ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2026-04-29 15:37:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(consensus): harden sidecar quorum inputs

Browse Source
This commit is contained in:
Nicholas Dudfield
2026-04-27 10:14:12 +07:00
parent 6e71f84867
commit 26bbef8efd
5 changed files with 46 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
include/xrpl/proto/ripple.proto
View File

@@ -168,9 +168,9 @@ message TMProposeSet
optional uint32 hops = 12 [deprecated=true];
// Export signatures for pending exports seen in the proposal set.
// Each entry is: txnHash (32 bytes) + validator pubkey (33 bytes).
// Validators attach these so export quorum can be reached within
// the same consensus round.
// Each entry is: txnHash (32 bytes) + validator pubkey (33 bytes)
// + multisign signature (variable length). Validators attach these
// so export quorum can be reached within the same consensus round.
repeated bytes exportSignatures = 13;
}
@@ -224,9 +224,9 @@ message TMValidation
// Number of hops traveled
optional uint32 hops = 3 [deprecated = true];
// Export signatures for pending exports validated in this ledger.
// Each entry is: txnHash (32 bytes) + serialized sfSigner STObject.
// Used for ephemeral export signature collection via validation gossip.
// Legacy export signature gossip field retained for wire compatibility.
// Current proposal-based export signatures use
// TMProposeSet.exportSignatures.
repeated bytes exportSignatures = 4;
}
@@ -395,4 +395,3 @@ message TMHaveTransactions
{
repeated bytes hashes = 1;
}

6
include/xrpl/protocol/ExportLimits.h
View File

@@ -9,7 +9,7 @@ namespace ripple {
//
// These limits bound the DoS surface of the export signature system:
// - Each pending export requires every validator to sign it every round
// (sign-once, broadcast-many via TMValidation)
// (sign-once, attach once via TMProposeSet)
// - Inbound signature processing involves crypto verification per sig
// - The directory cap (maxPendingExports) is the root constraint;
// signing throughput and inbound processing are transitively bounded by it
@@ -21,8 +21,8 @@ struct ExportLimits
// Maximum pending exports in the exported directory at any time.
// This transitively caps:
// - signatures per TMValidation message (1 per pending export)
// - inbound signature processing in PeerImp (clamped to this)
// - signatures per TMProposeSet message (1 per pending export)
// - inbound proposal signature processing (clamped to this)
// - validator signing work per round
static constexpr std::uint8_t maxPendingExports = 8;
};