check signatures in CP sync backfill with LC

When using trusted node sync with light client (`--trusted-block-root`), the trust assumption on the server is reduced to solely be responsible for data availability, but not data correctness. This means that we must check block proposer signatures against the downloaded checkpoint, as they are not covered by the block root. Note that this lowers the backfill speed when using LC based CP sync due to the extra checks, by about 60% for me.
status-im · Apr 26, 2023 · 4b210c2 · 4b210c2
1 parent 1ccb36b
commit 4b210c2
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/beacon_chain/trusted_node_sync.nim b/beacon_chain/trusted_node_sync.nim
@@ -475,7 +475,17 @@ proc doTrustedNodeSync*(
           data = blck.get()
 
         withBlck(data[]):
-          if (let res = dag.addBackfillBlock(blck.asSigVerified()); res.isErr()):
+          let res =
+            case syncTarget.kind
+            of TrustedNodeSyncKind.TrustedBlockRoot:
+              # Trust-minimized sync: the server is only trusted for
+              # data availability, responses must be verified
+              dag.addBackfillBlock(blck)
+            of TrustedNodeSyncKind.StateId:
+              # The server is fully trusted to provide accurate data;
+              # it could have provided a malicious state
+              dag.addBackfillBlock(blck.asSigVerified())
+          if res.isErr():
             case res.error()
             of VerifierError.Invalid,
                 VerifierError.MissingParent,