merge: v0.38.17

[beer-1]

---

PR checklist

• Tests written/updated
• Changelog entry added in .changelog (we use unclog to manage our changelog)
• Updated relevant documentation (docs/ or spec/) and code comments

Summary by CodeRabbit

• Bug Fixes

  • Resolved node stability issues caused by premature network actions and fixed inconsistencies in block part validation.
  • Addressed key security vulnerabilities (ASA-2025) for enhanced network safety.

• New Features

  • Introduced improved peer management that bans nodes reporting outdated block heights to ensure smoother block synchronization.

• Chores

  • Upgraded the runtime environment and refreshed core dependencies for better performance and reliability.

[coderabbitai]

Walkthrough

This update comprises numerous changes across dependency management, bug fixes, feature enhancements, documentation, and test improvements. Notably, it pins specific versions for tools like Mockery and Go, refines workflow configurations (including Slack notifications and Docker actions), and updates mock function comments to uniformly indicate “no fields.” Enhancements to block synchronization include additional peer validation and banning, while documentation and error handling have been updated. Overall, the changes span both the core functionality and auxiliary tooling, ensuring improved clarity, stability, and maintainability.

Changes

File(s)	Change Summary
.changelog/v0.38.12/dependencies/4605-fix-mockery-version.md .changelog/v0.38.17/dependencies/4891-update-go.md go.mod scripts/mockery_generate.sh	Pinned dependency versions: fixed Mockery to v2.49.2, updated minimum Go version to 1.22.11, and bumped several dependency versions.
.changelog/v0.38.16/bug-fixes/4521-fixes-breaking-mock.md .changelog/v0.38.16/summary.md .changelog/v0.38.17/bug-fixes/2025-001-malicious-peer-can-make-node-stuck-in-blocksync.md .changelog/v0.38.17/bug-fixes/2025-002-block-part-validation.md .changelog/v0.38.17/summary.md version/version.go types/part_set.go	Addressed bugs in mock configuration, node status, block synchronization (peer banning and part validation), and updated version constants; introduced new error type ErrInvalidPart.
.github/workflows/cometbft-docker.yml .github/workflows/fuzz-nightly.yml .github/workflows/pre-release.yml .github/workflows/proto-lint.yml .github/workflows/release.yml .github/workflows/testapp-docker.yml	Upgraded GitHub Actions for Docker build, Slack notifications, and Protobuf linting with updated action versions and revised configuration parameters.
.github/CODEOWNERS test/e2e/docker/Dockerfile test/e2e/run-multiple.sh	Revised global ownership definitions and enhanced E2E test logging; updated base image version in the Dockerfile.
docs/guides/go-built-in.md docs/guides/go.md spec/abci/abci++_methods.md	Updated documentation to reflect new Go version, integration with BadgerDB, new fields in vote structures, and revised application instructions.
.mockery.yml abci/client/mocks/client.go blocksync/pool.go blocksync/pool_test.go Other mocks in state/, mempool/, p2p/, proxy/, light/rpc/ types/part_set_test.go	Updated mock comments for consistency (indicating “no fields”), improved test flow with ticker-based timing, and added new test cases for malicious peer behavior and part validation.
p2p/pex/pex_reactor.go p2p/pex/pex_reactor_test.go	Modified the peer ensuring mechanism by updating method signatures (adding a boolean parameter) and simplified timeout management in tests.

Sequence Diagram(s)

sequenceDiagram
    participant Peer
    participant BlockPool
    participant Logger

    Note over BlockPool: Receiving peer block range update
    Peer->>BlockPool: Send (base, height)
    BlockPool->>BlockPool: Compare with previous record
    alt Lower than expected
        BlockPool->>Logger: Log warning/info
        BlockPool->>BlockPool: Ban and remove peer
    else Acceptable
        BlockPool->>Peer: Update peer range
    end

Loading

sequenceDiagram
    participant Reactor
    participant PeerManager

    Note over Reactor,PeerManager: Periodic peer ensuring routine
    Reactor->>PeerManager: Call ensurePeers(ensurePeersPeriodElapsed: true/false)
    PeerManager->>Reactor: Process current peer connections

Loading

Poem

I'm a rabbit on the run,
Hopping through commits one by one,
With bugs fixed and tests so neat,
My code garden now smells sweet.
From peer bans to docs that gleam,
I nibble changes like a dream! 🐇

Tip

🌐 Web search-backed reviews and chat

• We have enabled web search-based reviews and chat for all users. This feature allows CodeRabbit to access the latest documentation and information on the web.
• You can disable this feature by setting web_search: false in the knowledge_base settings.
• Please share any feedback in the Discord discussion.

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (14)

.changelog/v0.38.16/summary.md (2)

1-1: Date Formatting Suggestion
The date currently reads "December 20 2024". For improved clarity and to follow common writing conventions, consider adding a comma between the day and the year (e.g. "December 20, 2024").

🧰 Tools

🪛 LanguageTool

[uncategorized] ~1-~1: Commas set off the year in a month-day-year date.
Context: December 20 2024 This release: - fixes a bug that...

(MISSING_COMMA_BETWEEN_DAY_AND_YEAR)

---

4-4: Grammar Correction Needed on Bug Description
The sentence “fixes a bug that caused a node produce errors caused by the sending of next PEX requests too soon.” appears to be missing a preposition. Consider changing it to:
“fixes a bug that caused a node to produce errors due to sending the next PEX requests too soon.”
A slight rephrasing could also improve clarity.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~4-~4: Possible missing preposition found.
Context: ...lease: - fixes a bug that caused a node produce errors caused by the sending of next PE...

(AI_HYDRA_LEO_MISSING_TO)

---

[style] ~4-~4: To make your writing clearer, consider a shorter, more direct phrase.
Context: ... sending of next PEX requests too soon. As a consequence of this incorrect behavior a node would be...

(AS_A_CONSEQUENCE_OF)

spec/abci/abci++_methods.md (1)

820-832: ExtendedVoteInfo Documentation – Duplicate Word Correction
The updated ExtendedVoteInfo block properly introduces both the extension_signature and block_id_flag fields. However, there is a minor typo in the description for extension_signature where “verified” appears twice. Consider revising the line to:

-    * `extension_signature` is the signature of the vote extension, which was verified verified by CometBFT. This way, we expose the signature to the application for further processing or verification.
+    * `extension_signature` is the signature of the vote extension, which was verified by CometBFT. This exposes the signature to the application for further processing or verification.

This will improve the clarity and professionalism of the documentation.

p2p/pex/pex_reactor_test.go (1)

277-285: Consider using a constant instead of a magic number.

The loop uses a hardcoded value of 3. Consider extracting this to a named constant to improve maintainability and make the test's intent clearer.

+const defaultTestPeerCount = 3
+
-for id = 0; id < 3; id++ {
+for id = 0; id < defaultTestPeerCount; id++ {

blocksync/pool_test.go (4)

323-335: Time-based block creation simulation.

Using a ticker to increment peer heights can introduce flakiness if the test environment is slow or heavily loaded. In most cases, this is acceptable for integration-style testing, but consider alternatives if timing-based failures appear in CI.

---

341-359: Periodic block verification logic.

Verifying blocks every 500 milliseconds is convenient for testing but can also lead to nondeterministic results if system delays occur. Be mindful of potential race conditions, though the current approach appears controlled with pool.Quit().

---

361-390: Loop logic for malicious peer handling.

This loop robustly checks whether the pool has caught up, ensures the malicious peer has been banned, and bounds the test duration to MaliciousTestMaximumLength. While effective, you could consider additional logging to diagnose intermittent failures, as timing-based tests can occasionally exhibit flakiness.

---

392-510: New test function with extreme height: TestBlockPoolMaliciousNodeMaxInt64.

This test covers a critical malicious scenario. Note that using math.MaxInt64 may elevate the test runtime, especially since the loop runs until the pool catches up or the maximum time elapses (5 minutes). If you notice slowdowns or CI timeouts, consider a smaller upper bound or a strategy that bypasses extremely large heights in a more controlled manner.

types/part_set.go (1)

53-58: Enhanced error handling with better context.

The validation logic now returns more descriptive errors using ErrInvalidPart, making it easier to debug issues. The check for index matching between part.Index and part.Proof.Index is a critical security enhancement.

Consider adding unit tests to verify this new validation check with various edge cases.

blocksync/pool.go (1)

469-470: Enhanced logging for peer banning.

Added debug logging when banning a peer, which will help with troubleshooting.

Consider adding more context to the log message, such as the reason for banning:

-pool.Logger.Debug("Banning peer", peerID)
+pool.Logger.Debug("Banning peer", "peer", peerID, "reason", "reported lower height/base")

docs/guides/go.md (1)

245-255: Persistent Data Store Integration:
The updated KVStoreApplication struct now includes a db *badger.DB and onGoingBlock *badger.Txn, and the constructor NewKVStoreApplication(db *badger.DB) is modified accordingly. This clearly documents the new dependency on Badger and accommodates persistent storage.

It might be helpful to include a brief comment in the code noting that the onGoingBlock field tracks the active transaction.

docs/guides/go-built-in.md (1)

244-254: Updated Built-in Application Structure:
The KVStoreApplication struct now includes persistent storage members (db and onGoingBlock), and the constructor is updated to NewKVStoreApplication(db *badger.DB). This aligns with the persistent store integration strategy and helps users understand how to wire up their application state.

A small inline comment explaining the purpose of each new field might further improve clarity.

CHANGELOG.md (1)

3-21: Markdown Formatting Consistency
As a nitpick, please ensure that list items (e.g. under BUG FIXES and DEPENDENCIES) are surrounded by blank lines as suggested by markdown linting guidelines (MD032). This will improve readability in the rendered changelog.

.changelog/v0.38.12/dependencies/4605-fix-mockery-version.md (1)

1-3: File-Level Markdown Improvements
As a suggestion, consider adding a top-level heading to this file (per MD041) and ensure that the file ends with a single trailing newline (per MD047) for consistency with markdown best practices.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

1-1: First line in a file should be a top-level heading
null

(MD041, first-line-heading, first-line-h1)

---

3-3: Files should end with a single newline character
null

(MD047, single-trailing-newline)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3dab096 and 64d6e71.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (42)

• .changelog/v0.38.12/dependencies/4605-fix-mockery-version.md (1 hunks)
• .changelog/v0.38.16/bug-fixes/4521-fixes-breaking-mock.md (1 hunks)
• .changelog/v0.38.16/summary.md (1 hunks)
• .changelog/v0.38.17/bug-fixes/2025-001-malicious-peer-can-make-node-stuck-in-blocksync.md (1 hunks)
• .changelog/v0.38.17/bug-fixes/2025-002-block-part-validation.md (1 hunks)
• .changelog/v0.38.17/dependencies/4891-update-go.md (1 hunks)
• .changelog/v0.38.17/summary.md (1 hunks)
• .github/CODEOWNERS (1 hunks)
• .github/workflows/cometbft-docker.yml (2 hunks)
• .github/workflows/fuzz-nightly.yml (1 hunks)
• .github/workflows/pre-release.yml (1 hunks)
• .github/workflows/proto-lint.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/testapp-docker.yml (2 hunks)
• .mockery.yml (1 hunks)
• CHANGELOG.md (2 hunks)
• abci/client/mocks/client.go (10 hunks)
• blocksync/pool.go (3 hunks)
• blocksync/pool_test.go (3 hunks)
• docs/guides/go-built-in.md (1 hunks)
• docs/guides/go.md (1 hunks)
• evidence/mocks/block_store.go (1 hunks)
• go.mod (7 hunks)
• light/rpc/mocks/light_client.go (1 hunks)
• mempool/mocks/mempool.go (6 hunks)
• p2p/mocks/peer.go (19 hunks)
• p2p/pex/pex_reactor.go (3 hunks)
• p2p/pex/pex_reactor_test.go (4 hunks)
• proxy/mocks/app_conn_consensus.go (1 hunks)
• proxy/mocks/app_conn_mempool.go (1 hunks)
• proxy/mocks/app_conn_query.go (1 hunks)
• proxy/mocks/app_conn_snapshot.go (1 hunks)
• proxy/mocks/client_creator.go (1 hunks)
• scripts/mockery_generate.sh (1 hunks)
• spec/abci/abci++_methods.md (3 hunks)
• state/mocks/block_store.go (7 hunks)
• state/mocks/store.go (4 hunks)
• test/e2e/docker/Dockerfile (1 hunks)
• test/e2e/run-multiple.sh (1 hunks)
• types/part_set.go (3 hunks)
• types/part_set_test.go (3 hunks)
• version/version.go (1 hunks)

✅ Files skipped from review due to trivial changes (20)

• .changelog/v0.38.17/summary.md
• .changelog/v0.38.17/dependencies/4891-update-go.md
• .changelog/v0.38.16/bug-fixes/4521-fixes-breaking-mock.md
• scripts/mockery_generate.sh
• proxy/mocks/app_conn_snapshot.go
• .github/workflows/testapp-docker.yml
• proxy/mocks/app_conn_consensus.go
• proxy/mocks/app_conn_query.go
• evidence/mocks/block_store.go
• light/rpc/mocks/light_client.go
• test/e2e/docker/Dockerfile
• version/version.go
• proxy/mocks/client_creator.go
• proxy/mocks/app_conn_mempool.go
• .mockery.yml
• state/mocks/block_store.go
• state/mocks/store.go
• mempool/mocks/mempool.go
• abci/client/mocks/client.go
• p2p/mocks/peer.go

🧰 Additional context used

🪛 LanguageTool

.changelog/v0.38.16/summary.md

[uncategorized] ~1-~1: Commas set off the year in a month-day-year date.
Context: December 20 2024 This release: - fixes a bug that...

(MISSING_COMMA_BETWEEN_DAY_AND_YEAR)

---

[uncategorized] ~4-~4: Possible missing preposition found.
Context: ...lease: - fixes a bug that caused a node produce errors caused by the sending of next PE...

(AI_HYDRA_LEO_MISSING_TO)

---

[style] ~4-~4: To make your writing clearer, consider a shorter, more direct phrase.
Context: ... sending of next PEX requests too soon. As a consequence of this incorrect behavior a node would be...

(AS_A_CONSEQUENCE_OF)

CHANGELOG.md

[uncategorized] ~24-~24: Commas set off the year in a month-day-year date.
Context: ...bft/cometbft/pull/4891)) ## v0.38.16 December 20 2024 This release: - fixes a bug that...

(MISSING_COMMA_BETWEEN_DAY_AND_YEAR)

---

[style] ~27-~27: To make your writing clearer, consider a shorter, more direct phrase.
Context: ... sending of next PEX requests too soon. As a consequence of this incorrect behavior a node would be...

(AS_A_CONSEQUENCE_OF)

🪛 markdownlint-cli2 (0.17.2)

CHANGELOG.md

27-27: Lists should be surrounded by blank lines
null

(MD032, blanks-around-lists)

.changelog/v0.38.12/dependencies/4605-fix-mockery-version.md

1-1: First line in a file should be a top-level heading
null

(MD041, first-line-heading, first-line-h1)

---

3-3: Files should end with a single newline character
null

(MD047, single-trailing-newline)

🔇 Additional comments (53)

.github/workflows/cometbft-docker.yml (2)

44-44: Updated Docker Buildx Action Version

The version for docker/setup-buildx-action has been updated to v3.8.0. Please verify that all subsequent steps (and any potential caching or build configuration settings) remain compatible with this new version.

---

54-54: Updated Docker Build-Push Action Version

The version for docker/build-push-action has been updated to v6.13.0. Make sure to confirm that the new version does not introduce any changes affecting build flags or behaviors, ensuring consistency with the existing Dockerfile and build context.

.github/workflows/release.yml (1)

59-73: Slack Notification Action Update: Verify Compatibility and Clean-up
The Slack notification step now uses slackapi/[email protected] and switches from environment variables to explicit input parameters (webhook and webhook-type) along with a YAML-formatted payload. Please double-check the latest documentation for this GitHub Action to ensure that both the new input parameters and the payload structure are correctly configured. Additionally, since environment variables SLACK_WEBHOOK_URL and SLACK_WEBHOOK_TYPE are still passed in the env block (lines 62–63), confirm if these are still required to avoid redundancy.

.github/workflows/pre-release.yml (1)

59-71: Pre-release Slack Notification Update: Confirm Input Parameters and Payload
The pre-release workflow now uses the updated Slack action version (v2.0.0) with the new inputs webhook and webhook-type (lines 64–65) along with the YAML-like payload. This change improves readability but requires verifying that the new configuration meets your team's requirements for Slack notifications. Also, ensure that the custom environment variable RELEASE_URL (line 62) is correctly used in the payload.

.github/workflows/fuzz-nightly.yml (1)

80-93: Fuzz-nightly Failure Notification: Validate Updated Slack Action Usage
The failure notification step for the nightly fuzz tests now uses slackapi/[email protected] with updated input parameters (webhook and webhook-type) and a YAML-based payload. The configuration also leverages environment variables (BRANCH, CRASHERS, and RUN_URL) for message composition. Please verify that the integration works as expected with the new action version and that the message formatting looks correct in Slack.

.changelog/v0.38.16/summary.md (1)

6-6: Approval of Specification Update
The changelog now properly notes the addition of descriptive details for ExtendedVoteInfo and VoteInfo in the spec. This documentation update improves clarity regarding these entities.

spec/abci/abci++_methods.md (1)

807-811: VoteInfo Enhancement Verification
The addition of the block_id_flag field to the VoteInfo data type is clearly documented here. Ensure that the field number (3) and its description are consistent with how it is used elsewhere in the codebase and specification.

p2p/pex/pex_reactor_test.go (3)

303-304: Verify the expected peer count.

The test expects exactly 2 peers to be connected. This seems to be related to the hardcoded loop count of 3 peers above. Consider adding a comment explaining why we expect 2 peers when we create 3.

---

311-311: LGTM: Improved dialing limit validation.

The assertion now correctly validates that the number of dialing peers doesn't exceed the available slots (MaxNumOutboundPeers + MaxNumInboundPeers - outbound - inbound).

---

562-566: LGTM: Simplified timeout handling.

The timeout handling has been improved by using time.After instead of manual time tracking. This is a more idiomatic approach in Go.

p2p/pex/pex_reactor.go (3)

443-443: LGTM: Improved control over peer address requests.

The addition of the ensurePeersPeriodElapsed parameter provides better control over when to request addresses from peers, preventing too frequent requests.

---

421-431: LGTM: Consistent parameter passing.

The calls to ensurePeers correctly differentiate between periodic (true) and on-demand (false) invocations, ensuring consistent behavior.

---

511-515: LGTM: Rate-limited peer address requests.

The condition ensurePeersPeriodElapsed ensures that address requests are only made during periodic checks, not during on-demand calls. This helps prevent overwhelming peers with too frequent requests.

blocksync/pool_test.go (1)

5-5: Imported "math" for MaxInt64 usage.

No specific issues found. This aligns with the new test scenario checking math.MaxInt64.

.github/CODEOWNERS (1)

10-13: Expanded code owners for broader coverage.

Adding @cometbft/devrel and @cometbft/interchain-inc broadens the review scope and ensures more inclusive collaboration.

types/part_set_test.go (4)

128-128: Renamed test function to TestPart_ValidateBasic.

This naming convention is valid and clarifies the scope of the test.

---

140-140: Ensuring proof index for a good small last part.

Assigning pt.Proof.Index = 1 aligns the part index with the proof index, improving test coverage.

---

153-154: Extended scenario for "Too big proof" test.

Setting pt.Index = 1 is consistent with testing a valid index in contrast to an excessively large proof.

---

156-158: Explicit check for index mismatch.

Good job ensuring that mismatched indexes between pt.Index and pt.Proof.Index are flagged as errors.

types/part_set.go (2)

25-36: Well-structured error type implementation.

The new ErrInvalidPart type follows Go's best practices for error handling by:

• Wrapping the underlying error
• Implementing both Error() and Unwrap() methods
• Providing clear error messages

---

294-294: Important contract documented.

The comment clearly states the precondition that the part must be validated using ValidateBasic before being added.

Let's verify that all callers of AddPart respect this contract:

✅ Verification successful

I'm not seeing any matches from the original AST search, so let's broaden our search to manually inspect all contexts where AddPart( is used. Please run the following script to search for all occurrences (with some context) of AddPart( and help us verify if the caller code is indeed validating parts using ValidateBasic.

---

Verification of AddPart Usage and ValidateBasic Contract
All observed callers (in both production and test code) use parts that originate from constructors like NewPartSetFromHeader, which are assumed to produce valid parts, or they intentionally modify parts to test error conditions. There’s no evidence of calls to AddPart with unchecked parts—callers rely on earlier validation (directly or via construction) that fulfills the contract.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for all calls to AddPart to verify they validate parts first
ast-grep --pattern 'AddPart($$$)'

Length of output: 35

---

Script:

#!/bin/bash
# Search for all occurrences of "AddPart(" and display 5 lines of context around each occurrence.
rg -C 5 'AddPart\(' || true

Length of output: 5888

blocksync/pool.go (2)

454-459: Good encapsulation of peer ban status.

The new public method provides a thread-safe way to check if a peer is banned, properly encapsulating the internal state.

Let's verify this method is used consistently:

✅ Verification successful

Peer Ban Check Encapsulation Verified. The output shows that both the public IsPeerBanned method and the internal isPeerBanned function are used consistently across the codebase—including in production logic and tests—ensuring thread safety and proper encapsulation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for all usages of IsPeerBanned and isPeerBanned
rg -A 2 "IsPeerBanned|isPeerBanned"

Length of output: 1369

---

374-383: Enhanced security against malicious peers.

The implementation now properly handles peers that report decreasing heights or base values by:

• Logging the inconsistency for debugging
• Removing and banning the peer
• Early return to prevent further processing

Let's verify the test coverage for this security enhancement:

✅ Verification successful

The test suite in blocksync/pool_test.go includes several tests—such as TestBlockPoolRemovePeer, TestBlockPoolMaliciousNode, and TestBlockPoolMaliciousNodeMaxInt64—that cover scenarios involving peer misbehavior. These cases simulate peers that behave unexpectedly (for example, reporting block ranges that are inconsistent with the expected progression). In particular, the malicious node tests trigger the conditions that lead to removal (and banning) of peers; this confirms that the security enhancement in handling decreased height or base values is exercised by the tests.

Thus, the test coverage for this security enhancement is properly in place.

Action: The test cases validate that peers reporting decreasing heights or bases are logged, removed, and banned as intended.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for test cases covering this scenario
rg -A 5 "TestBlockPool.*" "blocksync/pool_test.go"

Length of output: 1604

.changelog/v0.38.17/bug-fixes/2025-001-malicious-peer-can-make-node-stuck-in-blocksync.md (1)

1-3: Well-documented security fixes.

The changelog entries properly document the security fixes with:

• Clear descriptions of the changes
• Links to the security advisories
• Proper module tagging

Also applies to: 1-3

.github/workflows/proto-lint.yml (1)

18-18: Upgrade Action Version:
The action version has been bumped from v1.46.0 to v1.50.0. This update likely brings bug fixes or improved features. Please verify any changes in Buf’s output if you haven’t already.

test/e2e/run-multiple.sh (2)

23-24: Enhanced Manifest Logging:
Adding the explicit "==> Manifest:" line followed by cat "$MANIFEST" improves the clarity of logs during testnet execution. This will help diagnose issues when a testnet fails.

---

27-27: Simplified Failure Message:
The failure message has been simplified to "==> Testnet failed", which keeps the output concise. Ensure that additional context in the subsequent steps (like dumping the manifest) still provides all necessary debugging information.

go.mod (4)

3-3: Go Version Bump:
The Go version has been updated from go 1.22.7 to go 1.22.11. This minor upgrade should bring subtle improvements and security fixes. Verify that all go‑tools behave correctly with this new version.

---

25-35: Dependency Version Upgrades (Part 1):
Several key dependencies have been bumped—for example, github.com/prometheus/common is now at v0.62.0 and github.com/stretchr/testify at v1.10.0. These changes should enhance stability and security. Verify that any API updates in these libraries do not break existing tests.

---

41-51: Dependency Version Upgrades (Part 2):
Additional dependency updates—including libraries such as golang.org/x/crypto, golang.org/x/net, google.golang.org/grpc, and others—ensure that we’re on patched, secure versions. Double-check that there is no unintended behavior from upstream changes.

---

151-160: Retraction Section:
The retract block now clearly lists removed or superseded versions. This is useful for package consumers to avoid regressions caused by outdated versions.

docs/guides/go.md (7)

49-50: Documented Go Version Update:
The snippet now correctly shows the output for go version go1.22.11 darwin/amd64. This update is important to ensure readers install the appropriate Go version as required by the application.

---

271-273: Constructor Invocation Update:
The sample in main.go has been updated to invoke NewKVStoreApplication(nil). Ensure that when integrating this example into production code, an actual database handle is provided rather than nil.

---

287-295: Addition of isValid Helper:
The helper function isValid(tx []byte) uint32 is now added to validate the transaction format (ensuring it contains exactly one "="). This improves code modularity and helps prevent duplicate logic in both CheckTx and FinalizeBlock.

---

300-304: Update to CheckTx Implementation:
CheckTx now calls isValid(check.Tx) and returns the resulting code. This creates consistency with the new validation logic. Verify that all transaction formats (and potential edge cases) are handled as expected.

---

353-380: Enhanced FinalizeBlock with Transaction Processing:
The changes in FinalizeBlock now create a new Badger transaction and process each transaction by:
– validating again using isValid
– splitting the transaction into key/value pairs via bytes.SplitN
– logging both attempted and successful database writes
Using log.Panicf on database write errors forces a crash on unexpected errors, which is acceptable for ensuring deterministic behavior but you might want to confirm this is the desired fault–tolerance model.

---

394-397: Commit Operation Update:
The Commit method now commits the pending Badger transaction (app.onGoingBlock.Commit()). This ensures state changes are persisted after processing a block. The approach is straightforward; just be aware that any error here will propagate immediately via the returned error.

---

421-446: Updated Query Method:
The Query method has been updated to use a read–only Badger transaction. It retrieves the value associated with a key and sets an appropriate log message if the key is not found. This documentation also explains that data is returned as base64–encoded when displayed externally.

docs/guides/go-built-in.md (9)

49-50: Documented Go Version Update:
Similar to the other guide, the output now correctly shows go version go1.22.11 darwin/amd64, ensuring readers know the required Go version.

---

271-272: Constructor Usage Update:
The sample usage now correctly calls NewKVStoreApplication(nil) to reflect the updated signature. In practice, using a valid Badger database handle is recommended.

---

286-295: New isValid Function Addition:
The helper function added here validates the transaction format by checking for the presence of a single "=". This modular approach simplifies the CheckTx and other validation paths.

---

300-304: Revised CheckTx Implementation:
CheckTx now uses the new isValid helper to determine the transaction’s validity. This makes intent clearer and centralizes transaction format validation.

---

353-380: Refined FinalizeBlock for Built-in Application:
The changes show the creation of an on–going Badger transaction and processing each transaction with validation, logging, and setting key/value pairs. This mirrors the external guide’s improvements and is critical for ensuring transactional integrity.

Again, consider if crashing via log.Panicf is acceptable or if a more graceful error–handling strategy is needed in production.

---

397-400: Updated Commit Method for Persistence:
The built-in application's Commit now terminates the pending Badger transaction by calling its Commit() method. This change is straightforward and consistent with the external guide.

---

427-451: Enhanced Query Method:
The Query function has been rewritten to use a read–only view of the database. It handles the case when a key is missing by setting an appropriate log message and returns the value if found. This is a clear and concise approach.

---

473-490: Proposal Methods Implementation:
Both PrepareProposal and ProcessProposal are now documented. The implementations here simply pass through the transaction set or accept all proposals. This basic implementation is acceptable for a tutorial but may need extension for production use.

---

500-603: Main Application and Node Startup Updates:
The updated main.go in this guide now shows how to load configuration with Viper, open the Badger database, initialize the application, set up the private validator and node key, and finally start the node along with graceful shutdown on SIGTERM. This comprehensive snippet is a solid reference for users building a built-in application using CometBFT.

CHANGELOG.md (3)

3-9: New Release Entry for v0.38.17
The new version entry is clear: it displays the version, the release date (February 3, 2025), and a concise description of the security issues being fixed. Please verify that the date format (with the comma) conforms to your project’s style guide.

---

10-16: New BUG FIXES Section Added
The BUG FIXES section lists two corrective measures for the [blocksync] and [types] components, each with a corresponding security advisory link. Ensure that the advisory IDs and URLs (GHSA-22qq-3xwm-r5x4 and GHSA-r3r4-g7hq-pq4f) are accurate and up to date.

---

17-21: Dependency Update Added
The DEPENDENCIES section now includes a bump of the minimum Go version to 1.22.11. Confirm that this update is consistently reflected in your build configurations and documentation.

.changelog/v0.38.12/dependencies/4605-fix-mockery-version.md (1)

1-3: Mockery Version Pinning Update
This file pins the mockery version to v2.49.2 to prevent unwanted changes in mocks with future releases. The change is succinct and includes a reference to issue #4605. Please also ensure that the version in your automation script (e.g. in scripts/mockery_generate.sh) is updated accordingly.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

1-1: First line in a file should be a top-level heading
null

(MD041, first-line-heading, first-line-h1)

---

3-3: Files should end with a single newline character
null

(MD047, single-trailing-newline)

.changelog/v0.38.17/bug-fixes/2025-002-block-part-validation.md (2)

1-1: Clear and Concise Validation Description

The changelog entry clearly explains the new validation rule that requires Part.Index to equal Part.Proof.Index as part of enforcing security advisory ASA-2025-001. This succinct description is excellent for documentation.

---

2-2: Proper Inclusion of Security Advisory Reference

Linking the security advisory (ASA-2025-001) directly in the changelog enhances traceability and helps users quickly access detailed information about the advisory.