Skip to content

fix: use FutureTimeLimit instead of CorruptedData for clock skew#3896

Open
iho wants to merge 1 commit into
mimblewimble:stagingfrom
iho:fix/future-time-ser-error
Open

fix: use FutureTimeLimit instead of CorruptedData for clock skew#3896
iho wants to merge 1 commit into
mimblewimble:stagingfrom
iho:fix/future-time-ser-error

Conversation

@iho

@iho iho commented Jul 9, 2026

Copy link
Copy Markdown

Summary

Fixes #3360.

UntrustedBlockHeader rejected headers past future_time_limit with ser::Error::CorruptedData. That label is misleading: the bytes are well-formed; local clocks may simply disagree (miners near the FTL boundary). Maintainers already noted we need more informative deserialization errors for this case.

Change

  • Add ser::Error::FutureTimeLimit
  • Use it (with a warn!) when a header timestamp is beyond FTL
  • Keep real corruption / invalid PoW paths on CorruptedData
  • Unit test: future header deserializes to FutureTimeLimit, not CorruptedData

P2P still treats all serialization errors as non-bannable (Error::Serialization); this mainly improves logging/clarity and future handling if finer peer policy is added.

Test plan

  • cargo test -p grin_core --test block deserialize_untrusted_header_future_time
  • cargo test -p grin_core --test block -- --test-threads=1 (28 passed)

Headers slightly beyond future_time_limit are not corrupted data —
clocks differ. Return ser::Error::FutureTimeLimit so the condition is
explicit and not lumped with real corruption/POW failures.

Addresses mimblewimble#3360.
@wiesche89 wiesche89 self-requested a review July 12, 2026 08:31

@wiesche89 wiesche89 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new error is clearer, but it remains diagnostics-only. P2P still closes the connection for every serialization error. The PR description should make that scope clear, and the test can be simplified because timestamp is checked before PoW.

Comment thread core/src/core/block.rs
header.hash(), ftl
);
return Err(ser::Error::CorruptedData);
return Err(ser::Error::FutureTimeLimit);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still becomes a generic P2P serialization error and closes the connection. Is this intentionally diagnostics-only, or should future timestamps be handled without dropping the peer?

Comment thread core/src/ser.rs
/// Unsupported protocol version
UnsupportedProtocolVersion,
/// Block/header timestamp is beyond the future time limit.
/// Not corrupted data — peer clocks may simply disagree; treat as non-fatal

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2P currently treats all serialization errors the same, so this variant does not change peer reputation yet. Could we keep the comment focused on the timestamp condition?

Comment thread core/tests/block.rs
let key_id = ExtKeychain::derive_key_id(1, 1, 0, 0, 0);
let mut b = new_block(&[], &keychain, &builder, &prev, &key_id);

// Far beyond future_time_limit (default 300s for AutomatedTesting? check global)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default is 300 seconds, so the question can go. Since timestamp is checked before PoW, could this use a plain header and avoid mining a proof?

Comment thread core/src/core/block.rs
// TODO add warning in p2p code if local time is too different from peers
error!(
"block header {} validation error: block time is more than {} seconds in the future",
// Refuse blocks whose timestamp is too far in the future.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we shorten this to describe the rejection reason and leave the issue history in the PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants