prevention: do not accept block from someone who is not active sequencer

[danwt]

In general it should not be possible for some third party to come and gossip bullshit blocks, if they are not sequencer.

It might already be implemented, need to check!

Note: this applies also to sequencers who were recently sequencer - so should double check any possible impact of latency in the system.

In general need to reason through, and explain why this attack cannot happen.

[omritoptix]

this should be already supported. can we close it? @danwt

[danwt]

Right, I've just seen the code, for gossip

dymint/types/validation.go

Lines 98 to 110 in 88ba1fe

	func (c *Commit) ValidateWithHeader(proposerPubKey tmcrypto.PubKey, header *Header) error {
	if err := c.ValidateBasic(); err != nil {
	return err
	}
	abciHeaderPb := ToABCIHeaderPB(header)
	abciHeaderBytes, err := abciHeaderPb.Marshal()
	if err != nil {
	return err
	}
	// commit is validated to have single signature
	if !proposerPubKey.VerifySignature(abciHeaderBytes, c.Signatures[0]) {
	return ErrInvalidSignature
	}

dymint/block/block.go

Lines 166 to 169 in e9709f6

	// This function validates the block and commit against the state before applying it.
	func (m *Manager) validateBlockBeforeApply(block *types.Block, commit *types.Commit) error {
	return types.ValidateProposedTransition(m.State, block, commit, m.GetProposerPubKey())
	}

so no security issue

[danwt]

Reopening, this needs some thought IMO

[danwt]

I think the question here is latency in knowing the most up to date sequencer

Blocked by

• ADR: Node needs to have continuous recent view of Hub state #1088

Keeping open for now

[danwt]

related https://github.com/dymensionxyz/research/issues/333

[danwt]

Quote "we should validate sequencer pubkey on block against hub state upon event on each new event received from the hub "

[omritoptix]

I think this can be closed cause I blv this issue is about protecting against random party blocks and not about faulty sequecner rotation. in that case, I think that issue is covered.

[danwt]

Ok
May be we can discuss on Monday because thinking what if seq A is rotating to seq B correctly between H,H+1, but seq A gossips some blocks H+10 to another full node before the FN gets H or H+1, then the FN will have it cached

[danwt]

My point is I think it's worth due dilligence