Cedric

> I am the reporter of #2935. The root cause of the issue is that the validator didn't verify the certificate before entering recursion. I think we can resolve the...

The document is outdated. The local server actually not start, since there is only 1 node in your local devnet. Use `./devnet.sh` to start a devnet and try again. https://github.com/AleoHQ/snarkOS?tab=readme-ov-file#63-local-devnet

> I like the intuition. I would still favor using a lock here over the `Context` even though the `Ledger` is lockable currently. As you know, code changes, and I...

> @niklaslong can you comment on this, since I believe we discussed this previously. Shouldn't the continued random sampling of peers ensure that a validator does not get stuck on...

@niklaslong You are right, single malicious validator is sufficient. You can use that branch in the report, it's reproducible with a non-empty chain state. Steps: 1. ./devnet with 4 validators...


> @feezybabee this is a valid P1, especially for preparing the clear reproduction case. Though I'll note for context its not a very unique P1 because the topic has been...

@raychu86 Yes, I think the solution can mitigate this attack.

> Is this connected to an issue? And if not, can we quantify the impact? It's not connected to any issues, it's just redundant code, doesn't make any effects.

@vicsn In current test cases, we sample a couple of genesis blocks which's `cumulative_weight` is 0 to make tests on serialize and deserialize. I don't think any adjustments are necessary,...