Malicious behavior miner

.github/workflows/pre-release.yml

@@ -125,25 +125,25 @@ jobs:
       # ==============================
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: linux
           path: ./linux
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: macos
           path: ./macos
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: windows
           path: ./windows
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: arm64
           path: ./arm64

.github/workflows/release.yml

@@ -124,25 +124,25 @@ jobs:
       # ==============================
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: linux
           path: ./linux
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: macos
           path: ./macos
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: windows
           path: ./windows
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.7
         with:
           name: arm64
           path: ./arm64

.nancy-ignore

@@ -1,2 +1,3 @@
 CVE-2024-34478 # "CWE-754: Improper Check for Unusual or Exceptional Conditions." This vulnerability is BTC only, BSC does not have the issue.
 CVE-2024-6104 # "CWE-532: Information Exposure Through Log Files" This is caused by the vulnerabilities go-retryablehttp@v0.7.4, it is only used in cmd devp2p, impact is limited. will upgrade to v0.7.7 later
+CVE-2024-8421 # "CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion)" This vulnerability is caused by issues in the golang.org/x/net package. Even the latest version(v0.29.0) has not yet addressed it, but we will continue to monitor updates closely.

CHANGELOG.md

@@ -1,4 +1,43 @@
 # Changelog
+## v1.4.15
+### BUGFIX
+* [\#2680](https://github.com/bnb-chain/bsc/pull/2680) txpool: apply miner's gasceil to txpool
+* [\#2688](https://github.com/bnb-chain/bsc/pull/2688) txpool: set default GasCeil from 30M to 0
+* [\#2696](https://github.com/bnb-chain/bsc/pull/2696) miner: limit block size to eth protocol msg size
+* [\#2684](https://github.com/bnb-chain/bsc/pull/2684) eth: Add sidecars when available to broadcasted current block
+
+### FEATURE
+* [\#2672](https://github.com/bnb-chain/bsc/pull/2672) faucet: with mainnet balance check, 0.002BNB at least
+* [\#2678](https://github.com/bnb-chain/bsc/pull/2678) beaconserver: simulated beacon api server for op-stack
+* [\#2687](https://github.com/bnb-chain/bsc/pull/2687) faucet: support customized token
+* [\#2698](https://github.com/bnb-chain/bsc/pull/2698) faucet: add example for custimized token
+* [\#2706](https://github.com/bnb-chain/bsc/pull/2706) faucet: update DIN token faucet support
+
+### IMPROVEMENT
+* [\#2677](https://github.com/bnb-chain/bsc/pull/2677) log: add some p2p log
+* [\#2679](https://github.com/bnb-chain/bsc/pull/2679) build(deps): bump actions/download-artifact in /.github/workflows
+* [\#2662](https://github.com/bnb-chain/bsc/pull/2662) metrics: add some extra feature flags as node stats
+* [\#2675](https://github.com/bnb-chain/bsc/pull/2675) fetcher: Sleep after marking block as done when requeuing
+* [\#2695](https://github.com/bnb-chain/bsc/pull/2695) CI: nancy ignore CVE-2024-8421
+* [\#2689](https://github.com/bnb-chain/bsc/pull/2689) consensus/parlia: wait more time when processing huge blocks
+
+## v1.4.14
+
+### BUGFIX
+* [\#2643](https://github.com/bnb-chain/bsc/pull/2643)core: fix cache for receipts
+* [\#2656](https://github.com/bnb-chain/bsc/pull/2656)ethclient: fix BlobSidecars api
+* [\#2657](https://github.com/bnb-chain/bsc/pull/2657)fix: update prunefreezer’s offset when pruneancient and the dataset has pruned block
+
+### FEATURE
+* [\#2661](https://github.com/bnb-chain/bsc/pull/2661)config: setup Mainnet 2 hardfork date: HaberFix & Bohr
+
+### IMPROVEMENT
+* [\#2578](https://github.com/bnb-chain/bsc/pull/2578)core/systemcontracts: use vm.StateDB in UpgradeBuildInSystemContract
+* [\#2649](https://github.com/bnb-chain/bsc/pull/2649)internal/debug: remove memsize
+* [\#2655](https://github.com/bnb-chain/bsc/pull/2655)internal/ethapi: make GetFinalizedHeader monotonically increasing
+* [\#2658](https://github.com/bnb-chain/bsc/pull/2658)core: improve readability of the fork choice logic
+* [\#2665](https://github.com/bnb-chain/bsc/pull/2665)faucet: bump and resend faucet transaction if it has been pending for a while
+
 ## v1.4.13
 
 ### BUGFIX

Makefile

@@ -17,6 +17,11 @@ geth:
 	@echo "Done building."
 	@echo "Run \"$(GOBIN)/geth\" to launch geth."
 
+#? faucet: Build faucet
+faucet:
+	$(GORUN) build/ci.go install ./cmd/faucet
+	@echo "Done building faucet"
+
 #? all: Build all packages and executables
 all:
 	$(GORUN) build/ci.go install

README.md

@@ -9,16 +9,15 @@ https://pkg.go.dev/badge/github.com/ethereum/go-ethereum
 )](https://pkg.go.dev/github.com/ethereum/go-ethereum?tab=doc)
 [![Discord](https://img.shields.io/badge/discord-join%20chat-blue.svg)](https://discord.gg/z2VpC455eU)
 
-But from that baseline of EVM compatible, BNB Smart Chain introduces  a system of 21 validators with Proof of Staked Authority (PoSA) consensus that can support short block time and lower fees. The most bonded validator candidates of staking will become validators and produce blocks. The double-sign detection and other slashing logic guarantee security, stability, and chain finality.
+But from that baseline of EVM compatible, BNB Smart Chain introduces a system of 21 validators with Proof of Staked Authority (PoSA) consensus that can support short block time and lower fees. The most bonded validator candidates of staking will become validators and produce blocks. The double-sign detection and other slashing logic guarantee security, stability, and chain finality.
 
-Cross-chain transfer and other communication are possible due to native support of interoperability. Relayers and on-chain contracts are developed to support that. BNB Beacon Chain DEX remains a liquid venue of the exchange of assets on both chains. This dual-chain architecture will be ideal for users to take advantage of the fast trading on one side and build their decentralized apps on the other side. **The BNB Smart Chain** will be:
+**The BNB Smart Chain** will be:
 
 - **A self-sovereign blockchain**: Provides security and safety with elected validators.
 - **EVM-compatible**: Supports all the existing Ethereum tooling along with faster finality and cheaper transaction fees.
-- **Interoperable**: Comes with efficient native dual chain communication; Optimized for scaling high-performance dApps that require fast and smooth user experience.
 - **Distributed with on-chain governance**: Proof of Staked Authority brings in decentralization and community participants. As the native token, BNB will serve as both the gas of smart contract execution and tokens for staking.
 
-More details in [White Paper](https://www.bnbchain.org/en#smartChain).
+More details in [White Paper](https://github.com/bnb-chain/whitepaper/blob/master/WHITEPAPER.md).
 
 ## Key features
 
@@ -34,26 +33,15 @@ To combine DPoS and PoA for consensus, BNB Smart Chain implement a novel consens
 
 1. Blocks are produced by a limited set of validators.
 2. Validators take turns to produce blocks in a PoA manner, similar to Ethereum's Clique consensus engine.
-3. Validator set are elected in and out based on a staking based governance on BNB Beacon Chain.
-4. The validator set change is relayed via a cross-chain communication mechanism.
-5. Parlia consensus engine will interact with a set of [system contracts](https://docs.bnbchain.org/bnb-smart-chain/staking/overview/#system-contracts) to achieve liveness slash, revenue distributing and validator set renewing func.
-
-
-### Light Client of BNB Beacon Chain
-
-To achieve the cross-chain communication from BNB Beacon Chain to BNB Smart Chain, need introduce a on-chain light client verification algorithm.
-It contains two parts:
-
-1. [Stateless Precompiled contracts](https://github.com/bnb-chain/bsc/blob/master/core/vm/contracts_lightclient.go) to do tendermint header verification and Merkle Proof verification.
-2. [Stateful solidity contracts](https://github.com/bnb-chain/bsc-genesis-contract/blob/master/contracts/TendermintLightClient.sol) to store validator set and trusted appHash.  
+3. Validator set are elected in and out based on a staking based governance on BNB Smart Chain.
+4. Parlia consensus engine will interact with a set of [system contracts](https://docs.bnbchain.org/bnb-smart-chain/staking/overview/#system-contracts) to achieve liveness slash, revenue distributing and validator set renewing func.
 
 ## Native Token
 
 BNB will run on BNB Smart Chain in the same way as ETH runs on Ethereum so that it remains as `native token` for BSC. This means,
 BNB will be used to:
 
 1. pay `gas` to deploy or invoke Smart Contract on BSC
-2. perform cross-chain operations, such as transfer token assets across BNB Smart Chain and BNB Beacon Chain.
 
 ## Building the source
 
@@ -247,9 +235,7 @@ running web servers, so malicious web pages could try to subvert locally availab
 APIs!**
 
 ### Operating a private network
-- [BSC-Deploy](https://github.com/bnb-chain/node-deploy/): deploy tool for setting up both BNB Beacon Chain, BNB Smart Chain and the cross chain infrastructure between them.
-- [BSC-Docker](https://github.com/bnb-chain/bsc-docker): deploy tool for setting up local BSC cluster in container.
-
+- [BSC-Deploy](https://github.com/bnb-chain/node-deploy/): deploy tool for setting up BNB Smart Chain.
 
 ## Running a bootnode
 

beacon/fakebeacon/api_func.go

@@ -0,0 +1,87 @@
+package fakebeacon
+
+import (
+	"context"
+	"sort"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto/kzg4844"
+	"github.com/ethereum/go-ethereum/internal/ethapi"
+	"github.com/ethereum/go-ethereum/log"
+	"github.com/ethereum/go-ethereum/rpc"
+)
+
+type BlobSidecar struct {
+	Blob          kzg4844.Blob       `json:"blob"`
+	Index         int                `json:"index"`
+	KZGCommitment kzg4844.Commitment `json:"kzg_commitment"`
+	KZGProof      kzg4844.Proof      `json:"kzg_proof"`
+}
+
+type APIGetBlobSidecarsResponse struct {
+	Data []*BlobSidecar `json:"data"`
+}
+
+type ReducedGenesisData struct {
+	GenesisTime string `json:"genesis_time"`
+}
+
+type APIGenesisResponse struct {
+	Data ReducedGenesisData `json:"data"`
+}
+
+type ReducedConfigData struct {
+	SecondsPerSlot string `json:"SECONDS_PER_SLOT"`
+}
+
+type IndexedBlobHash struct {
+	Index int         // absolute index in the block, a.k.a. position in sidecar blobs array
+	Hash  common.Hash // hash of the blob, used for consistency checks
+}
+
+func configSpec() ReducedConfigData {
+	return ReducedConfigData{SecondsPerSlot: "1"}
+}
+
+func beaconGenesis() APIGenesisResponse {
+	return APIGenesisResponse{Data: ReducedGenesisData{GenesisTime: "0"}}
+}
+
+func beaconBlobSidecars(ctx context.Context, backend ethapi.Backend, slot uint64, indices []int) (APIGetBlobSidecarsResponse, error) {
+	var blockNrOrHash rpc.BlockNumberOrHash
+	header, err := fetchBlockNumberByTime(ctx, int64(slot), backend)
+	if err != nil {
+		log.Error("Error fetching block number", "slot", slot, "indices", indices)
+		return APIGetBlobSidecarsResponse{}, err
+	}
+	sideCars, err := backend.GetBlobSidecars(ctx, header.Hash())
+	if err != nil {
+		log.Error("Error fetching Sidecars", "blockNrOrHash", blockNrOrHash, "err", err)
+		return APIGetBlobSidecarsResponse{}, err
+	}
+	sort.Ints(indices)
+	fullBlob := len(indices) == 0
+	res := APIGetBlobSidecarsResponse{}
+	idx := 0
+	curIdx := 0
+	for _, sideCar := range sideCars {
+		for i := 0; i < len(sideCar.Blobs); i++ {
+			//hash := kZGToVersionedHash(sideCar.Commitments[i])
+			if !fullBlob && curIdx >= len(indices) {
+				break
+			}
+			if fullBlob || idx == indices[curIdx] {
+				res.Data = append(res.Data, &BlobSidecar{
+					Index:         idx,
+					Blob:          sideCar.Blobs[i],
+					KZGCommitment: sideCar.Commitments[i],
+					KZGProof:      sideCar.Proofs[i],
+				})
+				curIdx++
+			}
+			idx++
+		}
+	}
+
+	return res, nil
+}

beacon/fakebeacon/handlers.go

@@ -0,0 +1,88 @@
+package fakebeacon
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/prysmaticlabs/prysm/v5/api/server/structs"
+	field_params "github.com/prysmaticlabs/prysm/v5/config/fieldparams"
+	"github.com/prysmaticlabs/prysm/v5/network/httputil"
+)
+
+var (
+	versionMethod        = "/eth/v1/node/version"
+	specMethod           = "/eth/v1/config/spec"
+	genesisMethod        = "/eth/v1/beacon/genesis"
+	sidecarsMethodPrefix = "/eth/v1/beacon/blob_sidecars/{slot}"
+)
+
+func VersionMethod(w http.ResponseWriter, r *http.Request) {
+	resp := &structs.GetVersionResponse{
+		Data: &structs.Version{
+			Version: "",
+		},
+	}
+	httputil.WriteJson(w, resp)
+}
+
+func SpecMethod(w http.ResponseWriter, r *http.Request) {
+	httputil.WriteJson(w, &structs.GetSpecResponse{Data: configSpec()})
+}
+
+func GenesisMethod(w http.ResponseWriter, r *http.Request) {
+	httputil.WriteJson(w, beaconGenesis())
+}
+
+func (s *Service) SidecarsMethod(w http.ResponseWriter, r *http.Request) {
+	indices, err := parseIndices(r.URL)
+	if err != nil {
+		httputil.HandleError(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	segments := strings.Split(r.URL.Path, "/")
+	slot, err := strconv.ParseUint(segments[len(segments)-1], 10, 64)
+	if err != nil {
+		httputil.HandleError(w, "not a valid slot(timestamp)", http.StatusBadRequest)
+		return
+	}
+
+	resp, err := beaconBlobSidecars(r.Context(), s.backend, slot, indices)
+	if err != nil {
+		httputil.HandleError(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	httputil.WriteJson(w, resp)
+}
+
+// parseIndices filters out invalid and duplicate blob indices
+func parseIndices(url *url.URL) ([]int, error) {
+	rawIndices := url.Query()["indices"]
+	indices := make([]int, 0, field_params.MaxBlobsPerBlock)
+	invalidIndices := make([]string, 0)
+loop:
+	for _, raw := range rawIndices {
+		ix, err := strconv.Atoi(raw)
+		if err != nil {
+			invalidIndices = append(invalidIndices, raw)
+			continue
+		}
+		if ix >= field_params.MaxBlobsPerBlock {
+			invalidIndices = append(invalidIndices, raw)
+			continue
+		}
+		for i := range indices {
+			if ix == indices[i] {
+				continue loop
+			}
+		}
+		indices = append(indices, ix)
+	}
+
+	if len(invalidIndices) > 0 {
+		return nil, fmt.Errorf("requested blob indices %v are invalid", invalidIndices)
+	}
+	return indices, nil
+}