p2p: enhanced message-validation for duplicate nodes #2632
Description
Supersedes #2616, upon further investigation, the issue we observe probably happens something like this:
- say we have node1, node2, node3, node4
- and then we duplicate node1 (node1A, node1B - each of these will reveal itself under different/unique peerID)
- node2 receives & accepts a message with the same msgID in 2 different forms - from node1A and from node1B (because these have different peerIDs), and it broadcasts it to node3 twice
- node3 sees 2 messages coming from the same peerID(node2) having the same msgID and it rejects the 2nd message penalizing the innocent node2
and if we can't resolve it via peerID-authentication - then I think the best we can do (and it will also work correctly in case of duplicate nodes) in terms of rules for p2p messages is something like this:
- if we receive a message with new ID we accept it and broadcast it once (+ record the peer we received it from)
- if we receive a message with the same ID from the same peer - reject it
- if we receive a message with the same ID from different peer - ignore it (this is where current rule set differs in that it accepts & propagates the message)
For the above rules to work, message ID needs to be unique (seems like the msgID we currently use is not unique on its own ... it's = Operator+DutyType), so we need to rearrange our code to calculate the "full message ID" as:
- (for consensus message) messageID=msgID+slot+round
- (for partial-sig message) messageID=msgID+slot
Note, malicious actor would still be able to spam messages using new peerIDs if he can generate/connect those fast enough (just as he can today) ... but that's probably fine.