Closed yangby-cryptape closed 1 year ago
Let $N_{last}$ denote the constant LAST_N_BLOCKS.
LAST_N_BLOCKS
Let $n{k}$ denote the block number of block $B{k}$.
Suppose there are follow steps:
Start a light client C.
C
C connected to a CKB node N.
N
C gets last state of block $B_{1}$ and its proof from N.
And C saves $N_{last}$ last-N headers in its storage.
The last state from N changes to a fork chain which last state is block $B_{2}$.
And the last common ancestor for block $B{1}$ and block $B{2}$ is $B_{fork}$.
When $n{1} \gt n{fork} + N{last}$, the client couldn't have the header of $B{fork}$.
Then we couldn't know whether the fork chain is valid, because the fork chain is not base on any known block.
So, a malicious node could send an invalid long fork chain to the light client easily, and it will cause the light client panics.
The light client has to do a full chain sampling for the long fork chain, before panics.
Issue
Let $N_{last}$ denote the constant
LAST_N_BLOCKS
.Let $n{k}$ denote the block number of block $B{k}$.
Suppose there are follow steps:
Start a light client
C
.C
connected to a CKB nodeN
.C
gets last state of block $B_{1}$ and its proof fromN
.And
C
saves $N_{last}$ last-N headers in its storage.The last state from
N
changes to a fork chain which last state is block $B_{2}$.And the last common ancestor for block $B{1}$ and block $B{2}$ is $B_{fork}$.
When $n{1} \gt n{fork} + N{last}$, the client couldn't have the header of $B{fork}$.
Then we couldn't know whether the fork chain is valid, because the fork chain is not base on any known block.
So, a malicious node could send an invalid long fork chain to the light client easily, and it will cause the light client panics.
Solution
The light client has to do a full chain sampling for the long fork chain, before panics.