logo
pub const MAX_INBOUND_CONCURRENCY: usize = 20;
Expand description

The maximum number of concurrent inbound download and verify tasks. Also used as the maximum lookahead limit, before block verification.

We expect the syncer to download and verify checkpoints, so this bound can be small.

Security

We use a small concurrency limit, to prevent memory denial-of-service attacks.

The maximum block size is 2 million bytes. A deserialized malicious block with ~225_000 transparent outputs can take up 9MB of RAM. So the maximum inbound queue usage is MAX_INBOUND_CONCURRENCY * 9 MB. (See #1880 for more details.)

Malicious blocks will eventually timeout or fail contextual validation. Once validation fails, the block is dropped, and its memory is deallocated.

Since Zebra keeps an inv index, inbound downloads for malicious blocks will be directed to the malicious node that originally gossiped the hash. Therefore, this attack can be carried out by a single malicious node.