Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hcs-sxc-core: message sequences and hashes #331

Open
gregscullard opened this issue Jan 20, 2020 · 0 comments
Open

hcs-sxc-core: message sequences and hashes #331

gregscullard opened this issue Jan 20, 2020 · 0 comments
Labels
enhancement New feature or request P2

Comments

@gregscullard
Copy link
Contributor

Detailed Description
HCS-SXC-Core doesn't currently validate incoming HCS notifications for appropriate sequencing and hashing. This could lead to messages being processed out of sequence or malicious messages being injected.

Actual Behavior
If a message arrives out of sequence from mirror node (or a notification is missed leading to a gap in the sequences), hcs-sxc doesn't detect it and sends notifications to applications regardless.
If a message were to be malicious (incorrect hash sequence), hcs-sxc would also pass it onto the application.

Expected Behavior
Out of sequence or malicious messages to be handled as appropriate, proposal below for discussion.

hcs-sxc-core subscribes to notifications from mirror node

On receipt of notification, it persists the message and checks sequence numbers

If out of sequence, waits for a further x messages (or a period of time) before unsubscribing and re-subscribing from the time of the last messages that was in the correct sequence (hope is that the missing message does eventually come through)

If not out of sequence, check the hash

If the hash doesn’t match, the notification is marked as “malicious” in the database and hcs-sxc-core waits for the next message (a non malicious message should eventually arrive).
Malicious messages are never notified to the application (or if notified, they are notified in a way that ensures the app doesn’t process them).

If the hash and sequence do match, notify the application, the application processes the message if it’s not already processing a prior message. Applications should be single threaded (maybe only on a per-topic basis ?) for message processing to ensure two consecutive messages aren’t processed in parallel, leading to data corruption in state (only really likely in the event of fast throughput on topic, but if the throughput is low, serial processing won’t be an issue from a performance point of view, except when catching up).

When the application is done processing the message, it notifies hcs-sxc-core that it is ready for the next message. hcs-sxc-core looks for later messages that may have arrived since the last one (or in the event messages were out of sequence, it likely has some messages left to notify the app)
sequence-hash-flow
@gregscullard gregscullard added bug Something isn't working P2 labels Jan 20, 2020
@gregscullard gregscullard added enhancement New feature or request and removed bug Something isn't working labels Mar 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gregscullard