Skip to content

fix: harden istanbul_status RPC against resource exhaustion and data integrity issues#86

Open
eomti-wm wants to merge 6 commits into
devfrom
fix/wbft-status-api-stabilization
Open

fix: harden istanbul_status RPC against resource exhaustion and data integrity issues#86
eomti-wm wants to merge 6 commits into
devfrom
fix/wbft-status-api-stabilization

Conversation

@eomti-wm

@eomti-wm eomti-wm commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Overview

This PR hardens the istanbul_status RPC API in the WBFT consensus module by introducing block range limits and epoch-based validator set caching, resolving several reliability issues and resource exhaustion risks.

Problem

  • The lack of an upper limit on the requested block range allowed unbounded database scans, exposing the node to CPU and DB I/O resource exhaustion.
  • Casting negative block number constants (e.g. LatestBlockNumber) directly to uint64 caused underflow (wrapping), leading to incorrect parsing.
  • Failures during block analysis silently fallback to round 0, polluting distribution statistics and causing partial counter updates.
  • Inactive validators at epoch boundaries were omitted from the final response, and redundant database header queries occurred on every block.

Solution

  • Introduced a maximum request limit constant (maxStatusBlockRange) in calculateBlockRange to restrict scan ranges, and correctly mapped LatestBlockNumber while rejecting other unsupported negative constants.
  • Refactored analyzeBlock to return errors explicitly and deferred counter increments until all data fetches succeed.
  • Implemented local caching for validator sets refreshed only on epoch boundaries, initializing zero baseline entries dynamically for all active/inactive validators.

Changes

  • Add range validation and explicit mapping for rpc.BlockNumber constants in calculateBlockRange
  • Redesign analyzeBlock to return (uint64, error) and defer counter updates to prevent partial state corruption
  • Implement local caching of validator sets and zero-baseline initialization in the Status loop
  • Remove the ambiguous TotalRounds field from RoundStats struct

eomti-wm added 6 commits June 2, 2026 19:59
@eomti-wm
refactor: clean up block range calculation
1f6fd25 
Remove duplicated code and fix range boundary inconsistency.
@eomti-wm
fix: add block range limit to Status RPC
84f82b0 
Introduce maxStatusBlockRange constant in calculateBlockRange
to reject requests exceeding the limit, preventing CPU/DB I/O exhaustion
from unbounded range scans.
@eomti-wm
fix: resolve rpc.BlockNumber special constants in Status RPC
715210d 
Handle LatestBlockNumber as current block and reject unsupported
negative block numbers with an explicit error in calculateBlockRange.
@eomti-wm
fix: return error from analyzeBlock instead of silent fallback
2cd8958 
Return explicit errors on block fetch, WBFT extra extraction, and
validator resolution failures to prevent partial counter updates
and round distribution pollution.
@eomti-wm
refactor: remove TotalRounds field from RoundStats
b1307e4 
Round-change weighted sum semantics were ambiguous and misleading.
@eomti-wm
fix: track all validators across epoch boundaries in Status RPC
0bfdcde 
Cache validator sets per epoch instead of fetching every block to avoid
redundant DB lookups, and initialize zero baseline entries on each epoch
transition so validators with no activity are included in the result.
@eomti-wm eomti-wm self-assigned this Jun 4, 2026
@eomti-wm eomti-wm added bug Something isn't working refactor labels Jun 4, 2026
hominlee-wemade
hominlee-wemade approved these changes Jun 12, 2026
View reviewed changes

@hominlee-wemade hominlee-wemade left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hominlee-wemade hominlee-wemade hominlee-wemade approved these changes

@colinkim colinkim Awaiting requested review from colinkim

@0xmhha 0xmhha Awaiting requested review from 0xmhha

At least 2 approving reviews are required to merge this pull request.

Assignees

@eomti-wm eomti-wm

Labels

bug Something isn't working refactor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eomti-wm @hominlee-wemade