From c4e258af2a06d412bd90c0b0f55c658c4749b463 Mon Sep 17 00:00:00 2001
From: Etan Kissling <etan@status.im>
Date: Wed, 26 Apr 2023 13:37:27 +0200
Subject: [PATCH] check signatures in CP sync backfill with LC (#4858)

When using trusted node sync with light client (`--trusted-block-root`),
the trust assumption on the server is reduced to solely be responsible
for data availability, but not data correctness. This means that we must
check block proposer signatures against the downloaded checkpoint, as
they are not covered by the block root.

Note that this lowers the backfill speed when using LC based CP sync
due to the extra checks, by about 60% for me.
---
 beacon_chain/trusted_node_sync.nim | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/beacon_chain/trusted_node_sync.nim b/beacon_chain/trusted_node_sync.nim
index 18d48adf4..4a4dd4cfd 100644
--- a/beacon_chain/trusted_node_sync.nim
+++ b/beacon_chain/trusted_node_sync.nim
@@ -475,7 +475,17 @@ proc doTrustedNodeSync*(
           data = blck.get()
 
         withBlck(data[]):
-          if (let res = dag.addBackfillBlock(blck.asSigVerified()); res.isErr()):
+          let res =
+            case syncTarget.kind
+            of TrustedNodeSyncKind.TrustedBlockRoot:
+              # Trust-minimized sync: the server is only trusted for
+              # data availability, responses must be verified
+              dag.addBackfillBlock(blck)
+            of TrustedNodeSyncKind.StateId:
+              # The server is fully trusted to provide accurate data;
+              # it could have provided a malicious state
+              dag.addBackfillBlock(blck.asSigVerified())
+          if res.isErr():
             case res.error()
             of VerifierError.Invalid,
                 VerifierError.MissingParent,