Migrated from dkg-v9 issue #73
Context
Feedback item I-002 — Severity: High
What has improved
- Gossip handling moved to dedicated
GossipPublishHandler class
- Structural validation via
validatePublishRequest() added
- Data stored as tentative first — old heuristic that trusted self-reported
startKAId/publisherAddress is gone
- When gossip includes
txHash + blockNumber, targeted on-chain verification promotes to confirmed
What remains
- Gossip messages themselves are not cryptographically signed
- No merkle verification of the gossip payload against claimed roots
- A malicious peer can broadcast structurally valid but fabricated data that will persist as tentative
- No signed ack on gossip path
Recommendation
Add publisher signature verification to gossip messages so receivers can reject unsigned or misattributed broadcasts before storing.
Evidence
packages/agent/src/gossip-publish-handler.ts:115-199 (current validation)packages/agent/src/gossip-publish-handler.ts:187-189 (tentative-first)
Context
Feedback item I-002 — Severity: High
What has improved
GossipPublishHandlerclassvalidatePublishRequest()addedstartKAId/publisherAddressis gonetxHash+blockNumber, targeted on-chain verification promotes to confirmedWhat remains
Recommendation
Add publisher signature verification to gossip messages so receivers can reject unsigned or misattributed broadcasts before storing.
Evidence
packages/agent/src/gossip-publish-handler.ts:115-199(current validation)packages/agent/src/gossip-publish-handler.ts:187-189(tentative-first)