Skip to content

feat: handle DoS node by sending block #475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yiweichi wants to merge 17 commits into
base: main
Choose a base branch
from
Open

feat: handle DoS node by sending block #475

yiweichi wants to merge 17 commits into from
+526 −338

Conversation

@yiweichi
Copy link
Member

@yiweichi yiweichi commented Jan 12, 2026
edited
Loading

Problem

Malicious peers can DoS the node by sending old blocks.

Solution

Two-layer defense:

  1. Finalized Block Protection
    if block_number <= finalized_height { penalize(peer); // Immediately reject}
  2. Duplicate Block Detection
    // Cache recent blocks per peerif peer_already_sent_this_block { penalize(peer); // DoS detected }

Fixes #307

@codspeed-hq
Copy link

codspeed-hq bot commented Jan 12, 2026
edited
Loading

Merging this PR will not alter performance

✅ 2 untouched benchmarks

Comparing feat-penalize-peer-on-duplicate-block (624e663) with main (b77ae04)

Open in CodSpeed

@yiweichi yiweichi changed the title feat: penalize peer on duplicate block feat: handle DoS node by sending block Jan 19, 2026
@yiweichi yiweichi requested a review from frisitano January 19, 2026 08:46
frisitano
frisitano reviewed Jan 19, 2026
View reviewed changes
Copy link
Collaborator

@frisitano frisitano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Added a few comments inline. Can you add some test cases, please?

I'm also wondering if we can simplify the logic a bit. The idea would be that if we have a connection with a peer over scroll-wire, then we should only gossip on scroll-wire. If we don't have a scroll-wire connection, then we use eth-wire. I think this should allow us to consolidate the block cache per peer into a single cache.

@yiweichi yiweichi requested a review from frisitano January 30, 2026 07:52
frisitano
frisitano reviewed Jan 30, 2026
View reviewed changes
Copy link
Collaborator

@frisitano frisitano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addeed some comments inline.

frisitano
frisitano reviewed Jan 30, 2026
View reviewed changes
@yiweichi yiweichi requested a review from frisitano January 30, 2026 13:11
frisitano
frisitano reviewed Jan 30, 2026
View reviewed changes
frisitano
frisitano previously approved these changes Jan 30, 2026
View reviewed changes
@yiweichi
Copy link
Member Author

yiweichi commented Jan 30, 2026

I'm planing to build a v1.0.7-rc0 image and deploy it on sepolia reth-rpc-0, then keep an eyes on the connected peer of it, do you think that make sense? @frisitano

@yiweichi yiweichi requested a review from frisitano January 30, 2026 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frisitano frisitano frisitano approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Network] Penalize peer if they send us duplicate block

3 participants

@yiweichi @frisitano