Improve scenario of timestamp check in Rio hardfork

[lucca30]

Description

Problem

The Rio HF relaxed verifyHeader()'s timestamp check to support flexible block times, but left header.Time completely unbounded. A block with header.Time = year 2126 passes all validation. Once accepted, Prepare() computes a ~100-year delay and blocks forever.

Fix

Add a 30-second upper bound on how far ahead of local clock a block timestamp may be:

const maxAllowedFutureBlockTimeSeconds = uint64(30)

if header.Time > now+maxAllowedFutureBlockTimeSeconds {
    return consensus.ErrFutureBlock
}

Tests

Three cases added to TestVerifyHeader:

• far-future timestamp in Rio mode is rejected (chain-halt attack) — year 2126 timestamp must return ErrFutureBlock
• timestamp beyond allowed future bound in Rio mode is rejected — boundary check at now + 35s
• normal timestamp in Rio mode is accepted — regression, valid blocks still pass

Changes

• Bugfix (non-breaking change that solves an issue)
• Hotfix (change that solves an urgent issue, and requires immediate attention)
• New feature (non-breaking change that adds functionality)
• Breaking change (change that is not backwards-compatible and/or changes current functionality)
• Changes only for a subset of nodes

Breaking changes

No breaking changes

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 50.58%. Comparing base (fdbc857) to head (35df9d3).

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #2091      +/-   ##
===========================================
- Coverage    50.59%   50.58%   -0.01%     
===========================================
  Files          875      875              
  Lines       151820   151824       +4     
===========================================
- Hits         76815    76805      -10     
- Misses       69929    69941      +12     
- Partials      5076     5078       +2     

Files with missing lines	Coverage Δ
consensus/bor/bor.go	83.47% <100.00%> (+0.28%)	⬆️

... and 22 files with indirect coverage changes

Files with missing lines	Coverage Δ
consensus/bor/bor.go	83.47% <100.00%> (+0.28%)	⬆️

... and 22 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud