can_fork_chain_at() should ignore blocks below the finalized tip #6388
Comments
|
Whilst it seems like we want to fix it, I don't think we should classify this as an audit fix... The reason why we were working on #6335 to close #862 was not because #862 was identified as a potential issue from the audit. Instead, #862 was flagged as an issue that was mentioned in a We should finish off #6335 and #862 since we have already started work on them, however I would like to prioritise actual audit issues first and fix these other items before a stable release. |
|
I just checked the code that validates and writes non-finalized blocks, it will correctly return a NotReadyToBeCommitted error without panicking, even if it sends a block based on these incorrect block hashes. So this is mainly a performance and maintainability issue. The code that writes finalized blocks ignores the incorrect block hashes, it just uses a single most recently sent hash. |
|
We've actually seen this issue in production, so this is a medium priority. |
|
Hey team! Please add your planning poker estimate with Zenhub @arya2 @conradoplg @dconnolly @oxarbitrage @teor2345 @upbqdn |
|
I just remembered that we reviewed this code, and checked that even if it was called incorrectly, the write block task would return a similar error. So @Pili I don't think it's a blocker for the stable release at all, and I think it's actually a low priority. |
…d block or attempting to fork the chain before the final checkpoint (#6810) * Fix #6388, rename sent_hashes field * Removes prune_by_height, uses new SentHashes instead * update queue_and_commit_to_non_finalized_state to start with children of non-finalized tip when dropping the finalized block write sender * revert rename for now * removes outdated TODO --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Motivation
We can't fork the chain at a finalized block height below the finalized tip height, but the
sent_non_finalized_blocksdata structure contains the heights of some finalized blocks close to the final checkpoint.We might need to store the queued finalized block list separately, rather than re-using an existing data structure that other code depends on.
(This is an existing bug, but the code in the linked audit PR added more finalized blocks to the data structure.)
Originally posted by @teor2345 in #6335 (comment)
Scheduling
We reviewed this code, and checked that even if it was called incorrectly, the write block task would return a similar error. So this is just a technical debt cleanup.
The text was updated successfully, but these errors were encountered: