-
Notifications
You must be signed in to change notification settings - Fork 788
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix border condition in Snowbridge free consensus Updates #5671
Fix border condition in Snowbridge free consensus Updates #5671
Conversation
* illustrates border condition * adds test payloads * cleanup * update comment * fmt * shuffle things around * a few more test checks * Update bridges/snowbridge/pallets/ethereum-client/src/lib.rs Co-authored-by: Adrian Catangiu <adrian@parity.io> --------- Co-authored-by: Adrian Catangiu <adrian@parity.io>
@acatangiu may you please add the T15-bridges label. :) |
…-fix' into snowbridge-free-consensus-update-fix
@vgeddes @alistair-singh @yrong ready to review. :) |
@bkontur @serban300 please review - we also need to backport this fix. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd add another check after this that updates with a lower number also are not free
@franciscoaguirre do you mean another test check or a check in the light client? |
…te-fix' into snowbridge-free-consensus-update-fix
@franciscoaguirre more test conditions added. @acatangiu @yrong @vgeddes @alistair-singh I added an interesting test case here. It is an update with a sync committee that has already been imported. The update contains a newer finalized header, so the update is free. However, the sync committee merkle proof is verified, but not stored, because it is already known and stored. So technically the sync committee merkle proof computation is unnecessary, but the update is still free because it contains a new finalized header update. I think it is OK, but just highlighting it is an odd case. |
a new finalized header update with slot advanced more than |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good as far as I can understand !
…te-fix' into snowbridge-free-consensus-update-fix
quick find+replace to rename across the whole repo required. |
…te-fix' into snowbridge-free-consensus-update-fix
Head branch was pushed to by a user without write access
1790e42
Created backport PR for
Please cherry-pick the changes locally and resolve any conflicts. git fetch origin backport-5671-to-stable2407
git worktree add --checkout .worktree/backport-5671-to-stable2407 backport-5671-to-stable2407
cd .worktree/backport-5671-to-stable2407
git reset --hard HEAD^
git cherry-pick -x 1790e4272b9fd8832f1ab9e3bf5aaaae9cf5ada7
git push --force-with-lease |
# Description A fix for a border condition introduced with new feature #5201. A malicious relayer could spam the Ethereum client with sync committee updates that have already been imported for the period. This PR adds a storage item to track the last imported sync committee period, so that subsequent irrelevant updates are not free. Original PR: Snowfork#172 ## Integration Downstream projects are not affected. Relayers will not be able to spam the Ethereum client with irrelevant sync committee updates for free. ## Review Notes Adds a storage item to track the last free sync committee update period, so that duplicate imports are not free. --------- Co-authored-by: Adrian Catangiu <adrian@parity.io> (cherry picked from commit 1790e42)
Successfully created backport PR for |
Backport #5671 into `stable2409` from claravanstaden. See the [documentation](/~https://github.com/paritytech/polkadot-sdk/blob/master/docs/BACKPORT.md) on how to use this bot. <!-- # To be used by other automation, do not modify: original-pr-number: #${pull_number} --> Co-authored-by: Clara van Staden <claravanstaden64@gmail.com> Co-authored-by: Adrian Catangiu <adrian@parity.io>
Description
A fix for a border condition introduced with new feature #5201. A malicious relayer could spam the Ethereum client with sync committee updates that have already been imported for the period. This PR adds a storage item to track the last imported sync committee period, so that subsequent irrelevant updates are not free.
Original PR: Snowfork#172
Integration
Downstream projects are not affected. Relayers will not be able to spam the Ethereum client with irrelevant sync committee updates for free.
Review Notes
Adds a storage item to track the last free sync committee update period, so that duplicate imports are not free.