feat(consensus): additional sanity checks for the size of proposed blocks#1408
Merged
feat(consensus): additional sanity checks for the size of proposed blocks#1408
Conversation
sergio-mena
reviewed
Sep 27, 2023
sergio-mena
reviewed
Sep 27, 2023
sergio-mena
reviewed
Sep 28, 2023
| return ErrPartTooBig | ||
| } | ||
| // All parts except the last one should have the same constant size. | ||
| if int64(part.Index) < part.Proof.Total-1 && len(part.Bytes) != int(BlockPartSizeBytes) { |
Collaborator
There was a problem hiding this comment.
We're still using part.Proof.Total here, are we 100% sure this total will always be in sync with the total number of parts?
Author
There was a problem hiding this comment.
Yes, this is a good point. But we don't have the Total field in each Part, we only have it on the PartSet.
Author
There was a problem hiding this comment.
The point here is that wrong values for Proof.Total and Proof.Index should make the Merkle-tree verification to fail. But I am not sure whether we test this at this point. Notice that the Part tests have nothing on the arrays used to fill the Part and the Part.Proof bytes.
Collaborator
There was a problem hiding this comment.
Is there a possibility that Part is used without populating part.Proof? (I guess no, but double-checking).
Author
There was a problem hiding this comment.
It should not be possible, as the next check (line 40) would fail. This check, however, is also a valid check: integer fields are >= 0, hashes have the right length.
Author
There was a problem hiding this comment.
So, status regarding this:
- we can trust
Proof.Index, as change it causes the proof verification to fail - we can't trust
Proof.Total, as it is irrelevant for the proof verification provided thatProof.Index < Proof.Total.
Author
There was a problem hiding this comment.
Ok, now Proof.Total should be correct, otherwise the Part is not added. Lets check if something breaks due to this additional check.
lasarojc
reviewed
Sep 28, 2023
sergio-mena
reviewed
Sep 28, 2023
Comment on lines
+313
to
+317
| maxBlockParts := maxBytes / int64(types.BlockPartSizeBytes) | ||
| if maxBytes > maxBlockParts*int64(types.BlockPartSizeBytes) { | ||
| maxBlockParts += 1 | ||
| } | ||
| numBlockParts := int64(propBlockParts.Total()) |
Collaborator
There was a problem hiding this comment.
Suggested change
| maxBlockParts := maxBytes / int64(types.BlockPartSizeBytes) | |
| if maxBytes > maxBlockParts*int64(types.BlockPartSizeBytes) { | |
| maxBlockParts += 1 | |
| } | |
| numBlockParts := int64(propBlockParts.Total()) | |
| maxBlockParts := (maxBytes-1) / int64(types.BlockPartSizeBytes) + 1 | |
| numBlockParts := int64(propBlockParts.Total()) |
How about this instead?
Author
There was a problem hiding this comment.
I prefer using a different method, even if it is less efficient/smart, when testing.
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
sergio-mena
approved these changes
Oct 10, 2023
Collaborator
sergio-mena
left a comment
There was a problem hiding this comment.
I was convinced I had already approved this (sorry for delay)
Contributor
|
Is this going to be backported? If so, to which version(s)? |
Author
I would say all releases. Why? |
Contributor
There are currently no backport labels on the PR. Let's get this over the finish line please. |
Author
Sorry, my bad. @sergio-mena, can you confirm we are backporting this to all releases? |
Collaborator
|
As this comes from our work in a security advisory, I'd say we should backport it to all releases |
This was referenced Jul 15, 2024
This was referenced Jul 22, 2024
This was referenced Aug 1, 2024
This was referenced Aug 9, 2024
This was referenced Aug 19, 2024
3 tasks
roy-dydx
pushed a commit
to dydxprotocol/cometbft
that referenced
this pull request
Feb 3, 2025
…ocks (backport cometbft#1408) (cometbft#2139) This is an automatic backport of pull request cometbft#1408 done by [Mergify](https://mergify.com). Cherry-pick of 28ad4d2 has failed: ``` On branch mergify/bp/v0.38.x/pr-1408 Your branch is up to date with 'origin/v0.38.x'. You are currently cherry-picking commit 28ad4d2. (fix conflicts and run "git cherry-pick --continue") (use "git cherry-pick --skip" to skip this patch) (use "git cherry-pick --abort" to cancel the cherry-pick operation) Changes to be committed: modified: consensus/state.go modified: consensus/state_test.go modified: crypto/merkle/proof.go modified: evidence/pool_test.go modified: state/execution_test.go modified: types/event_bus_test.go modified: types/part_set.go modified: types/part_set_test.go Unmerged paths: (use "git add/rm <file>..." as appropriate to mark resolution) deleted by us: internal/consensus/errors.go both modified: state/store_test.go both modified: store/store_test.go ``` To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally --- <details> <summary>Mergify commands and options</summary> <br /> More conditions and actions can be found in the [documentation](https://docs.mergify.com/). You can also trigger Mergify actions by commenting on this pull request: - `@Mergifyio refresh` will re-evaluate the rules - `@Mergifyio rebase` will rebase this PR on its base branch - `@Mergifyio update` will merge the base branch into this PR - `@Mergifyio backport <destination>` will backport this PR on `<destination>` branch Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can: - look at your merge queues - generate the Mergify configuration with the config editor. Finally, you can contact us on https://mergify.com </details> --------- Co-authored-by: Daniel <daniel.cason@informal.systems> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: Andy Nogueira <me@andynogueira.dev>
roy-dydx
pushed a commit
to dydxprotocol/cometbft
that referenced
this pull request
Feb 3, 2025
…ocks (backport cometbft#1408) (cometbft#2139) This is an automatic backport of pull request cometbft#1408 done by [Mergify](https://mergify.com). Cherry-pick of 28ad4d2 has failed: ``` On branch mergify/bp/v0.38.x/pr-1408 Your branch is up to date with 'origin/v0.38.x'. You are currently cherry-picking commit 28ad4d2. (fix conflicts and run "git cherry-pick --continue") (use "git cherry-pick --skip" to skip this patch) (use "git cherry-pick --abort" to cancel the cherry-pick operation) Changes to be committed: modified: consensus/state.go modified: consensus/state_test.go modified: crypto/merkle/proof.go modified: evidence/pool_test.go modified: state/execution_test.go modified: types/event_bus_test.go modified: types/part_set.go modified: types/part_set_test.go Unmerged paths: (use "git add/rm <file>..." as appropriate to mark resolution) deleted by us: internal/consensus/errors.go both modified: state/store_test.go both modified: store/store_test.go ``` To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally --- <details> <summary>Mergify commands and options</summary> <br /> More conditions and actions can be found in the [documentation](https://docs.mergify.com/). You can also trigger Mergify actions by commenting on this pull request: - `@Mergifyio refresh` will re-evaluate the rules - `@Mergifyio rebase` will rebase this PR on its base branch - `@Mergifyio update` will merge the base branch into this PR - `@Mergifyio backport <destination>` will backport this PR on `<destination>` branch Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can: - look at your merge queues - generate the Mergify configuration with the config editor. Finally, you can contact us on https://mergify.com </details> --------- Co-authored-by: Daniel <daniel.cason@informal.systems> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: Andy Nogueira <me@andynogueira.dev>
roy-dydx
added a commit
to dydxprotocol/cometbft
that referenced
this pull request
Feb 3, 2025
* feat(consensus): additional sanity checks for the size of proposed blocks (backport cometbft#1408) (cometbft#2139) This is an automatic backport of pull request cometbft#1408 done by [Mergify](https://mergify.com). Cherry-pick of 28ad4d2 has failed: ``` On branch mergify/bp/v0.38.x/pr-1408 Your branch is up to date with 'origin/v0.38.x'. You are currently cherry-picking commit 28ad4d2. (fix conflicts and run "git cherry-pick --continue") (use "git cherry-pick --skip" to skip this patch) (use "git cherry-pick --abort" to cancel the cherry-pick operation) Changes to be committed: modified: consensus/state.go modified: consensus/state_test.go modified: crypto/merkle/proof.go modified: evidence/pool_test.go modified: state/execution_test.go modified: types/event_bus_test.go modified: types/part_set.go modified: types/part_set_test.go Unmerged paths: (use "git add/rm <file>..." as appropriate to mark resolution) deleted by us: internal/consensus/errors.go both modified: state/store_test.go both modified: store/store_test.go ``` To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally --- <details> <summary>Mergify commands and options</summary> <br /> More conditions and actions can be found in the [documentation](https://docs.mergify.com/). You can also trigger Mergify actions by commenting on this pull request: - `@Mergifyio refresh` will re-evaluate the rules - `@Mergifyio rebase` will rebase this PR on its base branch - `@Mergifyio update` will merge the base branch into this PR - `@Mergifyio backport <destination>` will backport this PR on `<destination>` branch Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can: - look at your merge queues - generate the Mergify configuration with the config editor. Finally, you can contact us on https://mergify.com </details> --------- Co-authored-by: Daniel <daniel.cason@informal.systems> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: Andy Nogueira <me@andynogueira.dev> * Merge commit from fork --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> Co-authored-by: Daniel <daniel.cason@informal.systems> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: Andy Nogueira <me@andynogueira.dev> Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
haiyizxx
pushed a commit
to axelarnetwork/cometbft
that referenced
this pull request
Feb 5, 2025
…ocks (backport cometbft#1408) (cometbft#2139) This is an automatic backport of pull request cometbft#1408 done by [Mergify](https://mergify.com). Cherry-pick of 28ad4d2 has failed: ``` On branch mergify/bp/v0.38.x/pr-1408 Your branch is up to date with 'origin/v0.38.x'. You are currently cherry-picking commit 28ad4d2. (fix conflicts and run "git cherry-pick --continue") (use "git cherry-pick --skip" to skip this patch) (use "git cherry-pick --abort" to cancel the cherry-pick operation) Changes to be committed: modified: consensus/state.go modified: consensus/state_test.go modified: crypto/merkle/proof.go modified: evidence/pool_test.go modified: state/execution_test.go modified: types/event_bus_test.go modified: types/part_set.go modified: types/part_set_test.go Unmerged paths: (use "git add/rm <file>..." as appropriate to mark resolution) deleted by us: internal/consensus/errors.go both modified: state/store_test.go both modified: store/store_test.go ``` To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally --- <details> <summary>Mergify commands and options</summary> <br /> More conditions and actions can be found in the [documentation](https://docs.mergify.com/). You can also trigger Mergify actions by commenting on this pull request: - `@Mergifyio refresh` will re-evaluate the rules - `@Mergifyio rebase` will rebase this PR on its base branch - `@Mergifyio update` will merge the base branch into this PR - `@Mergifyio backport <destination>` will backport this PR on `<destination>` branch Additionally, on Mergify [dashboard](https://dashboard.mergify.com) you can: - look at your merge queues - generate the Mergify configuration with the config editor. Finally, you can contact us on https://mergify.com </details> --------- Co-authored-by: Daniel <daniel.cason@informal.systems> Co-authored-by: Sergio Mena <sergio@informal.systems> Co-authored-by: Andy Nogueira <me@andynogueira.dev>
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hardens tests regarding the size of proposed blocks, namely:
Partshould be constant (== types.BlockPartSizeBytes), except for the last part of aPartSet(<= types.BlockPartSizeBytes)Proposalshould not enclose aPartSetenabling the building of aProposalBlockwith size larger than the configuredConsensusParams.Block.MaxBytes. Notice that building aProposalBlocklarger than the allowed would fail in any case, but the proposed changes also invalidate the associatedProposal.PR checklist
.changelog(we use unclog to manage our changelog)docs/orspec/) and code comments