Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

network/tx: Ban peers with tx that fail to decode #5002

Merged
merged 1 commit into from
Jul 15, 2024

Conversation

lexnv
Copy link
Contributor

@lexnv lexnv commented Jul 11, 2024

A malicious peer can submit random bytes on transaction protocol.
In this case, the peer is not disconnected or reported back to the peerstore.

This PR ensures the peer's reputation is properly reported.

Discovered during testing:

cc @paritytech/networking

@lexnv lexnv added A1-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). R0-silent Changes should not be mentioned in any release notes I5-enhancement An additional feature request. D0-easy Can be fixed primarily by duplicating and adapting code by an intermediate coder. labels Jul 11, 2024
@lexnv lexnv self-assigned this Jul 11, 2024
@bkchr bkchr requested a review from skunert July 11, 2024 22:20
@lexnv lexnv added this pull request to the merge queue Jul 15, 2024
Merged via the queue into master with commit d2dff5f Jul 15, 2024
170 of 174 checks passed
@lexnv lexnv deleted the lexnv/report-bad-peer branch July 15, 2024 08:58
ordian added a commit that referenced this pull request Jul 15, 2024
* master: (120 commits)
  network/tx: Ban peers with tx that fail to decode (#5002)
  Try State Hook for Bounties (#4563)
  [statement-distribution] Add metrics for distributed statements in V2 (#4554)
  added sync command (#4818)
  Bridges V2 refactoring backport and `pallet_bridge_messages` simplifications (#4935)
  xcm-executor: Improve logging (#4996)
  Remove usage of `sp-std` on templates (#5001)
  fixed cmd bot commenting not working (#5000)
  Explain usage of `<T: Config>` in FRAME storage + Update parachain pallet template  (#4941)
  Expose metadata-hash feature from polkadot crate (#4886)
  Add `MAX_INSTRUCTIONS_TO_DECODE` to XCMv2 (#4978)
  add notices to the implementer's guide docs that changed for elastic scaling (#4983)
  `polkadot-parachain` simplifications and deduplications (#4916)
  Update Templates README docs (#4980)
  allow clear_origin in safe xcm builder (#4777)
  litep2p/peerstore: Fix bump last updated time (#4971)
  Make `tracing::log` work in the runtime (#4863)
  sp-core: Improve docs generated by `generate_feature_enabled_macro` (#4968)
  [Backport] Version bumps  and  prdocs reordering from 1.14.0 (#4955)
  Assets: can_decrease/increase for destroying asset is not successful (#3286)
  ...
jpserrat pushed a commit to jpserrat/polkadot-sdk that referenced this pull request Jul 18, 2024
A malicious peer can submit random bytes on transaction protocol.
In this case, the peer is not disconnected or reported back to the
peerstore.

This PR ensures the peer's reputation is properly reported.

Discovered during testing:
- paritytech#4977


cc @paritytech/networking

Signed-off-by: Alexandru Vasile <[email protected]>
ordian added a commit that referenced this pull request Jul 18, 2024
* master: (125 commits)
  add elastic scaling MVP guide (#4663)
  Send PeerViewChange with high priority (#4755)
  [ci] Update forklift in CI image (#5032)
  Adjust base value for statement-distribution regression tests (#5028)
  [pallet_contracts] Add support for transient storage in contracts host functions (#4566)
  [1 / 5] Optimize logic for gossiping assignments (#4848)
  Remove `pallet-getter` usage from pallet-session (#4972)
  command-action: added scoped permissions to the github tokens (#5016)
  net/litep2p: Propagate ValuePut events to the network backend (#5018)
  rpc: add back rpc logger (#4952)
  Updated substrate-relay version for tests (#5017)
  Remove most all usage of `sp-std` (#5010)
  Use sp_runtime::traits::BadOrigin (#5011)
  network/tx: Ban peers with tx that fail to decode (#5002)
  Try State Hook for Bounties (#4563)
  [statement-distribution] Add metrics for distributed statements in V2 (#4554)
  added sync command (#4818)
  Bridges V2 refactoring backport and `pallet_bridge_messages` simplifications (#4935)
  xcm-executor: Improve logging (#4996)
  Remove usage of `sp-std` on templates (#5001)
  ...
TarekkMA pushed a commit to moonbeam-foundation/polkadot-sdk that referenced this pull request Aug 2, 2024
A malicious peer can submit random bytes on transaction protocol.
In this case, the peer is not disconnected or reported back to the
peerstore.

This PR ensures the peer's reputation is properly reported.

Discovered during testing:
- paritytech#4977


cc @paritytech/networking

Signed-off-by: Alexandru Vasile <[email protected]>
ordian added a commit that referenced this pull request Aug 6, 2024
* master: (130 commits)
  add elastic scaling MVP guide (#4663)
  Send PeerViewChange with high priority (#4755)
  [ci] Update forklift in CI image (#5032)
  Adjust base value for statement-distribution regression tests (#5028)
  [pallet_contracts] Add support for transient storage in contracts host functions (#4566)
  [1 / 5] Optimize logic for gossiping assignments (#4848)
  Remove `pallet-getter` usage from pallet-session (#4972)
  command-action: added scoped permissions to the github tokens (#5016)
  net/litep2p: Propagate ValuePut events to the network backend (#5018)
  rpc: add back rpc logger (#4952)
  Updated substrate-relay version for tests (#5017)
  Remove most all usage of `sp-std` (#5010)
  Use sp_runtime::traits::BadOrigin (#5011)
  network/tx: Ban peers with tx that fail to decode (#5002)
  Try State Hook for Bounties (#4563)
  [statement-distribution] Add metrics for distributed statements in V2 (#4554)
  added sync command (#4818)
  Bridges V2 refactoring backport and `pallet_bridge_messages` simplifications (#4935)
  xcm-executor: Improve logging (#4996)
  Remove usage of `sp-std` on templates (#5001)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A1-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). D0-easy Can be fixed primarily by duplicating and adapting code by an intermediate coder. I5-enhancement An additional feature request. R0-silent Changes should not be mentioned in any release notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants