File: crates/client/src/listeners.rs:244-258, crates/replay/src/role.rs:167-174
Severity: observability
Obvious? no
InsertError::PrevMismatch is treated as a malicious-author / equivocation signal (per crates/state/src/sync.rs:1029), but client + replay both just call tracing::warn!(...) and drop the event. There is no counter, no surfaced "this peer is misbehaving" state, no propagation to the trust UI. For a trust-model-critical observation ("an author signed two conflicting chains"), this should at minimum increment an observability metric and ideally surface in a security/audit log visible to the owner. Currently any equivocation attack is invisible unless someone is reading service logs.
Fix: add a metric/counter; surface in trust UI (e.g. "peer X published 2 conflicting chains").
Filed by /general-audit @ 6404719 (2026-05-03). master: #567.
File:
crates/client/src/listeners.rs:244-258,crates/replay/src/role.rs:167-174Severity: observability
Obvious? no
InsertError::PrevMismatchis treated as a malicious-author / equivocation signal (percrates/state/src/sync.rs:1029), but client + replay both just calltracing::warn!(...)and drop the event. There is no counter, no surfaced "this peer is misbehaving" state, no propagation to the trust UI. For a trust-model-critical observation ("an author signed two conflicting chains"), this should at minimum increment an observability metric and ideally surface in a security/audit log visible to the owner. Currently any equivocation attack is invisible unless someone is reading service logs.Fix: add a metric/counter; surface in trust UI (e.g. "peer X published 2 conflicting chains").
Filed by
/general-audit@6404719(2026-05-03). master: #567.