nimbus-eth2/beacon_chain/gossip_processing
Jacek Sieka 62cbdeefc5
verify `genesis_time` more strictly (fixes #1667) (#5694)
Bogus values lead to crashes down the line when timers overflow
2024-01-06 15:26:56 +01:00
..
README.md consensus spec v1.4.0-beta.5 URL updates (#5672) 2023-12-16 03:27:06 +01:00
batch_validation.nim verify `genesis_time` more strictly (fixes #1667) (#5694) 2024-01-06 15:26:56 +01:00
block_processor.nim verify `genesis_time` more strictly (fixes #1667) (#5694) 2024-01-06 15:26:56 +01:00
eth2_processor.nim verify `genesis_time` more strictly (fixes #1667) (#5694) 2024-01-06 15:26:56 +01:00
gossip_validation.nim verify `genesis_time` more strictly (fixes #1667) (#5694) 2024-01-06 15:26:56 +01:00
light_client_processor.nim verify `genesis_time` more strictly (fixes #1667) (#5694) 2024-01-06 15:26:56 +01:00
optimistic_processor.nim verify `genesis_time` more strictly (fixes #1667) (#5694) 2024-01-06 15:26:56 +01:00

README.md

Gossip Processing

This folder holds a collection of modules to:

  • validate raw gossip data before
    • rebroadcasting it (potentially aggregated)
    • sending it to one of the consensus object pools

Validation

Gossip validation is different from consensus verification in particular for blocks.

There are multiple consumers of validated consensus objects:

  • a ValidationResult.Accept output triggers rebroadcasting in libp2p
    • We jump into method validate(PubSub, Message) in libp2p/protocols/pubsub/pubsub.nim
    • which was called by rpcHandler(GossipSub, PubSubPeer, RPCMsg)
  • a blockValidator message enqueues the validated object to the processing queue in block_processor
    • blockQueue: AsyncQueue[BlockEntry] (shared with request_manager and sync_manager)
    • This queue is then regularly processed to be made available to the consensus object pools.
  • a xyzValidator message adds the validated object to a pool in eth2_processor
    • Attestations (unaggregated and aggregated) get collected into batches.
    • Once a threshold is exceeded or after a timeout, they get validated together using BatchCrypto.

Security concerns

As the first line of defense in Nimbus, modules must be able to handle bursts of data that may come:

  • from malicious nodes trying to DOS us
  • from long periods of non-finality, creating lots of forks, attestations