Add verifyLivenessConditionForRegisteredChains

framework/src/modules/interoperability/utils.ts

@@ -787,6 +787,22 @@ export const chainAccountToJSON = (chainAccount: ChainAccount) => {
 	};
 };
 
+export const verifyLivenessConditionForRegisteredChains = (
+	ccu: CrossChainUpdateTransactionParams,
+	blockTimestamp: number,
+) => {
+	if (ccu.certificate.length === 0 || isInboxUpdateEmpty(ccu.inboxUpdate)) {
+		return;
+	}
+	const certificate = codec.decode<Certificate>(certificateSchema, ccu.certificate);
+	const limitSecond = LIVENESS_LIMIT / 2;
+	if (blockTimestamp - certificate.timestamp > limitSecond) {
+		throw new Error(
+			`The first CCU with a non-empty inbox update cannot contain a certificate older than ${limitSecond} seconds.`,
+		);
+	}
+};
+
 export const getMainchainID = (chainID: Buffer): Buffer => {
 	const networkID = chainID.slice(0, 1);
 	// 3 bytes for remaining chainID bytes

framework/test/unit/modules/interoperability/utils.spec.ts

@@ -55,6 +55,7 @@ import {
 	getIDAsKeyForStore,
 	initGenesisStateUtil,
 	validateFormat,
+	verifyLivenessConditionForRegisteredChains,
 } from '../../../../src/modules/interoperability/utils';
 import { certificateSchema } from '../../../../src/engine/consensus/certificate_generation/schema';
 import { Certificate } from '../../../../src/engine/consensus/certificate_generation/types';
@@ -1927,4 +1928,83 @@ describe('Utils', () => {
 			expect(() => validateFormat(buildCCM({}))).not.toThrow();
 		});
 	});
+
+	describe('verifyLivenessConditionForRegisteredChains', () => {
+		const certificate = {
+			blockID: utils.getRandomBytes(20),
+			height: 23,
+			stateRoot: Buffer.alloc(2),
+			timestamp: 100000,
+			validatorsHash: utils.getRandomBytes(20),
+			aggregationBits: utils.getRandomBytes(1),
+			signature: utils.getRandomBytes(32),
+		};
+		const ccuParams = {
+			activeValidatorsUpdate: [],
+			certificate: codec.encode(certificateSchema, certificate),
+			inboxUpdate: {
+				crossChainMessages: [utils.getRandomBytes(100)],
+				messageWitnessHashes: [],
+				outboxRootWitness: {
+					bitmap: Buffer.alloc(0),
+					siblingHashes: [],
+				},
+			},
+			newCertificateThreshold: BigInt(99),
+			sendingChainID: utils.getRandomBytes(4),
+		};
+
+		it('should not throw if certificate is empty', () => {
+			expect(
+				verifyLivenessConditionForRegisteredChains(
+					{
+						...ccuParams,
+						certificate: Buffer.alloc(0),
+					},
+					10000,
+				),
+			).toBeUndefined();
+		});
+
+		it('should not throw if inbox update is empty', () => {
+			expect(
+				verifyLivenessConditionForRegisteredChains(
+					{
+						...ccuParams,
+						inboxUpdate: {
+							crossChainMessages: [],
+							messageWitnessHashes: [],
+							outboxRootWitness: {
+								bitmap: Buffer.alloc(0),
+								siblingHashes: [],
+							},
+						},
+					},
+					10000,
+				),
+			).toBeUndefined();
+		});
+
+		it('should throw if certificate timestamp is older than half of liveness limit', () => {
+			expect(() =>
+				verifyLivenessConditionForRegisteredChains(
+					{
+						...ccuParams,
+					},
+					certificate.timestamp + LIVENESS_LIMIT / 2 + 1,
+				),
+			).toThrow('The first CCU with a non-empty inbox update cannot contain a certificate older');
+		});
+
+		it('should not throw if inbox update is not older than half of liveness limit', () => {
+			expect(
+				verifyLivenessConditionForRegisteredChains(
+					{
+						...ccuParams,
+					},
+					certificate.timestamp + LIVENESS_LIMIT / 2,
+				),
+			).toBeUndefined();
+		});
+	});
 });