fix to allow only client state upgrade

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>

Author: bluele

contracts/toki/TokiLCPClientZKDCAP.sol

@@ -66,28 +66,13 @@ contract TokiLCPClientZKDCAP is LCPClientZKDCAPOwnableUpgradeable {
             revert LCPClientClientStateFrozen();
         }
 
-        Height.Data memory latestHeight =
-            Height.Data(clientState.latest_height.revision_number, clientState.latest_height.revision_height);
-        if (IBCHeight.isZero(latestHeight) || IBCHeight.gte(latestHeight, newConsensusState.height)) {
-            revert LCPClientClientStateInvalidLatestHeight();
-        }
+        // ------- Upgrade ClientState ------- //
 
         // Validate ClientState
         if (newClientState.mrenclave.length != 32) {
             revert LCPClientClientStateInvalidMrenclaveLength();
         }
 
-        // Validate ConsensusState
-        if (newConsensusState.consensusState.timestamp == 0) {
-            revert LCPClientConsensusStateInvalidTimestamp();
-        }
-
-        // A stateId with zero length or zero value is invalid.
-        if (newConsensusState.consensusState.stateId == bytes32(0)) {
-            revert LCPClientConsensusStateInvalidStateId();
-        }
-
-        // Upgrade ClientState
         clientState.mrenclave = newClientState.mrenclave;
         clientState.key_expiration = newClientState.keyExpiration;
 
@@ -119,15 +104,38 @@ contract TokiLCPClientZKDCAP is LCPClientZKDCAPOwnableUpgradeable {
         clientState.zkdcap_verifier_infos[0] = newClientState.zkdcapVerifierInfos[0];
         clientStorage.zkDCAPRisc0ImageId = parseRiscZeroVerifierInfo(newClientState.zkdcapVerifierInfos[0]);
 
-        // Upgrade ConsensusState and latestHeight of ClientState
-        clientState.latest_height.revision_number = newConsensusState.height.revision_number;
-        clientState.latest_height.revision_height = newConsensusState.height.revision_height;
-        uint128 height = IBCHeight.toUint128(newConsensusState.height);
-        clientStorage.consensusStates[height] = newConsensusState.consensusState;
+        // ------- Upgrade ConsensusState ------- //
 
+        Height.Data memory latestHeight =
+            Height.Data(clientState.latest_height.revision_number, clientState.latest_height.revision_height);
+        Height.Data[] memory heights;
+        // If the new consensus state is zero, do not upgrade the consensus state
+        if (!IBCHeight.isZero(newConsensusState.height)) {
+            // Validate ConsensusState
+            if (newConsensusState.consensusState.timestamp == 0) {
+                revert LCPClientConsensusStateInvalidTimestamp();
+            }
+
+            // A stateId with zero length or zero value is invalid.
+            if (newConsensusState.consensusState.stateId == bytes32(0)) {
+                revert LCPClientConsensusStateInvalidStateId();
+            }
+
+            // NOTE: If the latest height is zero, do not upgrade the consensus state
+            if (IBCHeight.isZero(latestHeight) || IBCHeight.gte(latestHeight, newConsensusState.height)) {
+                revert LCPClientClientStateInvalidLatestHeight();
+            }
+
+            // Upgrade ConsensusState and latestHeight of ClientState
+            clientState.latest_height.revision_number = newConsensusState.height.revision_number;
+            clientState.latest_height.revision_height = newConsensusState.height.revision_height;
+            uint128 height = IBCHeight.toUint128(newConsensusState.height);
+            clientStorage.consensusStates[height] = newConsensusState.consensusState;
+
+            heights = new Height.Data[](1);
+            heights[0] = newConsensusState.height;
+        }
         // Update commitments
-        Height.Data[] memory heights = new Height.Data[](1);
-        heights[0] = newConsensusState.height;
         IIBCClient(ibcHandler).updateClientCommitments(newClientState.clientId, heights);
     }
 

test/toki/TokiLCPClientTest.t.sol

@@ -78,56 +78,7 @@ contract TokiLCPClientTest is BasicTest {
             return;
         }
         string memory clientId = "lcp-zkdcap";
-        Options memory opts;
-        opts.constructorData = abi.encode(
-            address(this), false, ZKDCAPTestHelper.dummyIntelRootCACert(), address(new NopRiscZeroVerifier())
-        );
-        address proxy = Upgrades.deployUUPSProxy(
-            "LCPClientZKDCAPOwnableUpgradeable.sol",
-            abi.encodePacked(LCPClientZKDCAPOwnableUpgradeable.initialize.selector),
-            opts
-        );
-        LCPClientZKDCAPOwnableUpgradeable lc = LCPClientZKDCAPOwnableUpgradeable(proxy);
-        IbcLightclientsLcpV1ClientState.Data memory clientState = defaultClientState();
-        clientState.allowed_quote_statuses = new string[](2);
-        clientState.allowed_quote_statuses[0] = DCAPValidator.TCB_STATUS_CONFIGURATION_NEEDED_STRING;
-        clientState.allowed_quote_statuses[1] = DCAPValidator.TCB_STATUS_OUT_OF_DATE_STRING;
-        clientState.allowed_advisory_ids = new string[](2);
-        clientState.allowed_advisory_ids[0] = "INTEL-SA-0001";
-        clientState.allowed_advisory_ids[1] = "INTEL-SA-0003";
-        lc.initializeClient(
-            clientId, LCPProtoMarshaler.marshal(clientState), LCPProtoMarshaler.marshal(defaultConsensusState())
-        );
-        DCAPValidator.Output memory output = ZKDCAPTestHelper.qvOutput();
-        output.advisoryIDs = clientState.allowed_advisory_ids;
-        Vm.Wallet memory ek0 = vm.createWallet("ek0");
-        output.enclaveKey = ek0.addr;
-        // warp to the time of `output.validityNotBefore`
-        vm.warp(output.validityNotBefore);
-        lc.zkDCAPRegisterEnclaveKey(clientId, registerEnclaveKeyMessage(output));
-        {
-            LCPCommitment.UpdateStateProxyMessage memory updateStateMessage;
-            updateStateMessage.prevHeight = Height.Data(0, 0);
-            updateStateMessage.prevStateId = bytes32(0);
-            updateStateMessage.postHeight = Height.Data(0, 1);
-            updateStateMessage.postStateId = keccak256("state-1");
-            updateStateMessage.timestamp = 1;
-            LCPCommitment.ValidationContext memory vc;
-            updateStateMessage.context = abi.encode(vc);
-            updateStateMessage.emittedStates = new LCPCommitment.EmittedState[](1);
-
-            LCPCommitment.HeaderedProxyMessage memory headeredMessage;
-            headeredMessage.header = LCPCommitment.LCP_MESSAGE_HEADER_UPDATE_STATE;
-            headeredMessage.message = abi.encode(updateStateMessage);
-
-            IbcLightclientsLcpV1UpdateClientMessage.Data memory message;
-            message.proxy_message = abi.encode(headeredMessage);
-
-            (uint8 v, bytes32 r, bytes32 s) = vm.sign(ek0, keccak256(message.proxy_message));
-            message.signatures = new bytes[](1);
-            message.signatures[0] = abi.encodePacked(r, s, v);
-            lc.updateClient(clientId, message);
-        }
+        LCPClientZKDCAPOwnableUpgradeable lc = contractUpgradeCommon(clientId);
 
         TokiLCPClientZKDCAP.NewClientState memory newClientState;
         newClientState.clientId = clientId;
@@ -143,8 +94,12 @@ contract TokiLCPClientTest is BasicTest {
             bytes31(0), // reserved
             bytes32(keccak256("new verifier"))
         );
-        assertNotEq(newClientState.zkdcapVerifierInfos[0], clientState.zkdcap_verifier_infos[0]);
-        assertNotEq(newClientState.allowedQuoteStatuses.length, clientState.allowed_quote_statuses.length);
+        {
+            (bytes memory bz,) = lc.getClientState(clientId);
+            IbcLightclientsLcpV1ClientState.Data memory clientState = LCPProtoMarshaler.unmarshalClientState(bz);
+            assertNotEq(newClientState.zkdcapVerifierInfos[0], clientState.zkdcap_verifier_infos[0]);
+            assertNotEq(newClientState.allowedQuoteStatuses.length, clientState.allowed_quote_statuses.length);
+        }
 
         TokiLCPClientZKDCAP.NewConsensusState memory newConsensusState;
         newConsensusState.height = Height.Data(0, 2);
@@ -157,7 +112,7 @@ contract TokiLCPClientTest is BasicTest {
             address(this), false, ZKDCAPTestHelper.dummyIntelRootCACert(), address(new NopRiscZeroVerifier()), 2
         );
         Upgrades.upgradeProxy(
-            proxy,
+            address(lc),
             "TokiLCPClientZKDCAP.sol",
             abi.encodeCall(TokiLCPClientZKDCAP.upgrade, (newClientState, newConsensusState)),
             opts2
@@ -184,6 +139,121 @@ contract TokiLCPClientTest is BasicTest {
         }
     }
 
+    function testContractUpgradeWithEmptyConsensusState() public {
+        if (!vm.envOr("TEST_UPGRADEABLE", false)) {
+            return;
+        }
+        string memory clientId = "lcp-zkdcap";
+        LCPClientZKDCAPOwnableUpgradeable lc = contractUpgradeCommon(clientId);
+
+        TokiLCPClientZKDCAP.NewClientState memory newClientState;
+        newClientState.clientId = clientId;
+        newClientState.mrenclave = abi.encodePacked(keccak256("new mrenclave"));
+        newClientState.keyExpiration = 60 * 60;
+        newClientState.allowedQuoteStatuses = new string[](1);
+        newClientState.allowedQuoteStatuses[0] = DCAPValidator.TCB_STATUS_SW_HARDENING_NEEDED_STRING;
+        newClientState.allowedAdvisoryIds = new string[](1);
+        newClientState.allowedAdvisoryIds[0] = "INTEL-SA-0002";
+        newClientState.zkdcapVerifierInfos = new bytes[](1);
+        newClientState.zkdcapVerifierInfos[0] = abi.encodePacked(
+            bytes1(uint8(1)), // zkvmType
+            bytes31(0), // reserved
+            bytes32(keccak256("new verifier"))
+        );
+
+        {
+            (bytes memory bz,) = lc.getClientState(clientId);
+            IbcLightclientsLcpV1ClientState.Data memory clientState = LCPProtoMarshaler.unmarshalClientState(bz);
+            assertNotEq(newClientState.zkdcapVerifierInfos[0], clientState.zkdcap_verifier_infos[0]);
+            assertNotEq(newClientState.allowedQuoteStatuses.length, clientState.allowed_quote_statuses.length);
+        }
+
+        TokiLCPClientZKDCAP.NewConsensusState memory newConsensusState;
+        // NOTE: The new consensus state is empty
+        newConsensusState.height = Height.Data(0, 0);
+
+        Options memory opts2;
+        opts2.referenceContract = "LCPClientZKDCAPOwnableUpgradeable.sol";
+        opts2.constructorData = abi.encode(
+            address(this), false, ZKDCAPTestHelper.dummyIntelRootCACert(), address(new NopRiscZeroVerifier()), 2
+        );
+        Upgrades.upgradeProxy(
+            address(lc),
+            "TokiLCPClientZKDCAP.sol",
+            abi.encodeCall(TokiLCPClientZKDCAP.upgrade, (newClientState, newConsensusState)),
+            opts2
+        );
+
+        {
+            (bytes memory bz,) = lc.getClientState(clientId);
+            IbcLightclientsLcpV1ClientState.Data memory clientState = LCPProtoMarshaler.unmarshalClientState(bz);
+            assertEq(clientState.latest_height.revision_number, 0);
+            assertEq(clientState.latest_height.revision_height, 1);
+            assertEq(clientState.mrenclave, newClientState.mrenclave);
+            assertEq(clientState.key_expiration, newClientState.keyExpiration);
+            assertEq(clientState.allowed_quote_statuses.length, 1);
+            assertEq(clientState.allowed_quote_statuses[0], newClientState.allowedQuoteStatuses[0]);
+            assertEq(clientState.allowed_advisory_ids.length, 1);
+            assertEq(clientState.allowed_advisory_ids[0], newClientState.allowedAdvisoryIds[0]);
+            assertEq(clientState.zkdcap_verifier_infos[0], newClientState.zkdcapVerifierInfos[0]);
+        }
+    }
+
+    function contractUpgradeCommon(string memory clientId) internal returns (LCPClientZKDCAPOwnableUpgradeable) {
+        Options memory opts;
+        opts.constructorData = abi.encode(
+            address(this), false, ZKDCAPTestHelper.dummyIntelRootCACert(), address(new NopRiscZeroVerifier())
+        );
+        LCPClientZKDCAPOwnableUpgradeable lc = LCPClientZKDCAPOwnableUpgradeable(
+            Upgrades.deployUUPSProxy(
+                "LCPClientZKDCAPOwnableUpgradeable.sol",
+                abi.encodePacked(LCPClientZKDCAPOwnableUpgradeable.initialize.selector),
+                opts
+            )
+        );
+        IbcLightclientsLcpV1ClientState.Data memory clientState = defaultClientState();
+        clientState.allowed_quote_statuses = new string[](2);
+        clientState.allowed_quote_statuses[0] = DCAPValidator.TCB_STATUS_CONFIGURATION_NEEDED_STRING;
+        clientState.allowed_quote_statuses[1] = DCAPValidator.TCB_STATUS_OUT_OF_DATE_STRING;
+        clientState.allowed_advisory_ids = new string[](2);
+        clientState.allowed_advisory_ids[0] = "INTEL-SA-0001";
+        clientState.allowed_advisory_ids[1] = "INTEL-SA-0003";
+        lc.initializeClient(
+            clientId, LCPProtoMarshaler.marshal(clientState), LCPProtoMarshaler.marshal(defaultConsensusState())
+        );
+        DCAPValidator.Output memory output = ZKDCAPTestHelper.qvOutput();
+        output.advisoryIDs = clientState.allowed_advisory_ids;
+        Vm.Wallet memory ek0 = vm.createWallet("ek0");
+        output.enclaveKey = ek0.addr;
+        // warp to the time of `output.validityNotBefore`
+        vm.warp(output.validityNotBefore);
+        lc.zkDCAPRegisterEnclaveKey(clientId, registerEnclaveKeyMessage(output));
+        {
+            LCPCommitment.UpdateStateProxyMessage memory updateStateMessage;
+            updateStateMessage.prevHeight = Height.Data(0, 0);
+            updateStateMessage.prevStateId = bytes32(0);
+            updateStateMessage.postHeight = Height.Data(0, 1);
+            updateStateMessage.postStateId = keccak256("state-1");
+            updateStateMessage.timestamp = 1;
+            LCPCommitment.ValidationContext memory vc;
+            updateStateMessage.context = abi.encode(vc);
+            updateStateMessage.emittedStates = new LCPCommitment.EmittedState[](1);
+
+            LCPCommitment.HeaderedProxyMessage memory headeredMessage;
+            headeredMessage.header = LCPCommitment.LCP_MESSAGE_HEADER_UPDATE_STATE;
+            headeredMessage.message = abi.encode(updateStateMessage);
+
+            IbcLightclientsLcpV1UpdateClientMessage.Data memory message;
+            message.proxy_message = abi.encode(headeredMessage);
+
+            (uint8 v, bytes32 r, bytes32 s) = vm.sign(ek0, keccak256(message.proxy_message));
+            message.signatures = new bytes[](1);
+            message.signatures[0] = abi.encodePacked(r, s, v);
+            lc.updateClient(clientId, message);
+        }
+        return lc;
+    }
+
     function testRecoveredLCPClientUpgradeable() public {
         string memory clientId = "lcp-zkdcap";
         TestTokiLCPClientZKDCAP lc = new TestTokiLCPClientZKDCAP(