search

omni-network / omni

Monorepo for Omni node, contracts and other related tools
https://omni.network
GNU General Public License v3.0
93 stars 55 forks source link

Strict execution payload encoding #2533

Open corverroos opened 1 day ago

corverroos commented 1 day ago

Problem to Solve

Currently, octane encodes the execution payload obtained from engineAPI into the MsgExecutionPayload.ExecutionPayload field as json bytes.

Json is not strict, in the sense that arbitrary data can be added to json struct which will be ignored when unmarshalled. This provides an attack vector for malicious validators to inject arbitrary large data (up to max block size) into consensus chain blocks. Which could lead to range of operational and performance issues.

Proposed Solution

Use a strict serialization format like ssz or protobuf which has the added benefit of decreasing block sizes.

Or use json.Decoder.DisallowUnknownFields. Note this is tricky since geth does custom unmarshalling which bypasses DisallowUnknownFields

Add backwards compatibility tests with supported geth versions

corverroos commented 1 day ago

Milestone: Permissionless validators