Synchronously check all transactions to have non-zero length
#3885
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As part of `newPayload` block hash verification, the `transactionsRoot` is computed by the EL. Because Merkle-Patricia Tries cannot contain `[]` entries, MPT implementations typically treat setting a key to `[]` as deleting the entry for the key. This means that if a CL receives a block with `transactions` containing one or more zero-length transactions, that such transactions will effectively be skipped when computing the `transactionsRoot`. Note that `transactions` are opaque to the CL and zero-length transactions are not filtered out before `newPayload`. ```python # https://eips.ethereum.org/EIPS/eip-2718 def compute_trie_root_from_indexed_data(data): """ Computes the root hash of `patriciaTrie(rlp(Index) => Data)` for a data array. """ t = HexaryTrie(db={}) for i, obj in enumerate(data): k = encode(i, big_endian_int) t.set(k, obj) # Implicitly skipped if `obj == b''` (invalid RLP) return t.root_hash ``` In any case, the `blockHash` validation may still succeed, resulting in a potential `SYNCING/ACCEPTED` result to `newPayload` by spec. Note, however, that there is an effective hash collision if a payload is modified by appending one or more zero-length transactions to the end of `transactions` list: In the trivial case, a block with zero transactions has the same `transactionsRoot` (and `blockHash`) as one of a block with one `[]` transaction (as that one is skipped). This means that the same `blockHash` can refer to a valid block (without extra `[]` transactions added), but also can refer to an invalid block. Because `forkchoiceUpdated` refers to blocks by `blockHash`, outcome may be nondeterministic and implementation dependent. If `forkchoiceUpdated` deems the `blockHash` to refer to a `VALID` object (obtained from a src that does not have the extra `[]` transactions, e.g., devp2p), then this could result in honest attestations to a CL beacon block with invalid `[]` transactions in its `ExecutionPayload`, risking finalizing it. The problem can be avoided by returning `INVALID` in `newPayload` if there are any zero-length `transactions` entries, preventing optimistic import of such blocks by the CL.
etan-status
added a commit
to status-im/nimbus-eth2
that referenced
this pull request
Aug 14, 2024
Reject blocks with zero length transactions early when no EL connected. - ethereum/consensus-specs#3885
etan-status
added a commit
to status-im/nimbus-eth2
that referenced
this pull request
Aug 16, 2024
Reject blocks with zero length transactions early when no EL connected. - ethereum/consensus-specs#3885
etan-status
force-pushed
the
bf-emptytxspec
branch
from
f29161c
to
c746890
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As part of
newPayloadblock hash verification, thetransactionsRootis computed by the EL. Because Merkle-Patricia Tries cannot contain[]entries, MPT implementations typically treat setting a key to[]as deleting the entry for the key. This means that if a CL receives a block withtransactionscontaining one or more zero-length transactions, that such transactions will effectively be skipped when computing thetransactionsRoot. Note thattransactionsare opaque to the CL and zero-length transactions are not filtered out beforenewPayload.In any case, the
blockHashvalidation may still succeed, resulting in a potentialSYNCING/ACCEPTEDresult tonewPayloadby spec.Note, however, that there is an effective hash collision if a payload is modified by appending one or more zero-length transactions to the end of
transactionslist: In the trivial case, a block with zero transactions has the sametransactionsRoot(andblockHash) as one of a block with one[]transaction (as that one is skipped).This means that the same
blockHashcan refer to a valid block (without extra[]transactions added), but also can refer to an invalid block. BecauseforkchoiceUpdatedrefers to blocks byblockHash, outcome may be nondeterministic and implementation dependent. IfforkchoiceUpdateddeems theblockHashto refer to aVALIDobject (obtained from a src that does not have the extra[]transactions, e.g., devp2p), then this could result in honest attestations to a CL beacon block with invalid[]transactions in itsExecutionPayload, risking finalizing it.The problem can be avoided by returning
INVALIDinnewPayloadif there are any zero-lengthtransactionsentries, preventing optimistic import of such blocks by the CL.