core/txpool: check authoirization nonce is not stale

lightclient · lightclient · commit 2dc72d52f747 · 2025-02-07T13:17:44.000-07:00
diff --git a/core/txpool/errors.go b/core/txpool/errors.go
@@ -65,4 +65,8 @@ var (
 	// signed by an address which already has in-flight transactions known to the
 	// pool.
 	ErrAuthorityReserved = errors.New("authority already reserved")
+
+	// ErrAuthorityNonce is returned if a transaction has an authorization with
+	// a nonce that is not currently valid for the authority.
+	ErrAuthorityNonceTooLow = errors.New("authority nonce too low")
 )
diff --git a/core/txpool/validation.go b/core/txpool/validation.go
@@ -284,6 +284,15 @@ func ValidateTransactionWithState(tx *types.Transaction, signer types.Signer, op
 				return fmt.Errorf("%w: authorization conflicts with other known tx", ErrAuthorityReserved)
 			}
 		}
+		// Verify the every authorization's nonce is not stale. This check is expensive.
+		for _, auth := range tx.SetCodeAuthorizations() {
+			if addr, err := auth.Authority(); err == nil {
+				next := opts.State.GetNonce(addr)
+				if auth.Nonce < next {
+					return fmt.Errorf("%w: next nonce %d, auth nonce %d", ErrAuthorityNonceTooLow, next, auth.Nonce)
+				}
+			}
+		}
 	}
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -65,4 +65,8 @@ var (`
`65`	`65`	`// signed by an address which already has in-flight transactions known to the`
`66`	`66`	`// pool.`
`67`	`67`	`ErrAuthorityReserved = errors.New("authority already reserved")`
	`68`	`+`
	`69`	`+ // ErrAuthorityNonce is returned if a transaction has an authorization with`
	`70`	`+ // a nonce that is not currently valid for the authority.`
	`71`	`+ ErrAuthorityNonceTooLow = errors.New("authority nonce too low")`
`68`	`72`	`)`
Original file line number	Diff line number	Diff line change
`@@ -284,6 +284,15 @@ func ValidateTransactionWithState(tx *types.Transaction, signer types.Signer, op`
`284`	`284`	`return fmt.Errorf("%w: authorization conflicts with other known tx", ErrAuthorityReserved)`
`285`	`285`	`}`
`286`	`286`	`}`
	`287`	`+ // Verify the every authorization's nonce is not stale. This check is expensive.`
	`288`	`+ for _, auth := range tx.SetCodeAuthorizations() {`
	`289`	`+ if addr, err := auth.Authority(); err == nil {`
	`290`	`+ next := opts.State.GetNonce(addr)`
	`291`	`+ if auth.Nonce < next {`
	`292`	`+ return fmt.Errorf("%w: next nonce %d, auth nonce %d", ErrAuthorityNonceTooLow, next, auth.Nonce)`
	`293`	`+ }`
	`294`	`+ }`
	`295`	`+ }`
`287`	`296`	`}`
`288`	`297`	`return nil`
`289`	`298`	`}`