Security: Block Size Resource Protection by MichaelSovereign · Pull Request #2956 · Scottcjn/Rustchain

MichaelSovereign · 2026-05-02T06:09:54Z

Summary

This PR hardens the block production process by enforcing a maximum size limit on the block body.

Changes

Size Enforcement: Implemented a 2MB limit on the serialized JSON body of newly produced blocks. This prevents the creation of oversized blocks that could lead to memory exhaustion, slow synchronization, or disk space exhaustion across the network nodes.
Fail-Fast Logic: If a block exceeds the size limit (due to too many transactions or attestations), production is aborted with a clear error log, allowing the node operator to investigate the cause.

Closes #6460

…ottcjn#2288)

…ministic JSON

…warding

… API

…n for auto-settler

…and contract updates

…nfiguration

…llisions

…shes on empty data

…ations in payouts

…in claims eligibility

… report tampering

…nts to prevent negative value injection

…ions

…C address and flag storage

…on endpoints to prevent data leakage

…vent race condition bypass

…in Sophia Inspector

…n for Ergo anchoring

…que WART addresses per epoch

…in airdrop to prevent double-claiming

…oved synchronization diagnostics

…s to prevent unauthorized channel access

…c to match database schema

…y in UTXO endpoints

…lth check

…ive delays

…rop claims and bridge locks

…prevent over-escrow race conditions

…s to prevent status regression

…ved performance and consistency

…ent integer overflow and misuse

…et immune system

…ing for improved stability

…o-creation during server startup

…uffer to prevent CPU exhaustion

…for GPU escrow refunds

…vernor inbox

…fidence scoring and recency analysis

…epository directory

… to prevent resource exhaustion

Scottcjn · 2026-05-03T23:50:39Z

Closing as part of Tier 0 hard-ban cleanup — see #3074 / #3104 / #3169 for the documented incident chain. All MichaelSovereign PRs are closed unread per the Tier 0 contract. No review path; no future PRs from this account will be processed. (See feedback_michaelsovereign_tier0_2026-05-02.md.)

MichaelSovereign added 30 commits April 12, 2026 16:30

feat: implement RIP-309 Phase 1 Fingerprint Check Rotation

9005379

fix: address Codex review for RIP-309 Phase 1

1c1e41c

fix: complete RIP-309 integration with reward gating and signature fix

d4ad46b

fix: integrate canonical RIP-309 rotation module for reward weighting

4d2b086

fix: bind _handle_get_state signature to msg_id and ttl (arity fix Sc…

d5c825d

…ottcjn#2288)

Security: Hardened P2P sync with replay protection, nonces, and deter…

2080a24

…ministic JSON

Security: Prevent mining reward type confusion in mempool and UTXO apply

464a08e

Security: Hardened Server Proxy with path whitelisting and header for…

ba859a7

…warding

Security: Atomic balance checks and secure hash generation for Bridge…

a84314c

… API

Security: Fix voting precision by migrating from REAL to INTEGER weights

ed6d1e9

Enhancement: Added environment variable support and API authenticatio…

2437488

…n for auto-settler

Security: Implemented cryptographic authentication for bounty claims …

574c26b

…and contract updates

Enhancement: Added address validation and security checks for x402 co…

2aef619

…nfiguration

Security: Fixed potential SQL injection in passport listing

cc7b765

Security: Protected Hall of Rust from SQL injection and data vandalism

9e59f39

Security: Hardened LLM JSON extraction in Sophia Governor

1239068

Security: Switched to full SHA-256 for machine identity to prevent co…

92a73c9

…llisions

Security: Added robustness to cache feature extraction to prevent cra…

4851646

…shes on empty data

Security: Switched from float to Decimal for precise financial calcul…

29c6686

…ations in payouts

Security: Switched from print to logging and improved error handling …

ee06e4e

…in claims eligibility

Security: Enforced commitment matching in BCOS attestation to prevent…

dfbfa93

… report tampering

Security: Added database-level CHECK constraints for transaction amou…

1b134b4

…nts to prevent negative value injection

Security: Hardened claim ID generation to prevent potential ID collis…

179a811

…ions

Security: Prevented field-level DoS in hardware binding by capping MA…

11e7c32

…C address and flag storage

Security: Implemented HMAC authentication for P2P state and attestati…

a0cee05

…on endpoints to prevent data leakage

Security: Implemented atomic transactions for IP rate limiting to pre…

88cac3f

…vent race condition bypass

Security: Implemented input sanitization to prevent prompt injection …

a6ec6e6

…in Sophia Inspector

Enhancement: Added environment variable support and timeout protectio…

2d532ae

…n for Ergo anchoring

Security: Prevented Sybil attacks in Warthog rewards by enforcing uni…

140f85d

…que WART addresses per epoch

Security: Enforced global uniqueness for GitHub accounts and wallets …

631c761

…in airdrop to prevent double-claiming

MichaelSovereign added 21 commits May 2, 2026 07:00

Enhancement: Added server time collection to consensus probe for impr…

f907498

…oved synchronization diagnostics

Security: Implemented room name validation for WebSocket subscription…

14dc456

…s to prevent unauthorized channel access

Bugfix: Corrected column name in attestation conflict resolution logi…

9df2b30

…c to match database schema

Enhancement: Added RTC unit conversion for mempool transaction displa…

86598fd

…y in UTXO endpoints

Enhancement: Added WebSocket status and timestamp to Elya Service hea…

ca8e979

…lth check

Enhancement: Optimized payout batch processing performance with adapt…

334f005

…ive delays

Security: Switched to cryptographically secure ID generation for aird…

7573c3b

…rop claims and bridge locks

Security: Implemented atomic transactions for GPU escrow creation to …

249701a

…prevent over-escrow race conditions

Enhancement: Improved error logging in sync manager with payload context

71b6c50

Security: Enforced strict state transitions for governor inbox entrie…

c626b19

…s to prevent status regression

Enhancement: Implemented atomic bulk transaction submission for impro…

52e2d33

…ved performance and consistency

Security: Implemented range validation for transaction nonces to prev…

220c2b0

…ent integer overflow and misuse

Security: Enforced strict ineligibility for miners flagged by the fle…

53cd03b

…et immune system

Enhancement: Implemented weighted similarity scoring in hardware bind…

33c7044

…ing for improved stability

Enhancement: Added robust database existence checks and directory aut…

9a827da

…o-creation during server startup

Security: Improved P2P message deduplication performance using FIFO b…

fab2bba

…uffer to prevent CPU exhaustion

Security: Implemented atomic transactions and stricter authorization …

3c6e5bc

…for GPU escrow refunds

Enhancement: Added strict format validation for assigned agents in go…

aaba3d9

…vernor inbox

Security: Improved entropy collision detection and reporting with con…

790045e

…fidence scoring and recency analysis

Enhancement: Added search and score-based sorting to BCOS certified r…

663e061

…epository directory

Security: Implemented hard limit on block body size during production…

0a62c76

… to prevent resource exhaustion

MichaelSovereign requested a review from Scottcjn as a code owner May 2, 2026 06:09

Scottcjn closed this May 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security: Block Size Resource Protection#2956

Security: Block Size Resource Protection#2956
MichaelSovereign wants to merge 95 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/block-size-limit

MichaelSovereign commented May 2, 2026

Uh oh!

Scottcjn commented May 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

MichaelSovereign commented May 2, 2026

Summary

Changes

Uh oh!

Scottcjn commented May 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants