This PR introduces a restrictions ID check into the handshake protocols.
When two nodes are handshaking on the Router or Gateway level, it is expected that they transmit in their ChallengeResponse messages a copy of their current restrictions ID to their peer, who subsequently checks and enforces that the restrictions ID matches what they expect from their node.
As such, going forward, the following node types are responsible to adhere to the same restrictions list:
NodeType::Validator
NodeType::Client
Of note, as provers do not validate transitions or transactions, they do not carry ledger state and thus are not subject to the restrictions list. Note that it is critical for clients to also perform the same validation as the validators because the validator rely upon core clients to assist with validation and propagation of transactions to the validators' memory pools.
This design is defined by the foundation to require all handshake connections to enforce the current restrictions ID to be correct and matching at the time of connection; however, it doesn't require consensus to enforce a matching restrictions ID at the time of use.
Motivation
This PR introduces a restrictions ID check into the handshake protocols.
When two nodes are handshaking on the Router or Gateway level, it is expected that they transmit in their ChallengeResponse messages a copy of their current restrictions ID to their peer, who subsequently checks and enforces that the restrictions ID matches what they expect from their node.
As such, going forward, the following node types are responsible to adhere to the same restrictions list:
Of note, as provers do not validate transitions or transactions, they do not carry ledger state and thus are not subject to the restrictions list. Note that it is critical for clients to also perform the same validation as the validators because the validator rely upon core clients to assist with validation and propagation of transactions to the validators' memory pools.
This design is defined by the foundation to require all handshake connections to enforce the current restrictions ID to be correct and matching at the time of connection; however, it doesn't require consensus to enforce a matching restrictions ID at the time of use.
This PR builds on top of https://github.com/AleoNet/snarkVM/pull/2487 in snarkVM, which introduces the concept of the restrictions list for programs, functions, and arguments.
Related PRs
Reviewed here: https://github.com/ProvableHQ/snarkOS/pull/14 CI passed