From 6ec2a50842318ed4aa17c83dfc36f113b0498f5f Mon Sep 17 00:00:00 2001
From: Lukasz Klimek <842586+lklimek@users.noreply.github.com>
Date: Mon, 12 Aug 2024 08:07:06 +0200
Subject: [PATCH] fix: don't accept evidence on non-validator hosts

---
 internal/evidence/reactor.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/internal/evidence/reactor.go b/internal/evidence/reactor.go
index 54dd75a810..a4e9cad2fe 100644
--- a/internal/evidence/reactor.go
+++ b/internal/evidence/reactor.go
@@ -101,6 +101,18 @@ func (r *Reactor) handleEvidenceMessage(ctx context.Context, envelope *p2p.Envel
 
 	switch msg := envelope.Message.(type) {
 	case *tmproto.Evidence:
+
+		// Only accept evidence if we are an active validator.
+		// On other hosts, signatures in evidence (if any) cannot be verified due to lack of validator public keys,
+		// and it creates risk of adding invalid evidence to the pool.
+		//
+		// TODO: We need to figure out how to handle evidence from non-validator nodes, to avoid scenarios where some
+		// evidence is lost.
+		if !r.evpool.state.Validators.HasPublicKeys {
+			// silently drop the message
+			logger.Debug("dropping evidence message as we are not a validator", "evidence", envelope.Message)
+		}
+
 		// Process the evidence received from a peer
 		// Evidence is sent and received one by one
 		ev, err := types.EvidenceFromProto(msg)