You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As part of our recent Ziggurat work at Equilibrium, we've retested Zcashd v4.7.0 and this was initially reported as a potential security vulnerability but was deemed safe for public disclosure.
Both the getheaders and the getblocks queries have the same formats but they handle their response ranges differently.
Empty payloads
When the node's response would be an empty list, then it responds as follows:
getheaders: responds with headers([]) , an empty list.
getblocks: ignores the request, sends no reply at all.
Ranged payload offsets
Sending a query with locator_hashes = [block[0]] and stop_hash = block[1]:
getheaders: responds with headers([block[1]]) .
getblocks: ignores the query (since the stop_hash is excluded it would result in an empty set, which then doesn't get sent).
Sending a query with locator_hashes = [block[0]] and stop_hash = block[3]:
getheaders: responds with headers([block[1, 2, 3]]) .
getblocks: responds with headers([block[1, 2]]).
Stop hash equal to locator hash (behaviour parity but may be erronous)
There is an edge case when the stop_hash is equal to the locator_hash . The behavior is the same for getheaders and getblocks, but may be incorrect. For example, if one sends a query with locator_hashes = [block[5]] and stop_hash = block[5] then the response is the same as if the stop_hash = [0], i.e. unlimited range, and the reply contains all blocks onward [block[6, 7, 8, ...]] .
The text was updated successfully, but these errors were encountered:
As part of our recent Ziggurat work at Equilibrium, we've retested Zcashd v4.7.0 and this was initially reported as a potential security vulnerability but was deemed safe for public disclosure.
Both the
getheaders
and thegetblocks
queries have the same formats but they handle their response ranges differently.Empty payloads
When the node's response would be an empty list, then it responds as follows:
getheaders
: responds withheaders([])
, an empty list.getblocks
: ignores the request, sends no reply at all.Ranged payload offsets
Sending a query with
locator_hashes
=[block[0]]
andstop_hash = block[1]
:getheaders
: responds withheaders([block[1]])
.getblocks
: ignores the query (since thestop_hash
is excluded it would result in an empty set, which then doesn't get sent).Sending a query with
locator_hashes = [block[0]]
andstop_hash = block[3]
:getheaders
: responds withheaders([block[1, 2, 3]])
.getblocks
: responds withheaders([block[1, 2]])
.Stop hash equal to locator hash (behaviour parity but may be erronous)
There is an edge case when the
stop_hash
is equal to thelocator_hash
. The behavior is the same forgetheaders
andgetblocks
, but may be incorrect. For example, if one sends a query withlocator_hashes = [block[5]]
andstop_hash = block[5]
then the response is the same as if thestop_hash = [0]
, i.e. unlimited range, and the reply contains all blocks onward[block[6, 7, 8, ...]]
.The text was updated successfully, but these errors were encountered: