Skip to content

[help-wanted] Add chain verify: re-validate hash chaining, block signatures and state derivability #31

Description

@Fiyiware

Context

An external technical review pointed out (correctly) that the prototype today trusts state.json as the source of truth: Chain._load reads blocks, state and mempool as three independent files and never re-validates the hash chaining (previous_hash), the block signatures, or that the state is actually the result of applying the blocks' transactions. For a single-node Phase 0 prototype that's defensible, but a chain verify command would close the gap and make the "it's a chain, not just a JSON of balances" claim demonstrable.

What to do

Add a chain verify CLI subcommand (and a Chain.verify() method) that, starting from genesis, checks:

  1. Hash chaining — each block's previous_hash equals the previous block's hash.
  2. Block signatures — each block's proposer signature is valid and the proposer pubkey matches the proposer address (reuse Block.is_valid).
  3. State derivability — replaying all transactions from genesis on a fresh WorldState reproduces exactly the persisted state.json (balances and nonces).

Print a clear OK/where-it-failed summary and exit 0/1 accordingly.

Acceptance criteria

  • python qrb_cli.py chain verify passes on a freshly built chain.
  • If state.json is hand-edited (e.g. give an address free balance), chain verify fails and says why.
  • If a block's previous_hash is tampered, it fails.
  • A test in prototype/tests/test_basic.py (registered in run_all()) covers the happy path and at least one tampering case.

Good to know

Look at how propose_block applies transactions and at WorldState.apply_transaction — replaying should reuse that exact logic so the check is meaningful. Keep the output readable.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions