Skip to content

fix: enforce consistency between CL header metadata and EL payload metadata#190

Open
matthias-wright wants to merge 2 commits into
mainfrom
m/cl-header-metadata
Open

fix: enforce consistency between CL header metadata and EL payload metadata#190
matthias-wright wants to merge 2 commits into
mainfrom
m/cl-header-metadata

Conversation

@matthias-wright
Copy link
Copy Markdown
Collaborator

@matthias-wright matthias-wright commented May 14, 2026

Note: this PR builds on #189 because it addresses a similar edge case, and the code changes are overlapping.

This fixes #185.

Changes:

  • Adds a check to handle_verify to enforce that Summit header's block number matches the payload's block number.
  • Adds a check to handle_verify to enforce that Summit header's timestamp matches the payload's timestamp.
  • Adds unit tests that ensure that blocks that violate these constraints are rejected.

This was referenced May 14, 2026
Open
Open
Open
@evonide
Copy link
Copy Markdown

evonide commented May 22, 2026

LGTM. This PR binds the EL payload block number and timestamp to the Summit header during verification so mismatched CL/EL metadata can no longer pass vote-time checks.

@evonide evonide mentioned this pull request May 22, 2026
Open
@matthias-wright
Copy link
Copy Markdown
Collaborator Author

matthias-wright commented May 22, 2026

Cool! I'm guessing this means that #189 is approved as well, since this one builds on #189?

@matthias-wright matthias-wright mentioned this pull request May 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] Critical (attackable): CL Header Metadata Is Not Bound to EL Payload Metadata

2 participants

@matthias-wright @evonide