Prevent large step-size parameters (#1583)

## Issue Addressed Malicious users could request very large block ranges, more than we expect. Although technically legal, we are now quadraticaly weighting large step sizes in the filter. Therefore users may request large skips, but not a large number of blocks, to prevent requests forcing us to do long chain lookups. ## Proposed Changes Weight the step parameter in the RPC filter and prevent any overflows that effect us in the step parameter. ## Additional Info
2026-03-10 04:01:51 +00:00 · 2020-09-11 02:33:36 +00:00
parent 7f1b936905
commit c6abc56113
2 changed files with 45 additions and 15 deletions
--- a/beacon_node/network/src/router/processor.rs
+++ b/beacon_node/network/src/router/processor.rs
@@ -374,22 +374,29 @@ impl<T: BeaconChainTypes> Processor<T> {
            }
        };

-        // pick out the required blocks, ignoring skip-slots and stepping by the step parameter;
+        // Pick out the required blocks, ignoring skip-slots and stepping by the step parameter.
+        //
+        // NOTE: We don't mind if req.count * req.step overflows as it just ends the iterator early and
+        // the peer will get less blocks.
+        // The step parameter is quadratically weighted in the filter, so large values should be
+        // prevented before reaching this point.
        let mut last_block_root = None;
        let maybe_block_roots = process_results(forwards_block_root_iter, |iter| {
-            iter.take_while(|(_, slot)| slot.as_u64() < req.start_slot + req.count * req.step)
-                // map skip slots to None
-                .map(|(root, _)| {
-                    let result = if Some(root) == last_block_root {
-                        None
-                    } else {
-                        Some(root)
-                    };
-                    last_block_root = Some(root);
-                    result
-                })
-                .step_by(req.step as usize)
-                .collect::<Vec<Option<Hash256>>>()
+            iter.take_while(|(_, slot)| {
+                slot.as_u64() < req.start_slot.saturating_add(req.count * req.step)
+            })
+            // map skip slots to None
+            .map(|(root, _)| {
+                let result = if Some(root) == last_block_root {
+                    None
+                } else {
+                    Some(root)
+                };
+                last_block_root = Some(root);
+                result
+            })
+            .step_by(req.step as usize)
+            .collect::<Vec<Option<Hash256>>>()
        });

        let block_roots = match maybe_block_roots {