Prevent a malicious validator set from overwriting a notable cosign

Also prevents panics from an invalid Serai node (removing the assumption of an honest Serai node).
2025-12-08 20:29:23 +00:00 · 2024-12-25 02:11:05 -05:00
parent e119fb4c16
commit 5b337c3ce8
3 changed files with 40 additions and 34 deletions
--- a/coordinator/cosign/src/evaluator.rs
+++ b/coordinator/cosign/src/evaluator.rs
@@ -74,9 +74,11 @@ impl<D: Db, R: RequestNotableCosigns> ContinuallyRan for CosignEvaluatorTask<D,

            let mut weight_cosigned = 0;
            let mut total_weight = 0;
-            let (_, global_session_start_block) = GlobalSessions::get(&txn, global_session).expect(
-              "checking if intended cosign was satisfied within an unrecognized global session",
-            );
+            let (_, global_session_start_block) = GlobalSessions::get(&txn, global_session)
+              .ok_or_else(|| {
+                "checking if intended cosign was satisfied within an unrecognized global session"
+                  .to_string()
+              })?;
            for set in sets {
              // Fetch the weight for this set, as of the start of the global session
              // This simplifies the logic around which set of stakes to use when evaluating
@@ -148,9 +150,10 @@ impl<D: Db, R: RequestNotableCosigns> ContinuallyRan for CosignEvaluatorTask<D,
              let (global_session, sets) =
                get_latest_global_session_evaluated(&mut txn, &self.serai, parent_hash).await?;
              let (_, global_session_start_block) = GlobalSessions::get(&txn, global_session)
-                .expect(
-                  "checking if intended cosign was satisfied within an unrecognized global session",
-                );
+                .ok_or_else(|| {
+                  "checking if intended cosign was satisfied within an unrecognized global session"
+                    .to_string()
+                })?;

              let mut weight_cosigned = 0;
              let mut total_weight = 0;