Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf

CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation

Amulet Security Advisory for CometBFT: ASA-2023-002

Component: CometBFT
Criticality: Low
Affected versions: All
Affected users: Validators, Chain Builders + Maintainers

Summary

A default configuration in CometBFT has been found to be large for common use cases, and may affect block times and consensus participation when fully utilized by chain participants. It is advised that chains consider their specific needs for their use case when setting the BlockParams.MaxBytes consensus parameter. Chains are encouraged to evaluate the impact of having proposed blocks with the maximum allowed block size, especially on bandwidth usage and block latency. Additionally, the timeout_propose parameter should be computed using the maximum allowed block size as a reference. This issue does not represent an actively exploitable vulnerability that would result in a direct loss of funds, however it may have a slight impact on block latency depending on a network’s topography.

When setting a large BlockParams.MaxBytes, there are two main implications:

When combined, this may result in less round participation, and in some cases additional rounds may be required to meet the consensus threshold, which could lead to timeouts depending on the topography of a network and environmental factors. These factors can include the number of validators on a network, geographic distribution, network connectivity (including latency, bandwidth, and reachability), the functionality of the modules implementing the logic for a transaction in your chain, etc.  The cost to propagate a 21MB block, the default value for BlockParams.MaxBytes, will be far higher than the cost of propagating a smaller 1MB block. CometBFT recommends tuning this parameter to a smaller limit if full initial-round participation is an important quality for your chain.

Considerations

CometBFT is designed to be configurable by chains, and implements many different configuration variables and parameters to allow chain developers, validators, node operators, and chain participants to customize it best to their use case. A high-performing validator may find it necessary to experiment with tuning local configuration, optimizing network and compute resources, and implementing controls to inhibit spam.

Next Steps for Chains and Validators

To increase awareness of the potential impacts of this default parameter, the CometBFT team has updated the documentation (https://github.com/cometbft/cometbft/pull/1405, v0.34.x, v0.37.x, v0.38.x) for builders and maintainers of chain applications. Additionally, it is recommended that:

The CometBFT team has also revisited all the checks performed by the consensus protocol regarding proposed blocks. This investigation has confirmed that proposed blocks with size exceeding the BlockParams.MaxBytes limit established by the application are not accepted by nodes. The team notwithstanding has decided to introduce additional sanity checks for the size of proposed blocks (https://github.com/cometbft/cometbft/pull/1408), allowing for an early identification and rejection of invalid or oversized blocks. These code changes will be included in the next release of each branch of CometBFT.

As more chains adopt the Interchain Stack for new and cutting-edge use cases, the CometBFT team recommends that all chains regularly evaluate their parameters and configurations to ensure they meet the needs of their ecosystem as their networks mature. 

For more information about CometBFT, see https://docs.cometbft.com.

This issue was reported via the vulnerability disclosure channel at [email protected] on Friday, September 23, 2023. If you believe you have found a bug in the Interchain Stack or would like to contribute to the program by reporting a bug, please see https://hackerone.com/cosmos


Note from Amulet on the Security Advisory Process:

In the interest of timely resolution of this issue for validators and node operators, the Amulet team has chosen to use existing processes and resources for distributing security advisories within the Cosmos and Interchain Ecosystems. Stay tuned as we implement an improved, more robust security advisory distribution system that will provide equitable access to information about security issues in the Interchain Stack.

Permalink: https://github.com/advisories/GHSA-hq58-p9mv-338c
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 year ago
Updated: 8 months ago


Identifiers: GHSA-hq58-p9mv-338c
References: Repository: https://github.com/cometbft/cometbft
Blast Radius: 0.0

Affected Packages

go:github.com/cometbft/cometbft
Dependent packages: 1,504
Dependent repositories: 122
Downloads:
Affected Version Ranges: < 0.34.32, >= 0.37.0, < 0.37.5, >= 0.38.0, < 0.38.6
Fixed in: 0.34.32, 0.37.5, 0.38.6
All affected versions: 0.34.27, 0.34.28, 0.34.29, 0.34.30, 0.34.31, 0.37.0, 0.37.1, 0.37.2, 0.37.3, 0.37.4, 0.38.0, 0.38.1, 0.38.2, 0.38.3, 0.38.4, 0.38.5
All unaffected versions: 0.34.32, 0.34.33, 0.34.34, 0.34.35, 0.37.5, 0.37.6, 0.37.7, 0.37.8, 0.37.9, 0.37.10, 0.37.11, 0.37.12, 0.37.13, 0.38.6, 0.38.7, 0.38.8, 0.38.9, 0.38.10, 0.38.11, 0.38.12, 0.38.13, 0.38.14, 0.38.15