Using the node to initialize PoST of an identity that has published ATXs before selects incorrect commitment ATX

[fasmat]

Description

When initializing an identity that has already published ATXs before using the go-spacemesh node the initialization process will select the incorrect Commitment ATX for the identity causing the node to create invalid PoSTs which might cause a node to publish a ATXs that will cause equivocation if distributed verification is enabled.

Steps to reproduce

1. Create an identity and wait until publishes at least one ATX - take note of the commitment ATX that was used to initialize PoST (in postdata_metadata.json)
2. Delete everything in the /data directory except the identities folder
3. Wait for the node to be in sync and start initializing PoST again

Actual Behavior

The node initialized the second time with a different commitment ATX than the first time

Expected Behavior

The used commitment ATX should be the same for the second PoST init as for the first.

Additional Info

After starting the node waits to be in sync before it starts the activation.PostSupervisor that uses activation.PostSetupManager to start initializing PoST. The commitment ATX that is used for initialization is determined here:

go-spacemesh/activation/post.go

Lines 373 to 397 in d30d5fb

	func (mgr *PostSetupManager) commitmentAtx(ctx context.Context, dataDir string, id types.NodeID) (types.ATXID, error) {
	m, err := initialization.LoadMetadata(dataDir)
	switch {
	case err == nil:
	return types.ATXID(types.BytesToHash(m.CommitmentAtxId)), nil
	case errors.Is(err, initialization.ErrStateMetadataFileMissing):
	// if this node has already published an ATX, get its initial ATX and from it the commitment ATX
	atxId, err := atxs.GetFirstIDByNodeID(mgr.db, id)
	if err == nil {
	atx, err := atxs.Get(mgr.db, atxId)
	if err != nil {
	return types.EmptyATXID, err
	}
	if atx.CommitmentATX == nil {
	return types.EmptyATXID, fmt.Errorf("initial ATX %s does not contain a commitment ATX", atxId)
	}
	return *atx.CommitmentATX, nil
	}
	// if this node has not published an ATX select the best ATX with `findCommitmentAtx`
	return mgr.findCommitmentAtx(ctx)
	default:
	return types.EmptyATXID, fmt.Errorf("load metadata: %w", err)
	}
	}

If the code works correctly it should pick the same commitmentATX as was used for the first initialization, but in at least one system test this was not the case after the node was restarted by k8s (and thereby reset all its state except the key of the identity): See for example here - https://grafana.spacemesh.dev/goto/rpK7V7WNg?orgId=1

{"L":"INFO","T":"2024-10-24T17:09:57.173Z","N":"node.post","M":"post setup session starting","node_id":"d7b70ad49bbca28896fc577523ca3644246e2c70dcc11a054b8c3aaf64034719","commitment_atx":"18638eb398","data_dir":"/data/post","num_units":2,"labels_per_unit":128,"provider":"4294967295"} 
{"L":"INFO","T":"2024-10-24T17:19:00.146Z","N":"node.post","M":"post setup session starting","node_id":"d7b70ad49bbca28896fc577523ca3644246e2c70dcc11a054b8c3aaf64034719","commitment_atx":"5e7ae643a5","data_dir":"/data/post","num_units":2,"labels_per_unit":128,"provider":"4294967295"}