Summary
The MessagePool::add() method, which is used to insert messages received via gossip,
currently calls add_to_pool with TrustPolicy::Trusted. This bypasses the stricter
untrusted caps and gap rules that are intended for externally sourced traffic.
Details
File: src/message_pool/msgpool/msg_pool.rs
Messages received over gossipsub come from untrusted external peers. Using
TrustPolicy::Trusted for these inserts means:
- The per-actor pending message limit of
MAX_ACTOR_PENDING_MESSAGES (1000) applies
instead of the tighter MAX_UNTRUSTED_ACTOR_PENDING_MESSAGES (10).
- Gap/strictness rules intended for untrusted sources (
StrictnessPolicy::Strict) may
not be enforced correctly.
Suggested Fix
pub fn add(&self, msg: SignedMessage) -> Result<(), Error> {
self.add_to_pool(msg, false, TrustPolicy::Untrusted)?;
Ok(())
}References
Note:
It's not actually a bug because TrustPolicy here merely tells us how many messages are allowed in the pending store nothing else, but opening this so we discuss changing things around because current naming creates confusion.
Summary
The
MessagePool::add()method, which is used to insert messages received via gossip,currently calls
add_to_poolwithTrustPolicy::Trusted. This bypasses the stricteruntrusted caps and gap rules that are intended for externally sourced traffic.
Details
File:
src/message_pool/msgpool/msg_pool.rsMessages received over gossipsub come from untrusted external peers. Using
TrustPolicy::Trustedfor these inserts means:MAX_ACTOR_PENDING_MESSAGES(1000) appliesinstead of the tighter
MAX_UNTRUSTED_ACTOR_PENDING_MESSAGES(10).StrictnessPolicy::Strict) maynot be enforced correctly.
Suggested Fix
References
#7033: refactor: msg pool to make more structured part 3 #7033 (comment)Note:
It's not actually a bug because
TrustPolicyhere merely tells us how many messages are allowed in the pending store nothing else, but opening this so we discuss changing things around because current naming creates confusion.