Differing response ranges for header and block queries

[niklaslong]

As part of our recent Ziggurat work at Equilibrium, we've retested Zcashd v4.7.0 and this was initially reported as a potential security vulnerability but was deemed safe for public disclosure.

Both the getheaders and the getblocks queries have the same formats but they handle their response ranges differently.

Empty payloads

When the node's response would be an empty list, then it responds as follows:

• getheaders: responds with headers([]) , an empty list.
• getblocks: ignores the request, sends no reply at all.

Ranged payload offsets

Sending a query with locator_hashes = [block[0]] and stop_hash = block[1]:

• getheaders: responds with headers([block[1]]) .
• getblocks: ignores the query (since the stop_hash is excluded it would result in an empty set, which then doesn't get sent).

Sending a query with locator_hashes = [block[0]] and stop_hash = block[3]:

• getheaders: responds with headers([block[1, 2, 3]]) .
• getblocks: responds with headers([block[1, 2]]).

Stop hash equal to locator hash (behaviour parity but may be erronous)

There is an edge case when the stop_hash is equal to the locator_hash . The behavior is the same for getheaders and getblocks, but may be incorrect. For example, if one sends a query with locator_hashes = [block[5]] and stop_hash = block[5] then the response is the same as if the stop_hash = [0], i.e. unlimited range, and the reply contains all blocks onward [block[6, 7, 8, ...]] .

[niklaslong]

Update: reconfirmed in v5.0.0.