You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Teku is computing compressedMaxGossipSize based on uncompressed GOSSIP_MAX_SIZE and then passes it to Libp2p Gossip builder as a maxGossipMessageSizeparameter.
However GossipRouterassumes this size as the overall gRPC message size, i.e. including all publish messages and control GossipSub messages.
This doesn't look like a security issue as there are no means to construct a valid gossip message of the compressedMaxGossipSize. Thus there is no ways to induce any kind of temporary network splits which may potentially happen when one client implementation refuses a valid gossip message while others propagate it.
This spec PR clarifies message size limits. The PR implementation should resolve this issue, so it probably makes sense to leave this issue until the PR is merged.
Versions
Software version: current master version
The text was updated successfully, but these errors were encountered:
Description
Teku is computing
compressedMaxGossipSize
based on uncompressedGOSSIP_MAX_SIZE
and then passes it to Libp2p Gossip builder as amaxGossipMessageSize
parameter.However
GossipRouter
assumes this size as the overall gRPC message size, i.e. including all publish messages and control GossipSub messages.This doesn't look like a security issue as there are no means to construct a valid gossip message of the
compressedMaxGossipSize
. Thus there is no ways to induce any kind of temporary network splits which may potentially happen when one client implementation refuses a valid gossip message while others propagate it.This spec PR clarifies message size limits. The PR implementation should resolve this issue, so it probably makes sense to leave this issue until the PR is merged.
Versions
The text was updated successfully, but these errors were encountered: