check signatures in CP sync backfill with LC (#4858)

When using trusted node sync with light client (`--trusted-block-root`), the trust assumption on the server is reduced to solely be responsible for data availability, but not data correctness. This means that we must check block proposer signatures against the downloaded checkpoint, as they are not covered by the block root. Note that this lowers the backfill speed when using LC based CP sync due to the extra checks, by about 60% for me.
2023-04-26 13:37:27 +02:00 · 2023-04-26 13:37:27 +02:00 · c4e258af2a
parent 1ccb36b272
commit c4e258af2a
1 changed files with 11 additions and 1 deletions
--- a/beacon_chain/trusted_node_sync.nim
+++ b/beacon_chain/trusted_node_sync.nim
@ -475,7 +475,17 @@ proc doTrustedNodeSync*(
          data = blck.get()

        withBlck(data[]):
-          if (let res = dag.addBackfillBlock(blck.asSigVerified()); res.isErr()):
+          let res =
+            case syncTarget.kind
+            of TrustedNodeSyncKind.TrustedBlockRoot:
+              # Trust-minimized sync: the server is only trusted for
+              # data availability, responses must be verified
+              dag.addBackfillBlock(blck)
+            of TrustedNodeSyncKind.StateId:
+              # The server is fully trusted to provide accurate data;
+              # it could have provided a malicious state
+              dag.addBackfillBlock(blck.asSigVerified())
+          if res.isErr():
            case res.error()
            of VerifierError.Invalid,
                VerifierError.MissingParent,