From 4273f4d5b88d90cf9d179ff2a3e6b3d164bcf153 Mon Sep 17 00:00:00 2001
From: Steven Allen <steven@stebalien.com>
Date: Tue, 18 Oct 2022 21:38:35 -0700
Subject: [PATCH] feat: future proof the from & to address protocols

This lets us add new address protocols to go-address without implicitly
accepting them in messages on the network.
---
 chain/types/message.go |  8 ++++++++
 chain/vm/syscalls.go   | 17 +++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/chain/types/message.go b/chain/types/message.go
index 547d4c35395..1f858055b96 100644
--- a/chain/types/message.go
+++ b/chain/types/message.go
@@ -159,10 +159,18 @@ func (m *Message) ValidForBlockInclusion(minGas int64, version network.Version)
 		return xerrors.New("invalid 'To' address")
 	}
 
+	if m.To.Protocol() > address.BLS {
+		return xerrors.New("'To' address protocol unsupported for network version")
+	}
+
 	if m.From == address.Undef {
 		return xerrors.New("'From' address cannot be empty")
 	}
 
+	if m.From.Protocol() > address.BLS {
+		return xerrors.New("'From' address protocol unsupported for network version")
+	}
+
 	if m.Value.Int == nil {
 		return xerrors.New("'Value' cannot be nil")
 	}
diff --git a/chain/vm/syscalls.go b/chain/vm/syscalls.go
index 757453887a1..9d9d03b0c85 100644
--- a/chain/vm/syscalls.go
+++ b/chain/vm/syscalls.go
@@ -105,10 +105,23 @@ func (ss *syscallShim) VerifyConsensusFault(a, b, extra []byte) (*runtime7.Conse
 		return nil, xerrors.Errorf("cannot decode first block header: %w", decodeErr)
 	}
 
+	// A _valid_ block must use an ID address, but that's not what we're checking here. We're
+	// just making sure that adding additional address protocols won't lead to consensus issues.
+	//
+	// When we add a new consensus protocol, we'll have to have a network-version switch here to
+	// support that protocol _after_ the upgrade.
+	if blockA.Miner.Protocol() > address.BLS {
+		return nil, xerrors.Errorf("address protocol unsupported in current network version: %d", blockA.Miner.Protocol())
+	}
+
 	if decodeErr := blockB.UnmarshalCBOR(bytes.NewReader(b)); decodeErr != nil {
 		return nil, xerrors.Errorf("cannot decode second block header: %f", decodeErr)
 	}
 
+	if blockB.Miner.Protocol() > address.BLS {
+		return nil, xerrors.Errorf("address protocol unsupported in current network version: %d", blockB.Miner.Protocol())
+	}
+
 	// workaround chain halt
 	if build.IsNearUpgrade(blockA.Height, build.UpgradeOrangeHeight) {
 		return nil, xerrors.Errorf("consensus reporting disabled around Upgrade Orange")
@@ -170,6 +183,10 @@ func (ss *syscallShim) VerifyConsensusFault(a, b, extra []byte) (*runtime7.Conse
 			return nil, xerrors.Errorf("cannot decode extra: %w", decodeErr)
 		}
 
+		if blockC.Miner.Protocol() > address.BLS {
+			return nil, xerrors.Errorf("address protocol unsupported in current network version: %d", blockC.Miner.Protocol())
+		}
+
 		if types.CidArrsEqual(blockA.Parents, blockC.Parents) && blockA.Height == blockC.Height &&
 			types.CidArrsContains(blockB.Parents, blockC.Cid()) && !types.CidArrsContains(blockB.Parents, blockA.Cid()) {
 			consensusFault = &runtime7.ConsensusFault{