eth/fetcher, core/txpool: surface an exported error from the pool when attempting to add a blob transaction where the computed hashes of the sidecar commitments don't match the value in the tx header. In fetcher: drop sending peer but don't remove the hashes from tracking for future request/delivery. #31210
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d error from the pool when attempting to add a blob transaction where the computed hashes of the sidecar commitments doesn't match the value in the tx header. In fetcher: drop sending peer but don't remove the hashes from tracking for future request/delivery.
jwasinger
changed the title
|
Closing this as I think I have a cleaner solution implemented that validates the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #31162
(WIP) I haven't reproduced the bug this aims to fix with a test case yet, but it seems plausible from reading the code.
edit: After drafting this PR up, I actually think that it should be possible, and more simple to validate blob transaction hash integrity right after we decode blob transactions at the p2p level.
This is an attempt to address the following scenario:
Tand propagate it to the network.Abecomes aware ofT, requests it from some random nodeB.Bdecides for some reason, to alter the sidecar such that transaction validation cannot verify the hashes of the commitments in the sidecar correspond to theblob_versioned_hashesin the transaction header:Areceives a sidecar-lessTfromB, the transaction will fail to be added to the pool, andAwill disconnect every other peer that announcedTwith a total size differing from the alteredTthatBsent. See the related issue for an explainer of how this occurs in the fetcher.Areceives a sidecar-containingTwhose sidecar commitments don't matchblob_versioned_hashes, the tx will not make it into the pool and the hash will not be re-requested from other peers by the fetcher.Part of the fix that this PR proposes is to surface an exported error
ErrInvalidAuxiliaryDatafrom the pool which conveys transaction validation failure from verifying the cryptographic integrity of extra-header data. Right now, this is only relevant for blob transactions where the integrity of the header fieldblob_versioned_hashesdepends on the commitments in the sidecar.With this PR, adding a blob transaction to the pool will return
ErrInvalidAuxiliaryDataif hashes of the commitments in the sidecar don't match the values in the header. The distinction is useful in the fetcher because we don't want to purge hashes from the tracker upon receive if we can't recompute the transaction hash that a peer advertises.