Skip to content

feat(state): persist confirmed header root prefixes#484

Closed
p0mvn wants to merge 1 commit into
split/pr458-chain-root-helpersfrom
split/pr458-state-confirmed-roots
Closed

feat(state): persist confirmed header root prefixes#484
p0mvn wants to merge 1 commit into
split/pr458-chain-root-helpersfrom
split/pr458-state-confirmed-roots

Conversation

@p0mvn

@p0mvn p0mvn commented Jul 6, 2026

Copy link
Copy Markdown

Summary

  • Accept confirmed-prefix tree-aux roots for Zakura header range commits.
  • Add read support for reconstructing the confirmed header history-tree frontier from durable roots.

Test plan

  • cargo fmt --all -- --check
  • cargo test -p zebra-state best_header_history_tree

Stack

Depends on the chain helper PR.

AI disclosure

Used Cursor to split PR #458 into stacked branches and prepare this PR.

Accept only header-authenticated root prefixes for Zakura header ranges and add read support for rebuilding the confirmed header history-tree frontier from durable roots.
@v12-auditor

v12-auditor Bot commented Jul 6, 2026

Copy link
Copy Markdown

Note

Complete: Audit complete. V12 found one issue worth reviewing.

Open the full results here.

FindingSeverityDetails
F-96421 🟠 High
Valid Header Roots Rejected

The state commit API now documents and enforces a tree_aux_roots shape that is incompatible with the live Zakura header-sync protocol. Request::CommitHeaderRange says forward ranges should carry a confirmed prefix one shorter than headers, and prepare_header_range_batch_with_roots rejects every non-empty vector unless tree_aux_roots.len() + 1 == headers.len(). The network layer still defines Headers.tree_aux_roots as parallel to headers, encoding and validation require the root count to equal the header count, and the receiving reactor dispatches that full-length vector unchanged. The zebrad driver forwards the vector unchanged into zebra_state::Request::CommitHeaderRange, so any protocol-valid rooted response deterministically fails with TreeAuxRootCountMismatch. The driver then classifies that error as an invalid peer range, so the node treats a compliant peer response as misbehavior instead of committing the header range.

Analyzed five files, diff 23a8175...d3ddb6f.

@p0mvn p0mvn closed this Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant