From d616c6c1ac7a0e23357c7d41cc82992c611d8b6b Mon Sep 17 00:00:00 2001 From: Julien Robert Date: Tue, 24 Mar 2026 12:26:38 +0100 Subject: [PATCH 1/4] fix: remove unknown field protection thanks to da enveloppe --- types/serialization.go | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/types/serialization.go b/types/serialization.go index b304b61fbb..4bec69c000 100644 --- a/types/serialization.go +++ b/types/serialization.go @@ -522,11 +522,6 @@ const ( legacyLastResultsHashField = 9 ) -// Maximum size of unknown fields to prevent DoS attacks via malicious headers -// with excessive unknown field data. 1MB should be more than sufficient for -// legitimate legacy headers (typical header is ~500 bytes). -const maxUnknownFieldSize = 1024 * 1024 // 1MB - // Maximum size for individual legacy hash fields. Standard hashes are 32 bytes, // but we allow up to 1KB for flexibility with different hash algorithms. const maxLegacyHashSize = 1024 // 1KB @@ -537,13 +532,7 @@ func decodeLegacyHeaderFields(pHeader *pb.Header) (*LegacyHeaderFields, error) { return nil, nil } - // Protect against DoS attacks via headers with massive unknown field data - if len(unknown) > maxUnknownFieldSize { - return nil, fmt.Errorf("unknown fields too large: %d bytes (max %d)", len(unknown), maxUnknownFieldSize) - } - var legacy LegacyHeaderFields - for len(unknown) > 0 { fieldNum, typ, n := protowire.ConsumeTag(unknown) if n < 0 { From f3f068d875f8c901c13951c1f59bcc4b2e61d2b2 Mon Sep 17 00:00:00 2001 From: Julien Robert Date: Tue, 24 Mar 2026 14:00:12 +0100 Subject: [PATCH 2/4] add more logs --- block/internal/syncing/da_retriever.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/block/internal/syncing/da_retriever.go b/block/internal/syncing/da_retriever.go index f1ea3ba643..2fecfb932b 100644 --- a/block/internal/syncing/da_retriever.go +++ b/block/internal/syncing/da_retriever.go @@ -289,7 +289,7 @@ func (r *daRetriever) tryDecodeHeader(bz []byte, daHeight uint64) *types.SignedH } } if r.strictMode && !isValidEnvelope { - r.logger.Warn().Msg("strict mode: rejecting block that is not a fully valid envelope") + r.logger.Warn().Uint64("da_height", daHeight).Msg("strict mode: rejecting block that is not a fully valid envelope") return nil } @@ -304,7 +304,7 @@ func (r *daRetriever) tryDecodeHeader(bz []byte, daHeight uint64) *types.SignedH } if isValidEnvelope && !r.strictMode { - r.logger.Info().Uint64("height", header.Height()).Msg("valid DA envelope detected, switching to STRICT MODE") + r.logger.Info().Uint64("da_height", daHeight).Msg("valid DA envelope detected, switching to STRICT MODE") r.strictMode = true } From 6795a704682096093d8430898e589d2cf07b06b6 Mon Sep 17 00:00:00 2001 From: Julien Robert Date: Tue, 24 Mar 2026 14:07:51 +0100 Subject: [PATCH 3/4] fixes --- pkg/da/jsonrpc/header.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/da/jsonrpc/header.go b/pkg/da/jsonrpc/header.go index abcc2784a9..0b6e0f08d8 100644 --- a/pkg/da/jsonrpc/header.go +++ b/pkg/da/jsonrpc/header.go @@ -20,13 +20,13 @@ type Header struct { // RawHeader contains the raw tendermint header fields. type RawHeader struct { ChainID string `json:"chain_id"` - Height string `json:"height"` + Height uint64 `json:"height"` Time time.Time `json:"time"` } // Commit contains commit information. type Commit struct { - Height string `json:"height"` + Height uint64 `json:"height"` } // DAHeader contains the Data Availability header. From b808824bc6b22257bdc08e469ffb6cd321082b07 Mon Sep 17 00:00:00 2001 From: Julien Robert Date: Tue, 24 Mar 2026 14:14:06 +0100 Subject: [PATCH 4/4] re-add --- block/internal/syncing/da_retriever.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/internal/syncing/da_retriever.go b/block/internal/syncing/da_retriever.go index 2fecfb932b..6d5a7929a2 100644 --- a/block/internal/syncing/da_retriever.go +++ b/block/internal/syncing/da_retriever.go @@ -304,7 +304,7 @@ func (r *daRetriever) tryDecodeHeader(bz []byte, daHeight uint64) *types.SignedH } if isValidEnvelope && !r.strictMode { - r.logger.Info().Uint64("da_height", daHeight).Msg("valid DA envelope detected, switching to STRICT MODE") + r.logger.Info().Uint64("height", header.Height()).Uint64("da_height", daHeight).Msg("valid DA envelope detected, switching to STRICT MODE") r.strictMode = true }