From d3c2ae4e773a92c6d4c1609d388169a63c5f2b8b Mon Sep 17 00:00:00 2001
From: Jakub Sztandera <oss@kubuxu.com>
Date: Sun, 7 Jul 2024 15:19:17 +0200
Subject: [PATCH] Hash ticket before performing arithmetic (#424)

To ensure no arithmetic properties leak from BLS-G2 affine compressed
representation.

Signed-off-by: Jakub Sztandera <oss@kubuxu.com>
---
 gpbft/gpbft.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gpbft/gpbft.go b/gpbft/gpbft.go
index 96955399..61a95b8b 100644
--- a/gpbft/gpbft.go
+++ b/gpbft/gpbft.go
@@ -14,6 +14,7 @@ import (
 	"github.com/filecoin-project/go-bitfield"
 	rlepluslazy "github.com/filecoin-project/go-bitfield/rle"
 	"github.com/filecoin-project/go-f3/merkle"
+	"golang.org/x/crypto/blake2b"
 	"golang.org/x/xerrors"
 )
 
@@ -1433,7 +1434,8 @@ func (c *convergeState) FindMaxTicketProposal(table PowerTable) ConvergeValue {
 	for key, value := range c.values {
 		for _, ticket := range c.tickets[key] {
 			senderPower, _ := table.Get(ticket.Sender)
-			ticketAsInt := new(big.Int).SetBytes(ticket.Ticket)
+			ticketHash := blake2b.Sum256(ticket.Ticket)
+			ticketAsInt := new(big.Int).SetBytes(ticketHash[:])
 			weightedTicket := new(big.Int).Mul(ticketAsInt, big.NewInt(int64(senderPower)))
 			if maxTicket == nil || weightedTicket.Cmp(maxTicket) > 0 {
 				maxTicket = weightedTicket