SEC-14 single DB lookup table for all objects pose consensus security risk #416
Milestone
Comments
|
obscuren
added a commit
that referenced
this issue
Mar 6, 2015
jpeletier
pushed a commit
to epiclabs-io/go-ethereum
that referenced
this issue
Apr 25, 2018
swarm: tracing to help fix `unexpected EOF`
ngtuna
added a commit
to ngtuna/tomochain
that referenced
this issue
Jan 29, 2019
…checkpoint Won't grasp txs at checkpoint
AusIV
pushed a commit
to NoteGio/go-ethereum
that referenced
this issue
Jan 18, 2022
implementing PR ethereum#23558 from ethereum/go-ethereum
tony-ricciardi
pushed a commit
to tony-ricciardi/go-ethereum
that referenced
this issue
Jan 20, 2022
tony-ricciardi
pushed a commit
to tony-ricciardi/go-ethereum
that referenced
this issue
Jan 20, 2022
…#1263) ### Description This changes the `light.serve` default back to zero so that serving light clients becomes opt-in rather than opt-out. The reason is that there are many use-cases for running a node that don't involve light clients, and only one use-case that is about serving light clients, so it makes more sense to have it opt-in to avoid people running the light server without realizing it. ### Other changes * Change `light.maxpeers` default value from 99 back to 100 (the change to 99 was to work around an issue that no longer exists, see below under "Related issues") * Fix a bug in the logic for the `lightPeers` variable in `SetP2PConfig()` (it was not respecting the default value of LightPeers, leading to incorrect values in the `Maximum peer count` log line and to `MaxPeers` not being increased when it should have been. ### Tested * Automated tests pass * Without specifying any flags, LES is off, max peers is 175 * Specifying `--light.serve 100`, LES is on, total max peers is 275, max eth peers is 175, max light peers is 100 * Specifying `--light.serve 100 --light.maxpeers 200`, LES is on, total max peers is 375, max eth peers is 175, max light peers is 200 * Specifying `--light.serve 100 --maxpeers 150`, LES is on, total max peers is 250, max eth peers is 150, max light peers is 100 * Specifying `--light.serve 100 --light.maxpeers 1000 --maxpeers 100`, LES is on, total max peers is 1100, max eth peers is 100, max light peers is 1000 (these are the flag values recommended in the docs for serving light clients, and are based on the fact that if (and only if) you specify both `light.maxpeers` and `maxpeers` then `maxpeers` is assumed to include `light.maxpeers`) ### Related issues - Closes ethereum#1262 - Additional context: ethereum#395, ethereum#416, ethereum#864 ### Backwards compatibility Breaking change to the defaults, most notably `--light.serve`, but with limited impact, because in the docs for running a full node we specify `--light.serve`, `--light.maxpeers` and `--maxpeers`, so it's not relying on the defaults anyway. And for users who are not intending to serve light clients, the new defaults make more sense.
maoueh
pushed a commit
to streamingfast/go-ethereum
that referenced
this issue
Dec 9, 2022
* Limit state sync by gas * Added logging for state-sync total gas usage * Added number of event-records in log * Minor Changes * Minor Fix * Adding individual gasUsed * Minor Fix * it works * fix tests * log wiggle and delay with block number * log delays as numbers * linters * fix tests * restore linters for the project * fix linters * fix * fix * fix * linters * generation * fix tests * remove heimdall wrapper response * linters * remove possible collisions * remove possible collisions * remove possible collisions * tests for unique address generation * generalize set * bor miner tests got restored * fixes after CR * final step and mining test * fix * fix e2e * more tests for Heimdall requests * fix linters Co-authored-by: Ferran <ferranbt@protonmail.com> Co-authored-by: Shivam Sharma <shivam691999@gmail.com>
tanishqjasoria
pushed a commit
to tanishqjasoria/go-ethereum
that referenced
this issue
Oct 31, 2023
fix(rollup): fix compile error
tanishqjasoria
pushed a commit
to tanishqjasoria/go-ethereum
that referenced
this issue
Apr 11, 2024
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
garyschulte
pushed a commit
to garyschulte/go-ethereum
that referenced
this issue
Apr 17, 2024
* simplified gas accounting layer * integrate some review feedback * Apply suggestions from code review Co-authored-by: Ignacio Hagopian <jsign.uy@gmail.com> * more suggestions from code review * don't charge creation gas + charge code chunks in create * A couple more fixes * make linter happy * fix create init gas consumption issue * fix: in gas funcs, use tx witness instead of global witness * fix linter issue * Apply suggestions from code review Co-authored-by: Ignacio Hagopian <jsign.uy@gmail.com> * fix: EXTCODECOPY gas consumption * fix warm gas costs * fix the order gas is charged in during contract creation epilogue * fix selfdestruct * fix ethereum#365 in eip rewrite (ethereum#407) * fix: OOG type in code creation OOG (ethereum#408) * core/vm: charge BLOCKHASH witness cost (ethereum#409) * core/vm: charge BLOCKHASH witness cost Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * remove gas optimization for now Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> --------- Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * remove redundant logic for contract creation (ethereum#413) Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * fix precompile address check for charging witness costs & fix missing value-bearing rule (ethereum#412) Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * core/vm: fix wrong check (ethereum#416) Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * charge for account creation if selfdestruct creates a new account (ethereum#417) * add key comparison test (ethereum#418) * core/vm: charge contract init before execution logic (ethereum#419) * core/vm: charge contract init before execution logic Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> * fix CREATE2 as well --------- Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> Co-authored-by: Guillaume Ballet <3272758+gballet@users.noreply.github.com> * quell linter --------- Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com> Co-authored-by: Ignacio Hagopian <jsign.uy@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
chain blocks and other things in global state are stored in a single LevelDB table called "blockchain"
An attacker can reference objects stored in the DB by putting the hash of the key in a block, e.g. a malicious miner can put a parent hash in an advertised block which is the hash of a key of another object in the DB, causing the Go client to fetch it.
This attack vector can lead to consensus forks due to unexpected behavior when an attacker forces reference to objects in invalid contexts.
Fix: use separate LevelDB table for each object type
STATUS: FIXED
The text was updated successfully, but these errors were encountered: