add fraud proof verification for XDM on domains

crates/pallet-domains/src/tests.rs

@@ -353,6 +353,7 @@ pub(crate) struct MockDomainFraudProofExtension {
     bundle_slot_probability: (u64, u64),
     operator_stake: Balance,
     maybe_illegal_extrinsic_index: Option<u32>,
+    is_valid_xdm: Option<bool>,
 }
 
 impl FraudProofHostFunctions for MockDomainFraudProofExtension {
@@ -432,6 +433,9 @@ impl FraudProofHostFunctions for MockDomainFraudProofExtension {
             FraudProofVerificationInfoRequest::StorageKey { .. } => {
                 FraudProofVerificationInfoResponse::StorageKey(None)
             }
+            FraudProofVerificationInfoRequest::XDMValidationCheck { .. } => {
+                FraudProofVerificationInfoResponse::XDMValidationCheck(self.is_valid_xdm)
+            }
         };
 
         Some(response)
@@ -1032,6 +1036,7 @@ fn test_invalid_domain_extrinsic_root_proof() {
         operator_stake: 10 * SSC,
         bundle_slot_probability: (0, 0),
         maybe_illegal_extrinsic_index: None,
+        is_valid_xdm: None,
     }));
     ext.register_extension(fraud_proof_ext);
 
@@ -1113,6 +1118,7 @@ fn test_true_invalid_bundles_inherent_extrinsic_proof() {
         operator_stake: 10 * SSC,
         bundle_slot_probability: (0, 0),
         maybe_illegal_extrinsic_index: None,
+        is_valid_xdm: None,
     }));
     ext.register_extension(fraud_proof_ext);
 
@@ -1180,6 +1186,7 @@ fn test_false_invalid_bundles_inherent_extrinsic_proof() {
         operator_stake: 10 * SSC,
         bundle_slot_probability: (0, 0),
         maybe_illegal_extrinsic_index: None,
+        is_valid_xdm: None,
     }));
     ext.register_extension(fraud_proof_ext);
 

crates/sp-domains-fraud-proof/src/fraud_proof.rs

@@ -382,6 +382,9 @@ pub enum VerificationError<DomainHash> {
         error("Failed to check if a given extrinsic is inherent or not")
     )]
     FailedToCheckInherentExtrinsic,
+    /// Failed to check if a given extrinsic is inherent or not.
+    #[cfg_attr(feature = "thiserror", error("Failed to validate given XDM"))]
+    FailedToValidateXDM,
     /// Failed to check if a given extrinsic is decodable or not.
     #[cfg_attr(
         feature = "thiserror",

crates/sp-domains-fraud-proof/src/host_functions.rs

@@ -293,6 +293,23 @@ where
             .ok()
     }
 
+    fn is_valid_xdm(
+        &self,
+        consensus_block_hash: H256,
+        domain_id: DomainId,
+        opaque_extrinsic: OpaqueExtrinsic,
+    ) -> Option<bool> {
+        let runtime_code = self.get_domain_runtime_code(consensus_block_hash, domain_id)?;
+
+        let domain_stateless_runtime =
+            StatelessRuntime::<DomainBlock, _>::new(self.executor.clone(), runtime_code.into());
+
+        let encoded_extrinsic = opaque_extrinsic.encode();
+        domain_stateless_runtime
+            .is_valid_xdm(encoded_extrinsic)
+            .expect("Runtime api must not fail. This is an unrecoverable error")
+    }
+
     fn is_decodable_extrinsic(
         &self,
         consensus_block_hash: H256,
@@ -511,6 +528,12 @@ where
                     self.storage_key(consensus_block_hash, domain_id, req),
                 ))
             }
+            FraudProofVerificationInfoRequest::XDMValidationCheck {
+                domain_id,
+                opaque_extrinsic,
+            } => Some(FraudProofVerificationInfoResponse::XDMValidationCheck(
+                self.is_valid_xdm(consensus_block_hash, domain_id, opaque_extrinsic),
+            )),
         }
     }
 

crates/sp-domains-fraud-proof/src/lib.rs

@@ -126,6 +126,12 @@ pub enum FraudProofVerificationInfoRequest {
         /// Extrinsic for which we need to if it is decodable or not.
         opaque_extrinsic: OpaqueExtrinsic,
     },
+    /// Request to check if the XDM is valid
+    XDMValidationCheck {
+        domain_id: DomainId,
+        /// Encoded XDM extrinsic that needs to be validated.
+        opaque_extrinsic: OpaqueExtrinsic,
+    },
     /// Request to get Domain election params.
     DomainElectionParams { domain_id: DomainId },
     /// Request to get Operator stake.
@@ -184,6 +190,9 @@ pub enum FraudProofVerificationInfoResponse {
     TxRangeCheck(bool),
     /// If the particular extrinsic provided is either inherent or not.
     InherentExtrinsicCheck(bool),
+    /// If the particular xdm extrinsic is valid or not.
+    /// Returns None if extrinsic is not an XDM
+    XDMValidationCheck(Option<bool>),
     /// If the domain extrinsic is decodable or not.
     ExtrinsicDecodableCheck(bool),
     /// Domain's total stake at a given Consensus hash.
@@ -262,6 +271,13 @@ impl FraudProofVerificationInfoResponse {
         }
     }
 
+    pub fn into_xdm_validation_check(self) -> Option<bool> {
+        match self {
+            FraudProofVerificationInfoResponse::XDMValidationCheck(maybe_valid) => maybe_valid,
+            _ => None,
+        }
+    }
+
     pub fn into_extrinsic_decodable_check(self) -> Option<bool> {
         match self {
             FraudProofVerificationInfoResponse::ExtrinsicDecodableCheck(is_decodable) => {

crates/sp-domains-fraud-proof/src/verification.rs

@@ -629,9 +629,32 @@ where
             }
             Ok(())
         }
+        InvalidBundleType::InvalidXDM(extrinsic_index) => {
+            let extrinsic = get_extrinsic_from_proof::<DomainHeader>(
+                *extrinsic_index,
+                invalid_bundle_entry.extrinsics_root,
+                invalid_bundles_fraud_proof.proof_data.clone(),
+            )?;
 
-        // TODO: implement the other invalid bundle types
-        _ => Err(VerificationError::InvalidProof),
+            let is_valid_xdm = get_fraud_proof_verification_info(
+                H256::from_slice(bad_receipt.consensus_block_hash.as_ref()),
+                FraudProofVerificationInfoRequest::XDMValidationCheck {
+                    domain_id: invalid_bundles_fraud_proof.domain_id,
+                    opaque_extrinsic: extrinsic,
+                },
+            )
+            .and_then(FraudProofVerificationInfoResponse::into_xdm_validation_check)
+            .ok_or(VerificationError::FailedToValidateXDM)?;
+
+            // Proof to be considered valid only,
+            // If it is true invalid fraud proof then extrinsic must be a valid xdm and
+            // If it is false invalid fraud proof then extrinsic must not be a valid xdm
+            if is_valid_xdm == invalid_bundles_fraud_proof.is_true_invalid_fraud_proof {
+                Ok(())
+            } else {
+                Err(VerificationError::InvalidProof)
+            }
+        }
     }
 }
 

domains/client/block-preprocessor/src/lib.rs

@@ -316,11 +316,7 @@ where
                 )));
             }
 
-            // TODO: the behavior is changed, as before invalid XDM will be dropped silently,
-            // and the other extrinsic of the bundle will be continue processed, now the whole
-            // bundle is considered as invalid and excluded from further processing.
             if let Some(false) = runtime_api.is_xdm_valid(at, extrinsic.encode())? {
-                // TODO: Generate a fraud proof for this invalid bundle
                 return Ok(BundleValidity::Invalid(InvalidBundleType::InvalidXDM(
                     index as u32,
                 )));

domains/client/block-preprocessor/src/stateless_runtime.rs

@@ -210,6 +210,14 @@ where
         <Self as DomainCoreApi<Block>>::is_inherent_extrinsic(self, Default::default(), extrinsic)
     }
 
+    pub fn is_valid_xdm(&self, extrinsic: Vec<u8>) -> Result<Option<bool>, ApiError> {
+        <Self as MessengerApi<Block, NumberFor<Block>>>::is_xdm_valid(
+            self,
+            Default::default(),
+            extrinsic,
+        )
+    }
+
     pub fn decode_extrinsic(
         &self,
         opaque_extrinsic: sp_runtime::OpaqueExtrinsic,