Skip to content

fix(consensus/reactor): reject oversized proposals#5324

Merged
aljo242 merged 16 commits intomainfrom
arsushi/main
Sep 17, 2025
Merged

fix(consensus/reactor): reject oversized proposals#5324
aljo242 merged 16 commits intomainfrom
arsushi/main

Conversation

@aljo242
Copy link
Collaborator

@aljo242 aljo242 commented Sep 2, 2025
edited by mattac21
Loading

Updates the consensus reactor to validate that a received proposal will not contain more parts than the amount of chunks that it would take to build a block whos size is equal to ConsensusParams.Block.MaxBytes.

Original PR is here #5309, but reopened since the contributor stopped replying.

PR checklist

  • Tests written/updated
  • Changelog entry added in .changelog (we use unclog to manage our changelog)
  • Updated relevant documentation (docs/ or spec/) and code comments

@aljo242 aljo242 requested review from a team as code owners September 2, 2025 18:04
@mattac21 mattac21 changed the title fix(internal/consensus/reactor.go): reject oversized proposals fix(consensus/reactor): reject oversized proposals Sep 16, 2025
cursor[bot]

This comment was marked as outdated.

Sign in to view

@mattac21 mattac21 added backport-to-v0.37.x backport-to-v0.38.x Tell Mergify to backport the PR to v0.38.x and removed backport-to-v0.37.x labels Sep 16, 2025
almk-dev
almk-dev approved these changes Sep 16, 2025
View reviewed changes
mergify bot and others added 4 commits September 17, 2025 14:34
@mergify
Merge branch 'main' into arsushi/main
729bc76
@technicallyty @mattac21
chore: remove codeowners (#5406)
f8b9455 
this repo is blowing up my notifications, removing myself from
codeowners for now

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments
@maradini77 @aljo242 @mattac21
fix: Correct typos across documentation and code comments (#5387)
7a70247 
```markdown
## Summary
This PR addresses minor typographical errors found across multiple files in the codebase, improving code clarity and documentation accuracy.

## Changes Made

### Documentation Files
- **`docs/references/architecture/tendermint-core/adr-023-ABCI-propose-tx.md`**
  - Fixed "Additinoally" → "Additionally"

- **`docs/references/architecture/tendermint-core/adr-030-consensus-refactor.md`**
  - Fixed "MeesageUnknown" → "MessageUnknown"

- **`docs/references/config/config.toml.md`**
  - Fixed "receveing" → "receiving"

- **`docs/references/rfc/tendermint-core/rfc-002-ipc-ecosystem.md`**
  - Fixed "difficultly" → "difficulty"

- **`docs/references/rfc/tendermint-core/rfc-008-do-not-panic.md`**
  - Fixed "espically" → "especially"

- **`docs/references/rfc/tendermint-core/rfc-017-abci++-vote-extension-propag.md`**
  - Fixed "snapshop" → "snapshot"

- **`docs/references/storage/README.md`**
  - Fixed "procssed" → "processed"

- **`docs/app-dev/indexing-transactions.md`**
  - Fixed "Recepient" → "Recipient"

### Code Files
- **`crypto/secp256k1/secp256k1.go`**
  - Fixed "marshalls" → "marshals" in comment

- **`types/vote_test.go`**
  - Fixed "remaning" → "remaining" in comment


```

---------

Co-authored-by: Alex | Interchain Labs <alex@cosmoslabs.io>
@mattac21
refactor proposal validation into ValidateBlockSize function
62cf7cb
aljo242
aljo242 commented Sep 17, 2025
View reviewed changes
@aljo242 aljo242 merged commit 9ff47d0 into main Sep 17, 2025
32 checks passed
@aljo242 aljo242 deleted the arsushi/main branch September 17, 2025 21:54
mergify bot added a commit that referenced this pull request Sep 17, 2025
@aljo242 @arsushi
@almk-dev @mattac21 @mergify @technicallyty @maradini77
fix(consensus/reactor): reject oversized proposals (#5324)
6c1d5bb 
---
Updates the consensus reactor to validate that a received proposal will
not contain more parts than the amount of chunks that it would take to
build a block whos size is equal to `ConsensusParams.Block.MaxBytes`.

Original PR is here #5309, but
reopened since the contributor stopped replying.

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments

---------

Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>
(cherry picked from commit 9ff47d0)
@mergify mergify bot mentioned this pull request Sep 17, 2025
Merged
3 tasks
aljo242 added a commit that referenced this pull request Sep 18, 2025
@mergify @aljo242
@arsushi @almk-dev @mattac21 @technicallyty @maradini77
fix(consensus/reactor): reject oversized proposals (backport #5324) (#…
2cd5d91 
…5407)

---
Updates the consensus reactor to validate that a received proposal will
not contain more parts than the amount of chunks that it would take to
build a block whos size is equal to `ConsensusParams.Block.MaxBytes`.

Original PR is here #5309, but
reopened since the contributor stopped replying.

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments
<hr>This is an automatic backport of pull request #5324 done by
[Mergify](https://mergify.com).

Co-authored-by: Alex | Interchain Labs <alex@cosmoslabs.io>
Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>
tqin7 pushed a commit to dydxprotocol/cometbft that referenced this pull request Oct 14, 2025
@mergify @aljo242
@arsushi @almk-dev @mattac21 @technicallyty @maradini77 @tqin7
fix(consensus/reactor): reject oversized proposals (backport cometbft…
eb0025c 
…#5324) (cometbft#5407)

---
Updates the consensus reactor to validate that a received proposal will
not contain more parts than the amount of chunks that it would take to
build a block whos size is equal to `ConsensusParams.Block.MaxBytes`.

Original PR is here cometbft#5309, but
reopened since the contributor stopped replying.

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments
<hr>This is an automatic backport of pull request cometbft#5324 done by
[Mergify](https://mergify.com).

Co-authored-by: Alex | Interchain Labs <alex@cosmoslabs.io>
Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>
tqin7 pushed a commit to dydxprotocol/cometbft that referenced this pull request Oct 14, 2025
@mergify @aljo242
@arsushi @almk-dev @mattac21 @technicallyty @maradini77 @tqin7
fix(consensus/reactor): reject oversized proposals (backport cometbft…
c6b4ada 
…#5324) (cometbft#5407)

---
Updates the consensus reactor to validate that a received proposal will
not contain more parts than the amount of chunks that it would take to
build a block whos size is equal to `ConsensusParams.Block.MaxBytes`.

Original PR is here cometbft#5309, but
reopened since the contributor stopped replying.

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments
<hr>This is an automatic backport of pull request cometbft#5324 done by
[Mergify](https://mergify.com).

Co-authored-by: Alex | Interchain Labs <alex@cosmoslabs.io>
Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>
tqin7 pushed a commit to dydxprotocol/cometbft that referenced this pull request Oct 14, 2025
@mergify @aljo242
@arsushi @almk-dev @mattac21 @technicallyty @maradini77 @tqin7
fix(consensus/reactor): reject oversized proposals (backport cometbft…
1d91992 
…#5324) (cometbft#5407)

---
Updates the consensus reactor to validate that a received proposal will
not contain more parts than the amount of chunks that it would take to
build a block whos size is equal to `ConsensusParams.Block.MaxBytes`.

Original PR is here cometbft#5309, but
reopened since the contributor stopped replying.

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments
<hr>This is an automatic backport of pull request cometbft#5324 done by
[Mergify](https://mergify.com).

Co-authored-by: Alex | Interchain Labs <alex@cosmoslabs.io>
Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>
tqin7 added a commit to dydxprotocol/cometbft that referenced this pull request Oct 14, 2025
@tqin7 @mergify
@melekes @aljo242 @arsushi @almk-dev @mattac21 @technicallyty @maradini77
Backport security patch for GHSA-hrhf-2vcr-ghch (#52)
0235a93 
* fix(bits): prevent BitArray.UnmarshalJSON from crashing on 0 bits in the JSON (backport cometbft#2774) (cometbft#2778)

This change fixes a bug in which BitArray.UnmarshalJSON hadn't accounted
for the fact that invoking NewBitArray(<=0) returns nil and hence when
dereferenced would crash with a runtime nil pointer dereference. This
bug was found by my security analysis and fuzzing too.

Author: @odeke-em

Fixes cometbft#2658

---

- [x] Tests written/updated
- [x] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] ~~Updated relevant documentation (`docs/` or `spec/`) and code
comments~~
- [x] Title follows the [Conventional
Commits](https://www.conventionalcommits.org/en/v1.0.0/) spec
<hr>This is an automatic backport of pull request cometbft#2774 done by
[Mergify](https://mergify.com).

---------

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

* fix(consensus/reactor): reject oversized proposals (backport cometbft#5324) (cometbft#5407)

---
Updates the consensus reactor to validate that a received proposal will
not contain more parts than the amount of chunks that it would take to
build a block whos size is equal to `ConsensusParams.Block.MaxBytes`.

Original PR is here cometbft#5309, but
reopened since the contributor stopped replying.

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments
<hr>This is an automatic backport of pull request cometbft#5324 done by
[Mergify](https://mergify.com).

Co-authored-by: Alex | Interchain Labs <alex@cosmoslabs.io>
Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>

* Merge commit from fork

* add VaidateBasic to BitArray to ensure Bits and len(Elems) are valid

* call ValidateBasic on BitArrays when receiving as a msg from exteranl nodes

* enfore SetIndex is not setting out of bounds

* add guard to getNumTrueIndices

getNumTrueIndices will index out of bounds if Bits and Elems have a
mismatch where len(elems) != (bits+63)/64, this guard makes it simply
return 0 if this mismatch is present

* changelog

* fix missing import for v0.38.x

* update changelog for release of v0.38.19

* remove duplicate bug fixes from unreleased

* fix changelog date

* fix lint

* fix expected error string in test

* add necessary test constants

---------

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
Co-authored-by: Alex | Interchain Labs <alex@cosmoslabs.io>
Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>
Co-authored-by: Matt Acciai <matt@cosmoslabs.io>
beer-1 pushed a commit to initia-labs/cometbft that referenced this pull request Oct 15, 2025
@mergify @aljo242
@arsushi @almk-dev @mattac21 @technicallyty @maradini77 @beer-1
fix(consensus/reactor): reject oversized proposals (backport cometbft…
56e9392 
…#5324) (cometbft#5407)

---
Updates the consensus reactor to validate that a received proposal will
not contain more parts than the amount of chunks that it would take to
build a block whos size is equal to `ConsensusParams.Block.MaxBytes`.

Original PR is here cometbft#5309, but
reopened since the contributor stopped replying.

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments
<hr>This is an automatic backport of pull request cometbft#5324 done by
[Mergify](https://mergify.com).

Co-authored-by: Alex | Interchain Labs <alex@cosmoslabs.io>
Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>
swift1337 pushed a commit that referenced this pull request Oct 16, 2025
@aljo242 @arsushi
@almk-dev @mattac21 @mergify @technicallyty @maradini77 @swift1337
fix(consensus/reactor): reject oversized proposals (#5324)
53fd0ac 
---
Updates the consensus reactor to validate that a received proposal will
not contain more parts than the amount of chunks that it would take to
build a block whos size is equal to `ConsensusParams.Block.MaxBytes`.

Original PR is here #5309, but
reopened since the contributor stopped replying.

#### PR checklist

- [ ] Tests written/updated
- [ ] Changelog entry added in `.changelog` (we use
[unclog](https://github.com/informalsystems/unclog) to manage our
changelog)
- [ ] Updated relevant documentation (`docs/` or `spec/`) and code
comments

---------

Co-authored-by: arsushi <richie@asymmetric.re>
Co-authored-by: Abdul Malek <me@almk.dev>
Co-authored-by: Matt Acciai <matt@skip.money>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Tyler <48813565+technicallyty@users.noreply.github.com>
Co-authored-by: maradini77 <140460067+maradini77@users.noreply.github.com>
@fridrik01 fridrik01 mentioned this pull request Jan 14, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Eric-Warehime Eric-Warehime Awaiting requested review from Eric-Warehime

@technicallyty technicallyty Awaiting requested review from technicallyty

@mattac21 mattac21 Awaiting requested review from mattac21

2 more reviewers

@cursor cursor[bot] cursor[bot] left review comments

@almk-dev almk-dev almk-dev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport-to-v0.38.x Tell Mergify to backport the PR to v0.38.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@aljo242 @almk-dev @mattac21 @arsushi @technicallyty @maradini77