Merge pull request #3206 from oasisprotocol/kostko/fix/commit-pool-pa…

…rent-check

go/roothash: Make the parent block check earlier

.changelog/3206.bugfix.md

@@ -0,0 +1 @@
+go/roothash: Make the parent block check earlier

go/roothash/api/commitment/pool.go

@@ -149,8 +149,6 @@ func (p *Pool) addOpenExecutorCommitment(
 		return ErrNotInCommittee
 	}
 
-	// TODO: Check for signs of double signing (#1804).
-
 	// Ensure the node did not already submit a commitment.
 	if _, ok := p.ExecuteCommitments[id]; ok {
 		return ErrAlreadyCommitted
@@ -169,6 +167,16 @@ func (p *Pool) addOpenExecutorCommitment(
 		return ErrInvalidMessages
 	}
 
+	// Check if the block is based on the previous block.
+	if !header.IsParentOf(&blk.Header) {
+		logger.Debug("executor commitment is not based on correct block",
+			"node_id", id,
+			"expected_previous_hash", blk.Header.EncodedHash(),
+			"previous_hash", header.PreviousHash,
+		)
+		return ErrNotBasedOnCorrectBlock
+	}
+
 	// Verify RAK-attestation.
 	if p.Runtime.TEEHardware != node.TEEHardwareInvalid {
 		n, err := nl.Node(ctx, id)
@@ -198,16 +206,6 @@ func (p *Pool) addOpenExecutorCommitment(
 		}
 	}
 
-	// Check if the block is based on the previous block.
-	if !header.IsParentOf(&blk.Header) {
-		logger.Debug("executor commitment is not based on correct block",
-			"node_id", id,
-			"expected_previous_hash", blk.Header.EncodedHash(),
-			"previous_hash", header.PreviousHash,
-		)
-		return ErrNotBasedOnCorrectBlock
-	}
-
 	if err := sv.VerifyTxnSchedulerSignature(body.TxnSchedSig, blk.Header.Round); err != nil {
 		logger.Debug("executor commitment has bad transaction scheduler signer",
 			"node_id", id,