Skip to content

[DoS] invalid peer block no longer wedges the net task#102

Open
1440000bytes wants to merge 2 commits into
LayerTwo-Labs:masterfrom
1440000bytes:fix-invalid-tip-wedges-net-task
Open

[DoS] invalid peer block no longer wedges the net task#102
1440000bytes wants to merge 2 commits into
LayerTwo-Labs:masterfrom
1440000bytes:fix-invalid-tip-wedges-net-task

Conversation

@1440000bytes

Copy link
Copy Markdown
Contributor

A single block from a peer that fails consensus validation permanently kills the net task, taking the node's networking fully offline.

In the NewTipReady handler, reorg_to_tip(...)? propagates any error out of run():

let reorg_applied = task::block_in_place(|| {
    reorg_to_tip(&self.ctxt.env, &self.ctxt.archive,
                 &self.ctxt.mempool, &self.ctxt.state, new_tip)
})?;

run()'s caller only logs the error and lets the task end:

if let Err(err) = task.run().await {
    tracing::error!("Net task error: {err:#}");
}

So when a peer sends a block whose body fails state validation — e.g. a transaction with value out > value in, surfacing as state error: value in is less than value out (NotEnoughValueIn, raised in validate_filled_transaction via prevalidate), the whole net task dies. After that nothing services peer connections, producing an endless stream of Failed to send peer connection info and Failed to send response info. The offending peer isn't even dropped (addr is discarded).

This means any peer can permanently disable a node's networking with one invalid block (remote DoS), and any genuine consensus disagreement bricks the node instead of just rejecting that chain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant