[Proposal] The bft module's gateway should check block request and block response from peers to avoid spam

[elderhammer]

💥 Proposal

Issue https://github.com/AleoNet/snarkOS/issues/3315 points out that malicious validator can DDoS other validator by sending block response spam. To solve this problem, in addition to putting the deserialization logic into a separate rayon thread https://github.com/AleoNet/snarkOS/pull/3316, we should also:

1. Check the request frequency of block request
2. Check whether the block response has a corresponding block request

In fact, node/router has already implemented the above two checks: https://github.com/AleoNet/snarkOS/blob/5d4de0286964a72ecd2b0c4ace30a938ef269086/node/router/src/inbound.rs#L87-L92 https://github.com/AleoNet/snarkOS/blob/5d4de0286964a72ecd2b0c4ace30a938ef269086/node/router/src/inbound.rs#L111-L114

[raychu86]

Thanks for bringing this up @elderhammer, I believe that this is something we should address, and should in theory be fairly straightforward to do so. The changes should resolve https://github.com/AleoNet/snarkOS/issues/3315.

@vicsn It may be easier for you to tackle the rayon thread for deserialization in the block deserialization since you already did it for the Router - https://github.com/AleoNet/snarkOS/pull/3304.

I can tackle the cache checks here, which hopefully should also be pretty simple.

[elderhammer]

@vicsn It may be easier for you to tackle the rayon thread for deserialization in the block deserialization since you already did it for the Router - #3304.

There is already a pull request to tackle this part of the issue: https://github.com/AleoNet/snarkOS/pull/3316

[raychu86]

@ljedrz @niklaslong May be better if you guys tackle the cache updates. We may also want to consider if we can unify the caches down the line.