Malicious behavior miner#132
Draft
NathanBSC wants to merge 604 commits into
Draft
Conversation
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
from
4513f63 to
760bd68
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
3 times, most recently
from
4e6b257 to
13c253f
Compare
Pla |
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
from
13de488 to
c0130a6
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
from
c0130a6 to
30981ee
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
2 times, most recently
from
aaa126b to
af69f74
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
2 times, most recently
from
91e6121 to
ce27018
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
3 times, most recently
from
29c8284 to
80258ff
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
2 times, most recently
from
29ce87e to
c7b40a7
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
from
c7b40a7 to
e6134a4
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
2 times, most recently
from
375817c to
b4cfbb1
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
from
b4cfbb1 to
7914ade
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
from
7914ade to
628bcc3
Compare
NathanBSC
force-pushed
the
malicious_behavior_miner
branch
3 times, most recently
from
17d7505 to
b6de6db
Compare
…chain#3700) Cherry-pick of go-ethereum 8581125a2 (PR #33839). The cgo path in secp256k1/secp256.go already rejects non-32-byte hashes, but the nocgo (pure-Go) path did not. PR #33104 added the check to Sign and sigToPub but missed VerifySignature. Without it, a wrong-length hash gets passed to decred's Verify and silently gives a bogus result — a truncated hash may match a different signature, an extended hash silently ignores extra bytes. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…898) (bnb-chain#3710) Fixes #34881 This fixes a hang in `Table.waitForNodes`. It is a replacement for PRs - #34890 doesn't really fix the issue, just makes it less likely - #33665 tries to fix it by moving the feed send outside of the lock I created this PR because I want to keep the synchronous node feed sending in `Table.nodeAdded`. --------- Co-authored-by: Felix Lange <fjl@twurst.com> Co-authored-by: Csaba Kiraly <csaba.kiraly@gmail.com>
…0) (bnb-chain#3708) * eth/downloader: drop peers sending invalid bodies or receipts (#34745) Cherry-pick of go-ethereum 75a64ee34 (PR #34745). - Fixes an error shadowing issue in the deliver() function, where a stale result from GetDeliverySlot caused the original failure to be overwritten by errStaleDelivery. - Adds errInvalidBody and errInvalidReceipt propagation via res.Done so the eth protocol handler tears down the connection of peers sending invalid responses, instead of just adjusting capacity while keeping the peer connected. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * eth/downloader: use batch index in deliver reconstruct (#34870) Cherry-pick of go-ethereum 5b837e578 (PR #34870). reconstruct() indexes into the parallel response slices (bodies, receipts). After PR #34745 (now applied in this stack) moved `accepted++` inside the success branch, passing `accepted` to `reconstruct()` underflowed the response index whenever an earlier header in the same batch hit a stale slot — the next successful slot would read from the wrong response slice element. Switch to the loop's range index `k`, which always tracks the response position regardless of stale gaps. NOTE: based on `fix/downloader-drop-invalid-peers` (PR bnb-chain#3699) — must land after / merged together with that PR. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* cmd, core/rawdb: remove multidatabase CLI support * node, eth: remove multidatabase open wiring * core, trie, eth: read state from the single database * ethdb, core/rawdb: remove the StateStore abstraction
…t (#34680) (bnb-chain#3706) Cherry-pick of go-ethereum 3772bb536 (PR #34680). accountTip and storageTip both returned common.Hash{} as the "not found" sentinel. That collides with a legitimate disk-layer fallback when the disk layer's root is itself the zero hash — as is the case for a fresh verkle/bintrie database whose empty trie hashes to EmptyVerkleHash. Switch to a (hash, ok) return signature so callers can distinguish the two cases. Update lookupAccount/lookupStorage at the call sites. The upstream regression test (TestLookupZeroBaseRootFallback) depends on test helpers not present in BSC's layertree_test.go and is omitted; the existing pathdb test suite (TestAccountLookup / TestStorageLookup et al.) still exercises the happy path. This is defensive hardening — BSC does not activate verkle in production, so the zero-root collision is theoretical today. Recommended as prerequisite for future verkle adoption. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…b-chain#3718) * crypto: add hash length check in nocgo sigToPub Upstream PR #33839 added the hash length guard to both VerifySignature and sigToPub. The prior backport only covered VerifySignature; mirror the same check in sigToPub so callers like Ecrecover reject malformed hash inputs with a clear error instead of relying on downstream library behavior. * triedb/pathdb: add regression test for zero-base-root fallback Cover the sentinel collision fixed in the prior commit: when the disk layer root is common.Hash{} (e.g. a fresh verkle/bintrie database whose empty trie hashes to zero), the legitimate fall-through to the disk layer must not be mistaken for the stale-state sentinel. Pins both the fall-through and the still-stale-on-unknown-state contract so a future refactor that always returns ok=true would fail here.
…34728) (bnb-chain#3712) Co-authored-by: Snehendu Roy <81818503+snehendu098@users.noreply.github.com>
…nb-chain#3711) In openFreezerFileForAppend, if Seek fails after the file is successfully opened, the file handle is not closed, leaking a descriptor. Similarly in newTable, if opening the meta file fails, the already-opened index file is not closed. And if newMetadata fails, both the index and meta files are leaked. Under repeated error conditions (e.g., corrupted filesystem), these leaks accumulate and may exhaust the OS file descriptor limit, causing cascading failures. Co-authored-by: rayoo <rayjun0412@gmail.com>
…in#3707) Cherry-pick of go-ethereum b9c5fe6d2 (PR #34862). The mux tracer fanned out every standard hook to its children but never forwarded OnSystemCall{Start,End}. Tracers that rely on these — like logger.jsonLogger, which uses the start hook to silence its opcode hook for the duration of a system call — never got the signal when wrapped behind a mux. Combining --trace with --opcode-count in evm t8n produces exactly that wrapping, and the first system call (e.g. ProcessBeaconBlockRoot) crashes t8n on nil env deref. Forwards OnSystemCallStartV2 (with V1 fallback per child) and OnSystemCallEnd through the mux. Same precedence as core/state_processor.go. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…b-chain#3705) Cherry-pick of go-ethereum ea1cf7bf5 (PR #34787) — alternative to PR #34746 implementing the simpler approach: when serving GetBlockBodies / GetReceipts and a requested item is unavailable, stop serving instead of silently dropping it. Requests for unavailable items are typically a sign that the peer is following a different fork; replying with a sparse list is misleading because the dropped slots are silently elided. Halting at the first gap gives the requester a clearer signal and saves work. Adapted to BSC's two receipts handlers (68 and 69) which retain the empty-receipts-root branch — that branch continues to serve. Test adjusted to match the new "stop at gap" semantics. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…4888) (bnb-chain#3701) Cherry-pick of go-ethereum e1e3eaa38 (PR #34888). The discv4 read loop allocates `buf` once and reuses it for every ReadFromUDPAddrPort call. When a packet fails handlePacket, the raw buffer `buf[:nbytes]` was sent by reference to the `unhandled` channel; by the time the consumer (discv5 in mixed-mode) processes it, the next ReadFromUDPAddrPort had overwritten the buffer contents. bytes.Clone the slice before sending so the consumer owns an independent copy. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ers (#34743) (bnb-chain#3702) * p2p/discover: fix timeout loop early exit when removing expired matchers (#34743) Cherry-pick of go-ethereum 51c97216c (PR #34743), adapted minimally to keep BSC's manual list iteration (BSC has not adopted the upstream iterList helper, so the upstream regression fixed by 60db25b07 never applied here). In both the gotreply and timeout-deadline loops, plist.Remove(el) invalidates el.Next(), so the next iteration's el.Next() returns nil and the loop exits after removing only the first expired/done matcher. Save el.Next() before calling plist.Remove(el) so iteration continues through every entry. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * p2p/discover: fix resetTimeout loop early exit on clock-warp removal The prior backport of upstream #34743 ported the gotreply and timeout loops but missed the resetTimeout loop. When the system clock jumps backward, expired matchers can still be removed inside resetTimeout via plist.Remove(el); after removal el.Next() returns nil, exiting the loop early and skipping subsequent stale matchers. Save the next element before removing the current one, matching the pattern used in the other two loops. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* eth/tracers/logger: fix exclude address list (#34887) Cherry-pick of go-ethereum f7b7d4c7e (PR #34887). In NewAccessListTracer, when a prelude AccessList entry's address was in addressesToExclude, list.addAddress was correctly skipped — but the inner for-loop still called list.addSlot for every slot under that address, causing the excluded address to leak into the tracer's output with storage keys attached. Refactored to `continue` on the excluded address so both addAddress and the slot loop are skipped together. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * eth/tracers/logger: fix exclude address list (#34887) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ain#3684) * cmd, core, eth, tests: prevent state flushing in RPC (#33931) Fixes ethereum/go-ethereum#33572 * core/vm: clean vm.Config * eth: check block to avoid panic --------- Co-authored-by: rjl493456442 <garyrong0905@gmail.com>
…ade (bnb-chain#3721) Wire the Pasteur hardfork to upgrade two system contracts whose bytecode changed on the genesis-contract side: - StakeHub (0x2002): propagate slash eviction to BSCValidatorSet after consensus-key rotation (bsc-genesis-contract bnb-chain#664) - BSCGovernor (0x2004): reject blacklisted voter on castVoteBySig (bnb-chain#667) Adds the `pasteur` bytecode package (StakeHub/Governor for Mainnet, Chapel, Rialto) and applies it in upgradeBuildInSystemContract when IsOnPasteur. Bytecode extracted from the regenerated genesis (bsc-genesis-contract commit 3f02a2e); CommitUrl points there for now and should be updated to the Pasteur release merge commit once available. PasteurTime scheduling in params/config.go is intentionally left unset. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* core/txpool/legacypool: remove overflowpool for txs * cmd/geth: mark OverflowPoolSlots deprecated
* core/vm: reject duplicate bridge validators at Mendel * core/vm: enforce duplicate bridge validator checks at Pasteur * core/vm: reject duplicate bridge validators at Pasteur * core/vm: reject duplicate bridge validators at Pasteur * core/vm: reject duplicate bridge validators at Pasteur * contracts.go: update precompile --------- Co-authored-by: qybdyx <qybdyx@outlook.com>
…nb-chain#3691) * miner: implement zero-simulate MEV * miner: implement validator-side BidBlock handling * fix: refine enable bidblock config * miner: switch BidBlock vs simBid to two-stage selection * fix: use builder timestamp when committing BidBlock * miner: split BidBlock verify and sign * miner: verify BidBlock GasFee after InsertChain * miner: add BidBlock permission admission * miner: revoke BidBlock permission on insert or gas-fee failure * miner: add BidBlock permission RPC * miner: expose BidBlock permission block number * miner: skip revoked cached BidBlock * miner: revoke malformed BidBlock winners * miner: use must-before cutoff for BidBlock * miner: preserve builder header for BidBlock commit * miner: retry BidBlock candidates after failure * parlia: add bindSign system tx mode * parlia: expose builder finalize path * parlia: clarify BidBlock system tx signing * miner: support builder header preparation * miner: preserve BidBlock execution header * miner: align BidBlock system tx shape * miner: reject disabled BidBlock submissions * docs: drop BidBlock draft notes * miner: align bid simulator constructor * parlia: clarify generated tx signing flag * parlia: align generated tx signing flag * ethclient: add BidBlock RPC helpers * parlia: align builder block time validator * miner: reject BidBlock with unknown parent * miner: align BidBlock selection gate * miner: refine BidBlock helper names * miner: address BidBlock review feedback * miner: use deterministic BidBlock timestamp * miner: address BidBlock review comments * miner: simplify BidBlock fork checks * miner: address BidBlock review nits * parlia: use mode for system tx processing * miner: prepare BidBlock before enqueue * miner: log BidBlock bid comparison * miner: simplify BidBlock candidate cache * miner: keep one best BidBlock * miner: return BidBlock cache feedback * miner: share double-sign check * miner: refine BidBlock validation flow * miner: simplify BidBlock selection state * miner: resolve develop rebase conflict * miner: simplify BidBlock task state * miner: validate BidBlock system tx ABI * miner: clean up BidBlock review fixes * miner: use fixed BidBlock system selectors * miner: align BidBlock assembly return values * miner: simplify BidBlock decoded payload * miner: simplify BidBlock selection comments * miner: add admin BidBlock permission control * miner: defer BidBlock revoke until post-insert * miner: simplify BidBlock permission checks * miner: simplify BidBlock permission manager * miner: simplify BidBlock preseal checks * miner: avoid retaining work for BidBlock * miner: simplify BidBlock validation flow * miner: derive BidBlock gas fee from deposit * miner: require BidBlock deposit tx * miner: simplify BidBlock tx shape * miner: simplify BidBlock config prep * miner: check BidBlock parent header * miner: organize BidBlock helpers * miner: verify BidBlock at admission * miner: gofmt BidBlock metrics * miner: preserve builder vanity in BidBlock extra-data * miner: dedupe BidBlock system-tx scan, expose BidBlockEnabled * consensus/parlia: check upperlimit for header.Time when blockTimeVerify (#26) * consensus/parlia: share Prepare core with BidBlock builder * consensus/parlia: unexport BidBlock system-tx helpers * consensus/parlia: simplify ExtractBidBlockDepositValue scan * miner: have validator own BidBlock extra-data * miner: address BidBlock review feedback * types: normalize empty BidBlock sidecars * miner: preserve empty BidBlock withdrawals body * miner: trim redundant BidBlock entry guards * miner: mini improve (#27) * miner: surface revoke error detail to builders * miner: use rolling BidBlock revoke window * miner: encode block builder info in requests hash * fix: infer local mev blocks from empty builder * docs: clarify block mev info versions * miner: harden BidBlock checks and track revoked builders * miner: validate BidBlock blob sidecars before seal * check bidblock blob eligibility * miner: check BidBlock bid tx gas price * miner: check BidBlock non-system gas price * miner: use BidBlock gas fee for price check * miner: address BidBlock review comments. * miner: improve BidBlock blob validation error. * miner: enforce validator BidBlock gas limit. * Revert "consensus/parlia: check upperlimit for header.Time when blockTimeVerify (#26)" This reverts commit a8a9685. * parlia: check upperlimit of block time * miner: simplify BidBlock revoke duration. * miner: add BidBlock RPC error codes. * mev: add bid block hash tracing * test: cover BidBlock consensus edge cases * miner: add BidBlock migration metrics * miner: gate BidBlock on Pasteur fork and default-enable * miner: fold Pasteur gate into BidBlock enablement --------- Co-authored-by: formless <213398294+allformless@users.noreply.github.com>
… block at Pasteur (bnb-chain#3726) Builds on the Pasteur precompile set introduced in bnb-chain#3623. The legacy v1 Tendermint light-client precompiles 0x64 (tmHeaderValidate) and 0x65 (iavlMerkleProofValidate) are only reachable via the deprecated BC<->BSC cross-chain stack (contracts/deprecated/), which no longer exists. Rename the existing *Nano suspend handlers to tmHeaderValidateDeprecated / iavlMerkleProofValidateDeprecated (error "deprecated") and map 0x64/0x65 to them in the Pasteur set, deprecating them from Pasteur. For the v2 cometBFT light-client (0x67), the verification work scales with the light block's validator/signature count while the gas was flat. Price the Pasteur variant's RequiredGas per input byte (CometBFTLightBlockValidatePerByteGas) so gas tracks the real CPU/memory cost (cf. the per-key pricing of 0x66 blsSignatureVerify). The pre-Pasteur Hertz variant keeps the flat gas so earlier blocks replay identically. Note: the per-byte rate is tunable; raising 0x67 gas affects the live Greenfield/op-stack relayer gas budget and should be coordinated. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…2.6 (bnb-chain#3727) Update the Pasteur upgrade CommitUrl for StakeHub (0x2002) and BSCGovernor (0x2004) from the interim commit 3f02a2e to the tagged release v1.2.6 (commit 041881a02475638b19f3d840871b7621cdebd8f8). The embedded bytecode is unchanged: verified the StakeHub/Governor code for Mainnet/Chapel/Rialto matches the v1.2.6 genesis byte-for-byte, so this only corrects the provenance reference to the official release tag. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…bnb-chain#3728) The fake-beacon service (bnb-chain#2678) is an internal-only op-stack blob/DA shim, off by default and bound to localhost. Its block-number lookup (fetchBlockNumberByTime) has an unbounded retry loop with no lower bound and no ctx cancellation, plus an inner nil-header dereference, so an operator who enables and exposes it can leak handler goroutines (SRC-2026-1000). Rather than patch an auxiliary, default-off feature, the service is removed entirely. Removes the beacon/fakebeacon package and its --fake-beacon[.addr|.port] flags and startup wiring in cmd/geth and cmd/utils. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
blxdyx
force-pushed
the
malicious_behavior_miner
branch
from
452ffe2 to
40be959
Compare
…g. (#147) * feat: add malicious behavior simulation for BEP-657 blob chaos testing. * feat: add malicious behavior simulation for BEP-657 blob chaos testing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Malicious behavior miner
Rationale
just to see the diff between latest tag and this branch
Example
add an example CLI or API response...
Changes
Notable changes: