dbft: do not relay extensibles if unable to validate sender

It's easy to spam the network via syncing node since it's not able to
validate consensus messages. Thus, do not relay dBFT extensible if the
node isn't able to properly verify it.

Signed-off-by: Anna Shaleva <[email protected]>

Author: AnnaShaleva

consensus/dbft/dbft.go

@@ -1517,19 +1517,21 @@ func (c *DBFT) validatePayload(p *Payload) error {
 
 // IsExtensibleAllowed determines if address is allowed to send extensible payloads
 // (only consensus payloads for now) at the specified height.
-func (c *DBFT) IsExtensibleAllowed(h uint64, u common.Address) bool {
+func (c *DBFT) IsExtensibleAllowed(h uint64, u common.Address) error {
 	// Can't verify extensible sender if the node has an outdated state.
 	if c.syncing.Load() {
-		return true
+		return dbftproto.ErrSyncing
 	}
 	// Only validators are included into extensible whitelist for now.
 	validators, err := c.getValidators(&h, nil, nil)
 	if err != nil {
-		return false
+		return fmt.Errorf("failed to get validators: %w", err)
 	}
 	n := sort.Search(len(validators), func(i int) bool { return validators[i].Cmp(u) >= 0 })
-	res := n < len(validators)
-	return res
+	if n >= len(validators) {
+		return fmt.Errorf("address is not a validator")
+	}
+	return nil
 }
 
 func (c *DBFT) newPayload(ctx *dbft.Context[common.Hash], t dbft.MessageType, msg any) dbft.ConsensusPayload[common.Hash] {

eth/backend.go

@@ -276,7 +276,7 @@ func New(stack *node.Node, config *ethconfig.Config) (*Ethereum, error) {
 	var (
 		bft                 *dbft.DBFT
 		onPayload           func(*dbftproto.Message) error
-		isExtensibleAllowed func(uint64, common.Address) bool
+		isExtensibleAllowed func(uint64, common.Address) error
 	)
 	switch t := eth.engine.(type) {
 	case *dbft.DBFT:

eth/protocols/dbft/handler.go

@@ -34,6 +34,10 @@ const (
 	maxMessageSize = 4 * 1024 * 1024
 )
 
+// ErrSyncing is returned when operation can't be performed due to the fact that
+// the node is in the process of chain sync.
+var ErrSyncing = errors.New("node is syncing")
+
 var (
 	errMsgTooLarge    = errors.New("message too long")
 	errDecode         = errors.New("invalid message")

eth/protocols/dbft/ledger.go

@@ -10,10 +10,10 @@ import (
 
 type ledger struct {
 	bc                  BlockChainAPI
-	isExtensibleAllowed func(height uint64, addr common.Address) bool
+	isExtensibleAllowed func(height uint64, addr common.Address) error
 }
 
-func newLedger(bc BlockChainAPI, isExtensibleAllowed func(uint64, common.Address) bool) *ledger {
+func newLedger(bc BlockChainAPI, isExtensibleAllowed func(uint64, common.Address) error) *ledger {
 	return &ledger{
 		bc:                  bc,
 		isExtensibleAllowed: isExtensibleAllowed,
@@ -24,6 +24,6 @@ func (l *ledger) BlockHeight() uint64 {
 	return uint64(l.bc.BlockNumber())
 }
 
-func (l *ledger) IsAddressAllowed(addr common.Address) bool {
+func (l *ledger) IsAddressAllowed(addr common.Address) error {
 	return l.isExtensibleAllowed(l.BlockHeight(), addr)
 }

eth/protocols/dbft/pool.go

@@ -14,7 +14,7 @@ import (
 // Ledger is enough of Blockchain to satisfy Pool.
 type Ledger interface {
 	BlockHeight() uint64
-	IsAddressAllowed(common.Address) bool
+	IsAddressAllowed(common.Address) error
 }
 
 // Pool represents a pool of extensible payloads.
@@ -90,8 +90,13 @@ func (p *Pool) verify(m *Message) (bool, error) {
 		}
 		return false, errInvalidHeight
 	}
-	if !p.chain.IsAddressAllowed(m.Sender) {
-		return false, errDisallowedSender
+	err = p.chain.IsAddressAllowed(m.Sender)
+	if err != nil {
+		// There's no reliable way to check sender for syncing node.
+		if errors.Is(err, ErrSyncing) {
+			return false, nil
+		}
+		return false, err
 	}
 	return true, nil
 }
@@ -120,7 +125,7 @@ func (p *Pool) RemoveStale(index uint64) {
 			old := elem
 			elem = elem.Next()
 
-			if m.ValidBlockEnd <= index || !p.chain.IsAddressAllowed(m.Sender) {
+			if m.ValidBlockEnd <= index || p.chain.IsAddressAllowed(m.Sender) != nil {
 				delete(p.verified, h)
 				lst.Remove(old)
 				continue

eth/protocols/dbft/service.go

@@ -36,7 +36,7 @@ type Service struct {
 }
 
 // New creates a new instance of [Service].
-func New(bc BlockChainAPI, onPayload func(*Message) error, isExtensibleAllowed func(uint64, common.Address) bool) *Service {
+func New(bc BlockChainAPI, onPayload func(*Message) error, isExtensibleAllowed func(uint64, common.Address) error) *Service {
 	poolLedger := newLedger(bc, isExtensibleAllowed)
 	return &Service{
 		bc:        bc,