impl BtcLightClient {
     }
 }
 
+struct NextWorkResult {
+    expected_bits: u32,
+    prev_block_median_time_past: u32,
+}
+
 // Reference implementation: https://github.com/zcash/zcash/blob/v6.2.0/src/pow.cpp#L20
 fn zcash_get_next_work_required(
     config: &ZcashConfig,
     block_header: &Header,
     prev_block_header: &ExtendedHeader,
     prev_block_getter: &impl BlocksGetter,
-) -> u32 {
-    use btc_types::network::ZCASH_MEDIAN_TIME_SPAN;
-
-    if let Some(pow_allow_min_difficulty_blocks_after_height) =
-        config.pow_allow_min_difficulty_blocks_after_height
-    {
-        // Comparing with >= because this function returns the work required for the block after prev_block_header
-        if prev_block_header.block_height >= pow_allow_min_difficulty_blocks_after_height {
-            // Special difficulty rule for testnet:
-            // If the new block's timestamp is more than 6 * block interval minutes
-            // then allow mining of a min-difficulty block.
-            if i64::from(block_header.time)
-                > i64::from(prev_block_header.block_header.time) + config.pow_target_spacing() * 6
-            {
-                return config.proof_of_work_limit_bits;
-            }
-        }
-    }
+) -> NextWorkResult {
+    use btc_types::network::MEDIAN_TIME_SPAN;
 
     // Find the first block in the averaging interval
     // and the median time past for the first and last blocks in the interval
     let mut current_header = prev_block_header.clone();
     let mut total_target = U256::ZERO;
-    let mut median_time = [0u32; ZCASH_MEDIAN_TIME_SPAN];
+    let mut median_time = [0u32; MEDIAN_TIME_SPAN];
 
     let prev_block_median_time_past = {
         for i in 0..usize::try_from(config.pow_averaging_window).unwrap() {
-            if i < ZCASH_MEDIAN_TIME_SPAN {
+            if i < MEDIAN_TIME_SPAN {
                 median_time[i] = current_header.block_header.time;
             }
 
@@ -91,14 +107,33 @@ fn zcash_get_next_work_required(
     };
 
     let first_block_in_interval_median_time_past = {
-        for i in 0..ZCASH_MEDIAN_TIME_SPAN {
+        for i in 0..MEDIAN_TIME_SPAN {
             median_time[i] = current_header.block_header.time;
             current_header = prev_block_getter.get_prev_header(&current_header.block_header);
         }
         median_time.sort_unstable();
         median_time[median_time.len() / 2]
     };
 
+    if let Some(pow_allow_min_difficulty_blocks_after_height) =
+        config.pow_allow_min_difficulty_blocks_after_height
+    {
+        // Comparing with >= because this function returns the work required for the block after prev_block_header
+        if prev_block_header.block_height >= pow_allow_min_difficulty_blocks_after_height {
+            // Special difficulty rule for testnet:
+            // If the new block's timestamp is more than 6 * block interval minutes
+            // then allow mining of a min-difficulty block.
+            if i64::from(block_header.time)
+                > i64::from(prev_block_header.block_header.time) + config.pow_target_spacing() * 6
+            {
+                return NextWorkResult {
+                    expected_bits: config.proof_of_work_limit_bits,
+                    prev_block_median_time_past,
+                };
+            }
+        }
+    }
+
     // The protocol specification leaves MeanTarget(height) as a rational, and takes the floor
     // only after dividing by AveragingWindowTimespan in the computation of Threshold(height):
     // <https://zips.z.cash/protocol/protocol.pdf#diffadjustment>
@@ -108,12 +143,17 @@ fn zcash_get_next_work_required(
     let average_target = total_target
         / U256::from(<i64 as TryInto<u64>>::try_into(config.pow_averaging_window).unwrap());
 
-    zcash_calculate_next_work_required(
+    let expected_bits = zcash_calculate_next_work_required(
         config,
         average_target,
         prev_block_median_time_past,
         first_block_in_interval_median_time_past,
-    )
+    );
+
+    NextWorkResult {
+        expected_bits,
+        prev_block_median_time_past,
+    }
 }
 
 fn zcash_calculate_next_work_required(

Original file line number	Diff line number	Diff line change
`@@ -381,7 +381,7 @@ impl BtcLightClient {`
`381`	`381`	`#[cfg(feature = "zcash")]`
`382`	`382`	`{`
`383`	`383`	`require!(`
`384`		`- btc_types::network::ZCASH_MEDIAN_TIME_SPAN`
	`384`	`+ btc_types::network::MEDIAN_TIME_SPAN`
`385`	`385`	`+ usize::try_from(config.pow_averaging_window).unwrap()`
`386`	`386`	`== submit_blocks.len() - 1,`
`387`	`387`	`"ERR_NOT_ENOUGH_BLOCKS_FOR_ZCASH"`