Strict execution payload encoding #2533
Milestone
Comments
|
Milestone: Permissionless validators |
|
is someone working on this issue? If not, is it up for grabs? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem to Solve
Currently, octane encodes the execution payload obtained from engineAPI into the
MsgExecutionPayload.ExecutionPayloadfield as json bytes.Json is not strict, in the sense that arbitrary data can be added to json struct which will be ignored when unmarshalled. This provides an attack vector for malicious validators to inject arbitrary large data (up to max block size) into consensus chain blocks. Which could lead to range of operational and performance issues.
Proposed Solution
Use a strict serialization format like ssz or protobuf which has the added benefit of decreasing block sizes.
Or use json.Decoder.DisallowUnknownFields. Note this is tricky since geth does custom unmarshalling which bypasses
DisallowUnknownFieldsAdd backwards compatibility tests with supported geth versions
The text was updated successfully, but these errors were encountered: