You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like the synchronization code picks the peer which gives the highest block height, and then tries to synchronize only from them.
This looks very vulnerable to a misbehaving peer which has a higher block height but will not synchronize to that height. Instead the block tree should be built from all connected peers, and a peer not judged as certainly providing the highest height until it has actually provided valid blocks at that height.
There have been changes in v0.26.9 which might address this as misbehaving peers are blacklisted for a while. "misbehaving" includes not sending blocks, or sending out-of-order blocks, or blocks on a radically different fork - which essentially lets a node settle on the right fork/chain by way of network consensus.
It looks like the synchronization code picks the peer which gives the highest block height, and then tries to synchronize only from them.
This looks very vulnerable to a misbehaving peer which has a higher block height but will not synchronize to that height. Instead the block tree should be built from all connected peers, and a peer not judged as certainly providing the highest height until it has actually provided valid blocks at that height.
See https://github.com/Qoracoin/Qora/blob/master/Qora/src/controller/Controller.java#L693
The text was updated successfully, but these errors were encountered: