From 17279f261b042cdec320ca2a7d1c99b70408e916 Mon Sep 17 00:00:00 2001
From: tersec <tersec@users.noreply.github.com>
Date: Thu, 28 Mar 2024 03:32:33 +0000
Subject: [PATCH 1/2] detect invalid REST blocks (#6152)

---
 beacon_chain/rpc/rest_beacon_api.nim | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/beacon_chain/rpc/rest_beacon_api.nim b/beacon_chain/rpc/rest_beacon_api.nim
index a170b296f..5774bdf41 100644
--- a/beacon_chain/rpc/rest_beacon_api.nim
+++ b/beacon_chain/rpc/rest_beacon_api.nim
@@ -129,6 +129,21 @@ proc toString*(kind: ValidatorFilterKind): string =
   of ValidatorFilterKind.WithdrawalDone:
     "withdrawal_done"
 
+func checkRestBlockBlobsValid(
+    forkyBlck: deneb.SignedBeaconBlock | electra.SignedBeaconBlock,
+    kzg_proofs: KzgProofs,
+    blobs: Blobs): Result[void, string] =
+  if kzg_proofs.len != blobs.len:
+    return err("Invalid block publish: " & $kzg_proofs.len & " KZG proofs and " &
+      $blobs.len & " blobs")
+
+  if kzg_proofs.len != forkyBlck.message.body.blob_kzg_commitments.len:
+    return err("Invalid block publish: " & $kzg_proofs.len &
+      " KZG proofs and " & $forkyBlck.message.body.blob_kzg_commitments.len &
+      " KZG commitments")
+
+  ok()
+
 proc installBeaconApiHandlers*(router: var RestRouter, node: BeaconNode) =
   # https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4881.md
   router.api2(MethodGet, "/eth/v1/beacon/deposit_snapshot") do (
@@ -920,6 +935,12 @@ proc installBeaconApiHandlers*(router: var RestRouter, node: BeaconNode) =
         of ConsensusFork.Deneb:
           var blck = restBlock.denebData.signed_block
           blck.root = hash_tree_root(blck.message)
+
+          let validity = checkRestBlockBlobsValid(
+            blck, restBlock.denebData.kzg_proofs, restBlock.denebData.blobs)
+          if validity.isErr:
+            return RestApiResponse.jsonError(Http400, validity.error)
+
           await node.router.routeSignedBeaconBlock(
             blck, Opt.some(blck.create_blob_sidecars(
               restBlock.denebData.kzg_proofs, restBlock.denebData.blobs)))
@@ -996,6 +1017,12 @@ proc installBeaconApiHandlers*(router: var RestRouter, node: BeaconNode) =
         of ConsensusFork.Deneb:
           var blck = restBlock.denebData.signed_block
           blck.root = hash_tree_root(blck.message)
+
+          let validity = checkRestBlockBlobsValid(
+            blck, restBlock.denebData.kzg_proofs, restBlock.denebData.blobs)
+          if validity.isErr:
+            return RestApiResponse.jsonError(Http400, validity.error)
+
           await node.router.routeSignedBeaconBlock(
             blck, Opt.some(blck.create_blob_sidecars(
               restBlock.denebData.kzg_proofs, restBlock.denebData.blobs)))

From b21bc1d478028e45a28ffbb40f6e0ad70ff75754 Mon Sep 17 00:00:00 2001
From: tersec <tersec@users.noreply.github.com>
Date: Thu, 28 Mar 2024 05:23:23 +0000
Subject: [PATCH 2/2] Version v24.3.0

---
 CHANGELOG.md             | 37 +++++++++++++++++++++++++++++++++++++
 beacon_chain/version.nim |  4 ++--
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f78dc8b1e..92bbe399e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,40 @@
+2024-03-28 v24.3.0
+==================
+
+Nimbus `v24.3.0` is a `low-urgency` upgrade bringing additional beacon API support and resilience to suboptimal network conditions.
+
+### Improvements
+
+* Add keymanager API graffiti endpoints:
+  https://github.com/status-im/nimbus-eth2/pull/6054
+
+* Remember gossip messages longer to avoid potentially slow handling of irrelevant messages:
+  https://github.com/status-im/nimbus-eth2/pull/6098
+
+* Nimbus processes blocks with deposits in a more optimized way:
+  https://github.com/status-im/nimbus-eth2/pull/5982
+
+* Fork choice performance during periods of nonfinality has been improved:
+  https://github.com/status-im/nimbus-eth2/pull/6076
+
+* Nimbus will continue validating even without external chain progression:
+  https://github.com/status-im/nimbus-eth2/pull/6101
+
+* Locally built blocks via the engine API are preferentially selected by default over similarly valuable builder API blocks:
+  https://github.com/status-im/nimbus-eth2/pull/6103
+
+### Fixes
+
+* Add required header `eth-consensus-block-value` in produceBlockV3 REST beacon API call in beacon node:
+  https://github.com/status-im/nimbus-eth2/pull/5873
+
+* Restore usage of certain mainnet bootstrap nodes to enable faster and more reliable node connectivity at startup:
+  https://github.com/status-im/nimbus-eth2/pull/6052
+
+* The network configuration `INACTIVITY_SCORE_RECOVERY_RATE` can now be overridden:
+  https://github.com/status-im/nimbus-eth2/pull/6091
+
+
 2023-02-27 v24.2.2
 ==================
 
diff --git a/beacon_chain/version.nim b/beacon_chain/version.nim
index 569363516..1f18709ef 100644
--- a/beacon_chain/version.nim
+++ b/beacon_chain/version.nim
@@ -18,8 +18,8 @@ const
     "Copyright (c) 2019-" & compileYear & " Status Research & Development GmbH"
 
   versionMajor* = 24
-  versionMinor* = 2
-  versionBuild* = 2
+  versionMinor* = 3
+  versionBuild* = 0
 
   versionBlob* = "stateofus" # Single word - ends up in the default graffiti