Conversation
Phase A signing includes sender_id in the signed content. request_full_sync was wrapping STATE responses with sender_id=peer_url, causing signature mismatch on verify: receiver rebuilt content with peer_url while responder had signed with its real node_id. _handle_get_state (updated in #2258) returns the responder's sender_id in its response dict; request_full_sync now uses that when wrapping the STATE message for local merge. Observed on 4-node flag-day deploy (2026-04-14 ~21:03 UTC): all 4 upgraded nodes logged "Rejected state merge from http://50.28.86.153:8099: invalid signature" before this fix. Does not affect epoch vote / propose paths — those already use msg.sender_id = self.node_id via create_message().
Contributor
✅ BCOS v2 Scan Results
What does this mean?The BCOS (Beacon Certified Open Source) engine scans for:
BCOS v2 Engine - Free & Open Source (MIT) - Elyan Labs |
This was referenced Apr 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hotfix for regression observed on 4-node flag-day deploy at 2026-04-14 21:03 UTC.
Symptom
All 4 upgraded P2P nodes logged:
Root cause
#2258 Phase A bound
sender_idinto HMAC signed content.request_full_syncwas still wrapping STATE responses withsender_id=peer_url(e.g.http://50.28.86.153:8099), but the responder's HMAC was computed over its canonicalnode_id(e.g.node2). Mismatch → verify_message fails.Fix
_handle_get_statealready returns responder'ssender_idin its response. This PR makesrequest_full_syncuse that field when wrapping the STATE message, falling back topeer_urlonly if missing.Scope
node/rustchain_p2p_gossip.py(request_full_synconly)msg.sender_id = self.node_idviacreate_message()Test plan
test_p2p_hardening_phase2.py) still passCloses the Phase 2 regression introduced by #2258.