fix: remove DecodeVanityData and return vanityData as raw hex#88
Conversation
- Add error and slice length checks after RLP decoding to prevent out-of-range panic - Validate type assertion results to prevent interface conversion panic
avinashkamat48
left a comment
avinashkamat48
left a comment
There was a problem hiding this comment.
The guard logic now handles malformed RLP and wrong element types, but the PR does not appear to add a regression test for the panic cases it fixes. A small table test for DecodeVanityData with too-short lists and non-[]byte values in positions 0-3 would lock in the new fallback behavior and prevent a future refactor from reintroducing the same type assertion panic.
DecodeVanityData implicitly assumed the RLP schema produced by the eth package, creating an unvalidated cross-package coupling with no compile-time signal on schema changes. Additionally, VanityData has no protocol-enforced format, making any decode assumption inherently fragile and a source of potential runtime panics. Remove DecodeVanityData and return vanityData as a raw hex string in GetWbftExtraInfo, consistent with other byte fields.
eomti-wm
changed the title
|
During the panic fix investigation, a structural issue was identified in The function implicitly depends on the RLP schema defined in Furthermore, Removing |
5 participants
Overview
Prevent potential runtime panics when decoding invalid block vanity data by enhancing error validation and type assertions.
Problem
When decoding a block's vanity data, accessing the resulting slice prior to verifying the decoding status causes an index out-of-range panic if the decoding fails. Additionally, performing type assertions on the decoded interfaces without validation causes interface conversion panics on malformed block data, leading to node instability.
Initial Approach — Superseded by Design Decision below
Design Decision: Remove DecodeVanityData
While investigating the panic fixes above, a deeper structural issue was identified that led to a change in approach — removing
DecodeVanityDataentirely rather than applying defensive guards.1. No protocol-enforced format
VanityDatais an unconstrained 32-byte buffer. The protocol imposes no format requirement; validators can write arbitrary bytes. Defensively guarding against decode failures treats a symptom rather than the root cause.2. Implicit cross-package coupling
DecodeVanityDatahardcodes the RLP schema[uint, string, string, string]produced byethpackagemakeExtraData(). Any change to the encoding side in theethpackage would silently break the decoding side in thewbftpackage with no compile-time signal.3. No consensus role
The consensus engine never reads or validates
VanityDatacontent during block verification. The field serves purely as a 32-byte buffer for node metadata, with no functional impact on consensus.Revised Changes
DecodeVanityDatavanityDataas a raw hex string inGetWbftExtraInfo, consistent with other byte fields (randaoReveal, seal signatures)