In process_chunk_state_witness there's a check if the ChunkStateWitness is correct, and if the witness is invalid, the peer who directly sent this message is banned. The problem is this is a routed message which might not be sent by this peer, it could've just forwarded it, so it isn't responsible for invalid messages and shouldn't be banned.
Affected parties
Innocent nodes that forwarded an invalid ChunkStateWitness might get banned by a peer.
Bug Report
Overview
In
process_chunk_state_witnessthere's a check if theChunkStateWitnessis correct, and if the witness is invalid, the peer who directly sent this message is banned. The problem is this is a routed message which might not be sent by this peer, it could've just forwarded it, so it isn't responsible for invalid messages and shouldn't be banned.Affected parties
Innocent nodes that forwarded an invalid
ChunkStateWitnessmight get banned by a peer.Impact
Innocent nodes getting banned
[Optional] Code reference
https://github.com/near/nearcore/blob/cd7dd0521984afc68996fbbfbbab97a78550b02f/chain/client/src/stateless_validation/chunk_validator.rs#L142
https://github.com/near/nearcore/blob/cd7dd0521984afc68996fbbfbbab97a78550b02f/chain/network/src/peer/peer_actor.rs#L1038
[Optional] Suggested fix
Ban the chunk producer instead of the peer that forwarded the message