Inconsistent block size limit handling in proposal preparation #3189
Comments
grarco
changed the title
|
Given that this parameter might be changed in namada storage by a fork, I think the best way to handle this is to take the minimum of the tx byte limit provided in the PrepareProposal request and the value in storage. The main alternative I see is to use the cometbft config parameter, but then updating this value would require a hardfork since we can't change values passed to cometbft without restarting a node, although a single source of truth would be nice. |
|
hmmm I just realized why we started using |
Yep, I was actually just wondering if your pr handles process proposal correctly now. |
Reported by Informal Systems.
Description
The process of preparing proposals involves the
BlockAllocator, which sets the maximum size of all transactions.This maximum size, determined by the parameter
max_proposal_bytesin theBlockAllocatorconfiguration (/ block_alloc.rs#L141), should align with themax_tx_bytesparameter in theRequestPrepareProposal.However, there lacks a validation step to ensure this alignment, potentially leading to discrepancies between these parameters over time.
Problem Scenarios
The absence of consistency checking between
max_proposal_bytesandmax_tx_bytesposes several risks. Firstly, it violates Requirement 2 [PrepareProposal, tx-size] of the ABCI++ 0.37 specification, which mandates that the total size of transactions in a proposal does not exceedmax_tx_byteswhen callingResponsePrepareProposal. Secondly, such discrepancies compromise liveness, as proposals from honest validators exceeding the maximum allowed would be rejected by the consensus engine.Recommendation
To address these issues, it would be desirable to implement a validation step to ensure that
max_proposal_bytesdoes not exceedmax_tx_bytes, or that the total size of transaction bytes in the proposal does not exceed themax_tx_bytesspecified in theRequestPrepareProposal.The text was updated successfully, but these errors were encountered: