From add2c6b5dac86beeab7368b27f684f2ac12a6ea1 Mon Sep 17 00:00:00 2001
From: shotes <shotaehrlich@yahoo.com>
Date: Tue, 17 Dec 2024 12:16:52 -0600
Subject: [PATCH] validate index size

---
 da/blob/types.go                   | 1 +
 da/blob/verifier.go                | 5 +++++
 da/types/sidecar.go                | 4 ++++
 node-core/components/interfaces.go | 1 +
 4 files changed, 11 insertions(+)

diff --git a/da/blob/types.go b/da/blob/types.go
index cbeca83996..b9835e477f 100644
--- a/da/blob/types.go
+++ b/da/blob/types.go
@@ -53,6 +53,7 @@ type ConsensusSidecars[BlobSidecarsT any] interface {
 }
 
 type Sidecar interface {
+	GetIndex() uint64
 	GetBlob() eip4844.Blob
 	GetKzgProof() eip4844.KZGProof
 	GetKzgCommitment() eip4844.KZGCommitment
diff --git a/da/blob/verifier.go b/da/blob/verifier.go
index c59b811e01..168d53dcf9 100644
--- a/da/blob/verifier.go
+++ b/da/blob/verifier.go
@@ -83,6 +83,11 @@ func (bv *verifier[_, BlobSidecarsT]) verifySidecars(
 	// Verifying that sidecars block headers match with header of the
 	// corresponding block concurrently.
 	for i, s := range sidecars.GetSidecars() {
+		// This check happens outside the goroutines so that we do not
+		// process the inclusion proofs before validating the index.
+		if s.GetIndex() >= bv.chainSpec.MaxBlobsPerBlock() {
+			return fmt.Errorf("invalid sidecar Index: %d", i)
+		}
 		g.Go(func() error {
 			var sigHeader = s.GetSignedBeaconBlockHeader()
 
diff --git a/da/types/sidecar.go b/da/types/sidecar.go
index 7f6d16fa21..8a9967a2d6 100644
--- a/da/types/sidecar.go
+++ b/da/types/sidecar.go
@@ -84,6 +84,10 @@ func (b *BlobSidecar) HasValidInclusionProof(
 	)
 }
 
+func (b *BlobSidecar) GetIndex() uint64 {
+	return b.Index
+}
+
 func (b *BlobSidecar) GetBlob() eip4844.Blob {
 	return b.Blob
 }
diff --git a/node-core/components/interfaces.go b/node-core/components/interfaces.go
index 93440dd578..43b9eca187 100644
--- a/node-core/components/interfaces.go
+++ b/node-core/components/interfaces.go
@@ -202,6 +202,7 @@ type (
 	}
 
 	BlobSidecar interface {
+		GetIndex() uint64
 		GetSignedBeaconBlockHeader() *ctypes.SignedBeaconBlockHeader
 		GetBlob() eip4844.Blob
 		GetKzgProof() eip4844.KZGProof