From 2b214175d5001b3022321cb0bfcacb13a4ab0d0d Mon Sep 17 00:00:00 2001
From: 0xMushow <105550256+0xMushow@users.noreply.github.com>
Date: Mon, 23 Feb 2026 06:02:56 +0400
Subject: [PATCH] Enforce stricter checks on certain constants (#8500)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Which issue # does this PR address?
None


  All of these are performing a check, and adding a batch, or creating a new lookup, or a new query, etc..
Hence all of these limits would be off by one.

Example:

```rust
// BACKFILL_BATCH_BUFFER_SIZE = 5
if self.batches.iter().filter(...).count() >= BACKFILL_BATCH_BUFFER_SIZE {
return None;  // ← REJECT
}
// ... later adds batch via Entry::Vacant(entry).insert(...)
```

Without the `>` being changed to a `>=` , we would allow 6. The same idea applies to all changes proposed.


Co-Authored-By: Antoine James <antoine@ethereum.org>

Co-Authored-By: Jimmy Chen <jimmy@sigmaprime.io>

Co-Authored-By: Jimmy Chen <jchen.tc@gmail.com>
---
 beacon_node/lighthouse_network/src/discovery/mod.rs       | 2 +-
 beacon_node/network/src/sync/backfill_sync/mod.rs         | 2 +-
 beacon_node/network/src/sync/block_lookups/mod.rs         | 2 +-
 beacon_node/network/src/sync/custody_backfill_sync/mod.rs | 2 +-
 beacon_node/network/src/sync/network_context/custody.rs   | 2 +-
 beacon_node/network/src/sync/range_sync/chain.rs          | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/beacon_node/lighthouse_network/src/discovery/mod.rs b/beacon_node/lighthouse_network/src/discovery/mod.rs
index 38a6a84b44..21b1146aff 100644
--- a/beacon_node/lighthouse_network/src/discovery/mod.rs
+++ b/beacon_node/lighthouse_network/src/discovery/mod.rs
@@ -674,7 +674,7 @@ impl<E: EthSpec> Discovery<E> {
     /// updates the min_ttl field.
     fn add_subnet_query(&mut self, subnet: Subnet, min_ttl: Option<Instant>, retries: usize) {
         // remove the entry and complete the query if greater than the maximum search count
-        if retries > MAX_DISCOVERY_RETRY {
+        if retries >= MAX_DISCOVERY_RETRY {
             debug!("Subnet peer discovery did not find sufficient peers. Reached max retry limit");
             return;
         }
diff --git a/beacon_node/network/src/sync/backfill_sync/mod.rs b/beacon_node/network/src/sync/backfill_sync/mod.rs
index 9802ec56a1..7ef72c7f3a 100644
--- a/beacon_node/network/src/sync/backfill_sync/mod.rs
+++ b/beacon_node/network/src/sync/backfill_sync/mod.rs
@@ -1071,7 +1071,7 @@ impl<T: BeaconChainTypes> BackFillSync<T> {
             .iter()
             .filter(|&(_epoch, batch)| in_buffer(batch))
             .count()
-            > BACKFILL_BATCH_BUFFER_SIZE as usize
+            >= BACKFILL_BATCH_BUFFER_SIZE as usize
         {
             return None;
         }
diff --git a/beacon_node/network/src/sync/block_lookups/mod.rs b/beacon_node/network/src/sync/block_lookups/mod.rs
index cbf65505ef..394f2fc37d 100644
--- a/beacon_node/network/src/sync/block_lookups/mod.rs
+++ b/beacon_node/network/src/sync/block_lookups/mod.rs
@@ -398,7 +398,7 @@ impl<T: BeaconChainTypes> BlockLookups<T> {
 
         // Lookups contain untrusted data, bound the total count of lookups hold in memory to reduce
         // the risk of OOM in case of bugs of malicious activity.
-        if self.single_block_lookups.len() > MAX_LOOKUPS {
+        if self.single_block_lookups.len() >= MAX_LOOKUPS {
             warn!(?block_root, "Dropping lookup reached max");
             return false;
         }
diff --git a/beacon_node/network/src/sync/custody_backfill_sync/mod.rs b/beacon_node/network/src/sync/custody_backfill_sync/mod.rs
index fa8b70c8b4..a964ad9a3c 100644
--- a/beacon_node/network/src/sync/custody_backfill_sync/mod.rs
+++ b/beacon_node/network/src/sync/custody_backfill_sync/mod.rs
@@ -422,7 +422,7 @@ impl<T: BeaconChainTypes> CustodyBackFillSync<T> {
             .iter()
             .filter(|&(_epoch, batch)| in_buffer(batch))
             .count()
-            > BACKFILL_BATCH_BUFFER_SIZE as usize
+            >= BACKFILL_BATCH_BUFFER_SIZE as usize
         {
             return None;
         }
diff --git a/beacon_node/network/src/sync/network_context/custody.rs b/beacon_node/network/src/sync/network_context/custody.rs
index de5d9b6e0b..ae0eee9964 100644
--- a/beacon_node/network/src/sync/network_context/custody.rs
+++ b/beacon_node/network/src/sync/network_context/custody.rs
@@ -239,7 +239,7 @@ impl<T: BeaconChainTypes> ActiveCustodyRequest<T> {
             if let Some(wait_duration) = request.is_awaiting_download() {
                 // Note: an empty response is considered a successful response, so we may end up
                 // retrying many more times than `MAX_CUSTODY_COLUMN_DOWNLOAD_ATTEMPTS`.
-                if request.download_failures > MAX_CUSTODY_COLUMN_DOWNLOAD_ATTEMPTS {
+                if request.download_failures >= MAX_CUSTODY_COLUMN_DOWNLOAD_ATTEMPTS {
                     return Err(Error::TooManyFailures);
                 }
 
diff --git a/beacon_node/network/src/sync/range_sync/chain.rs b/beacon_node/network/src/sync/range_sync/chain.rs
index d67d6468a9..25ea1af76a 100644
--- a/beacon_node/network/src/sync/range_sync/chain.rs
+++ b/beacon_node/network/src/sync/range_sync/chain.rs
@@ -1277,7 +1277,7 @@ impl<T: BeaconChainTypes> SyncingChain<T> {
             .iter()
             .filter(|&(_epoch, batch)| in_buffer(batch))
             .count()
-            > BATCH_BUFFER_SIZE as usize
+            >= BATCH_BUFFER_SIZE as usize
         {
             return None;
         }