説明
Issue
Vote messages must be less that or equal 1024 bytes, defined by the type in the vote method signature. When parsing the signature of the vote from the vote message, we currently only enforce that the signature too is less than or equal to 1024 bytes.
Due to the variable amount of bytes required to encode the other elements in the list, there is a range on the maximum length of a signature depending on the epoch or even the validator_index. To enforce more strict requirements, we propose restricting sig to length less than or equal to 934 bytes. This number assumes the other elements of the vote message take their maximal length to encode.
1024 bytes available 3 to encode the whole list 17 worst case to encode an int128 33 to encode the bytes32 hash 3 to encode the signature bytes
1024 - 3 - 17*3 - 33 - 3 == 934 bytes max for signature
Sanity checked with the following python code
import rlp
validator_index = target_epoch = source_epoch = 2**128 - 1
sig = b'\xff' * 934
target_hash = b'\xff' * 32
len(rlp.encode([validator_index, target_hash, target_epoch, source_epoch, sig])) == 1024
Note, the logout message has fewer elements so the signature could theoretically be larger than 934 for this action, but to reduce complexity, 934 should be used for logout messages as well.
Proposed Implementation
- Define MAX_SIGNATURE_LENGTH as 934
- Enforce sig as
<= MAX_SIGNATURE_LENGTHinvote,slash, andlogout - tests.