Proposer is not verified #22
Description
I recently discovered that honest nodes may vote to a proposal that is not the current proposer, which is decided by the pacemaker. While this is fine when all nodes are honest, an attacker can always send inconsistent (but valid) proposals to other nodes so that the other nodes can not agree on a single block, and thus this attacker can DoS the protocol as long as its proposals arrive faster than others' proposals.
I also noticed that in Basic and Chained HotStuff, the pseudo code requires a replica to match message from leader, but this procedure is gone for the pseudo code of Event-driven HotStuff. Maybe there is an assumption that onReceiveProposal will only be called when the proposal is sent from the correct proposer? Or this is just a bug in the pseudo code?