Skip to content

fix(p2p): penalize peers for errors during response reading#21680

Merged
mralj merged 1 commit intomerge-train/spartanfrom
palla/fix-oversized-snappy-no-penalty
Mar 17, 2026
Merged

fix(p2p): penalize peers for errors during response reading#21680
mralj merged 1 commit intomerge-train/spartanfrom
palla/fix-oversized-snappy-no-penalty

Conversation

@spalladino
Copy link
Contributor

@spalladino spalladino commented Mar 17, 2026
edited
Loading

Motivation

Errors during readMessage (oversized snappy responses, corrupt data, etc.) were caught and silently converted to { status: UNKNOWN } return values instead of re-throwing. Since sendRequestToPeer only calls handleResponseError in its own catch block, none of these errors resulted in peer penalties. The request was simply retried with another peer, allowing a malicious peer to waste bandwidth indefinitely.

Approach

Re-throw non-protocol errors from readMessage so they propagate to sendRequestToPeer's catch block where handleResponseError applies peer penalties. Additionally, introduce a dedicated OversizedSnappyResponseError class so oversized responses get a harsher LowToleranceError penalty (score -50, banned after 2 offenses) instead of falling through to the generic HighToleranceError catch-all.

Changes

  • p2p (reqresp): Changed readMessage catch block to only return status for ReqRespStatusError and re-throw all other errors, so they reach handleResponseError for penalization
  • p2p (encoding): Added OversizedSnappyResponseError class for explicit categorization
  • p2p (reqresp): Added OversizedSnappyResponseError handling in categorizeResponseError with LowToleranceError severity

@spalladino spalladino changed the title fix(p2p): penalize peers sending oversized snappy responses fix(p2p): penalize peers for errors during response reading Mar 17, 2026
@spalladino @claude
fix(p2p): penalize peers for errors during response reading
34ee6a4 
Errors in readMessage (invalid status bytes, oversized snappy responses,
corrupt data) were caught and silently converted to UNKNOWN status returns.
Since sendRequestToPeer only calls handleResponseError in its own catch
block, none of these errors resulted in peer penalties. The request was
simply retried with another peer, allowing a malicious peer to waste
bandwidth indefinitely.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@spalladino spalladino force-pushed the palla/fix-oversized-snappy-no-penalty branch from 14a8239 to 34ee6a4 Compare March 17, 2026 15:21
@AztecBot
Copy link
Collaborator

AztecBot commented Mar 17, 2026

Flakey Tests

🤖 says: This CI run detected 1 tests that failed, but were tolerated due to a .test_patterns.yml entry.

\033FLAKED\033 (8;;http://ci.aztec-labs.com/7abc45c6251d4cb3�7abc45c6251d4cb38;;�):  yarn-project/end-to-end/scripts/run_test.sh simple src/e2e_p2p/duplicate_attestation_slash.test.ts (148s) (code: 0) group:e2e-p2p-epoch-flakes

mralj
mralj approved these changes Mar 17, 2026
View reviewed changes
Copy link
Contributor

@mralj mralj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@spalladino I cannot find anything wrong with the reasoning/implementation - I think this is good callout

@mralj mralj merged commit b32d86f into merge-train/spartan Mar 17, 2026
11 checks passed
@mralj mralj deleted the palla/fix-oversized-snappy-no-penalty branch March 17, 2026 16:07
@AztecBot AztecBot mentioned this pull request Mar 17, 2026
Open
AztecBot pushed a commit that referenced this pull request Mar 17, 2026
@mralj
fix(p2p): penalize peers for errors during response reading (#21680)
1f080c8 
## Motivation

Errors during `readMessage` (oversized snappy responses, corrupt data,
etc.) were caught and silently converted to `{ status: UNKNOWN }` return
values instead of re-throwing. Since `sendRequestToPeer` only calls
`handleResponseError` in its own catch block, none of these errors
resulted in peer penalties. The request was simply retried with another
peer, allowing a malicious peer to waste bandwidth indefinitely.

## Approach

Re-throw non-protocol errors from `readMessage` so they propagate to
`sendRequestToPeer`'s catch block where `handleResponseError` applies
peer penalties. Additionally, introduce a dedicated
`OversizedSnappyResponseError` class so oversized responses get a
harsher `LowToleranceError` penalty (score -50, banned after 2 offenses)
instead of falling through to the generic `HighToleranceError`
catch-all.

## Changes

- **p2p (reqresp)**: Changed `readMessage` catch block to only return
status for `ReqRespStatusError` and re-throw all other errors, so they
reach `handleResponseError` for penalization
- **p2p (encoding)**: Added `OversizedSnappyResponseError` class for
explicit categorization
- **p2p (reqresp)**: Added `OversizedSnappyResponseError` handling in
`categorizeResponseError` with `LowToleranceError` severity
@AztecBot
Copy link
Collaborator

AztecBot commented Mar 17, 2026

✅ Successfully backported to backport-to-v4-next-staging #21654.

@AztecBot AztecBot mentioned this pull request Mar 17, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mralj mralj mralj approved these changes

Assignees

No one assigned

Labels

backport-to-v4-next

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@spalladino @AztecBot @mralj