Summary
verify_window_contents() in consensus/src/consensus_observer/network/observer_message.rs:350-351 is a stubbed-out security check that always returns Ok(()):
/// Verifies the execution pool window contents and returns an error if the data is invalid
pub fn verify_window_contents(&self, _expected_window_size: u64) -> Result<(), Error> {
Ok(()) // TODO: Implement this method!
}Impact
Invalid or malformed execution pool window data from other validators passes through unchecked. The method comment explicitly says it should verify data and return errors for invalid data, but does neither.
Location
consensus/src/consensus_observer/network/observer_message.rs:350-351PipelinedBlockV2::verify_window_contents()
Fix
Validate that window blocks count matches expected_window_size and that block data is well-formed.
Summary
verify_window_contents()inconsensus/src/consensus_observer/network/observer_message.rs:350-351is a stubbed-out security check that always returnsOk(()):Impact
Invalid or malformed execution pool window data from other validators passes through unchecked. The method comment explicitly says it should verify data and return errors for invalid data, but does neither.
Location
consensus/src/consensus_observer/network/observer_message.rs:350-351PipelinedBlockV2::verify_window_contents()Fix
Validate that window blocks count matches
expected_window_sizeand that block data is well-formed.