absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-10 21:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add allow_block_list to libp2p

Browse Source 
The check in validators prevented connections from non-validators.
Non-validators could still participate in the network if they laundered their
connection through a malicious validator. allow_block_list ensures that peers,
not connections, are explicitly limited to validators.
This commit is contained in:
Luke Parker
2025-01-08 23:54:27 -05:00
parent 6cde2bb6ef
commit 75a00f2a1a
5 changed files with 94 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
coordinator/src/p2p/libp2p/authenticate.rs
View File

@@ -19,13 +19,12 @@ use libp2p::{
noise,
};
use crate::p2p::libp2p::{validators::Validators, peer_id_from_public};
use crate::p2p::libp2p::peer_id_from_public;
const PROTOCOL: &str = "/serai/coordinator/validators";
#[derive(Clone)]
pub(crate) struct OnlyValidators {
pub(crate) validators: Arc<RwLock<Validators>>,
pub(crate) serai_key: Zeroizing<Keypair>,
pub(crate) noise_keypair: identity::Keypair,
}
@@ -108,12 +107,7 @@ impl OnlyValidators {
.verify_simple(PROTOCOL.as_bytes(), &msg, &sig)
.map_err(|_| io::Error::other("invalid signature"))?;
let peer_id = peer_id_from_public(Public::from_raw(public_key.to_bytes()));
if !self.validators.read().await.contains(&peer_id) {
Err(io::Error::other("peer which tried to connect isn't a known active validator"))?;
}
Ok(peer_id)
Ok(peer_id_from_public(Public::from_raw(public_key.to_bytes())))
}
}