This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Consider disconnecting from peers with skewed clocks #2167
Labels
A-network
Area: Network protocol updates or fixes
C-security
Category: Security issues
I-invalid-data
Zebra relies on invalid or untrusted data, or sends invalid data
Comments
jvff
added
C-enhancement
|
I just tweaked the descriptions, and added the specific consensus rule. |
mpguerra
added
A-network
teor2345
added
C-security
18 tasks
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Motivation
Zebra currently accepts gossiped peers without verifying the
last_seentime reported. This could lead to issues when the clocks are skewed, and is planned to be handled by a separate issue (#1871). However, that only normalizes the reported times to minimize the effect of the skewed clock. There might be further gain by disconnecting from peers whose clocks are skewed too much.For example, Zcash nodes reject blocks that are more than 2 hours in the future, compared to their local clock. So peers that are more than two hours behind consensus time can't validate blocks from other peers, while peers that are more than two hours ahead of consensus time can't generate blocks that other peers will accept.
Solution
The proposed solution is to not connect to peers that have clocks skewed more than a certain threshold. This should be discussed more to decide:
PeerSet?) are full?Alternatives
Leaving things as is isn't a big issue AFAICT, but it does lead to waste of resources because the node will spend a connection slot to communicate with a peer that might not be the optimal one to communicate with.
The text was updated successfully, but these errors were encountered: