File: crates/state/src/dag.rs:130-157
Severity: security — availability (HIGH)
Obvious? no
EventDag::insert calls event.verify() (Ed25519 signature + bincode reserialize + blake3 hash, ~50µs) on EVERY event before checking the cheap deps.len() > MAX_EVENT_DEPS and encrypted_keys size caps.
Attack: anyone holding any permission (e.g. SendMessages) signs + broadcasts events with deps.len() == usize::MAX/2 deps. Even though they will be rejected, every receiving peer pays the full Ed25519-verification CPU cost.
Reorder: cheap structural caps first, signature last. This matches the intent comment at line 135 ("Reject at the inbound DAG boundary so over-cap events never even reach applied_events") which is currently violated by ordering.
Filed by /general-audit @ b901575 (2026-05-02). master: #513.
File:
crates/state/src/dag.rs:130-157Severity: security — availability (HIGH)
Obvious? no
EventDag::insertcallsevent.verify()(Ed25519 signature + bincode reserialize + blake3 hash, ~50µs) on EVERY event before checking the cheapdeps.len() > MAX_EVENT_DEPSandencrypted_keyssize caps.Attack: anyone holding any permission (e.g.
SendMessages) signs + broadcasts events withdeps.len() == usize::MAX/2deps. Even though they will be rejected, every receiving peer pays the full Ed25519-verification CPU cost.Reorder: cheap structural caps first, signature last. This matches the intent comment at line 135 ("Reject at the inbound DAG boundary so over-cap events never even reach
applied_events") which is currently violated by ordering.Filed by
/general-audit@b901575(2026-05-02). master: #513.