fix: review fixes -- validate signatures before RPC, fix inline paths

grumbach · grumbach · commit 03d94dbe06bc · 2026-04-02T15:15:56.000+09:00
- Move ML-DSA-65 signature validation BEFORE on-chain queries to
  prevent DoS via garbage proofs triggering expensive RPC lookups
- Move verify_merkle_candidate_signature import to top-level
- Import Arc at top of file instead of inline std::sync::Arc
diff --git a/src/payment/verifier.rs b/src/payment/verifier.rs
@@ -10,6 +10,7 @@ use crate::payment::proof::{
     deserialize_merkle_proof, deserialize_proof, detect_proof_type, ProofType,
 };
 use crate::payment::quote::{verify_quote_content, verify_quote_signature};
+use crate::payment::verify_merkle_candidate_signature;
 use evmlib::contract::merkle_payment_vault;
 use evmlib::merkle_batch_payment::PoolHash;
 use evmlib::merkle_payments::OnChainPaymentInfo;
@@ -20,6 +21,7 @@ use lru::LruCache;
 use parking_lot::Mutex;
 use saorsa_core::identity::node_identity::peer_id_from_public_key_bytes;
 use std::num::NonZeroUsize;
+use std::sync::Arc;
 use std::time::SystemTime;
 use tracing::{debug, info};
 
@@ -66,7 +68,7 @@ impl Default for EvmVerifierConfig {
 /// Configuration for the payment verifier.
 ///
 /// Callback to check if the local node is in the close group for a given address.
-pub type CloseGroupChecker = std::sync::Arc<dyn Fn(&[u8; 32]) -> Vec<RewardsAddress> + Send + Sync>;
+pub type CloseGroupChecker = Arc<dyn Fn(&[u8; 32]) -> Vec<RewardsAddress> + Send + Sync>;
 
 /// All new data requires EVM payment on Arbitrum. The cache stores
 /// previously verified payments to avoid redundant on-chain lookups.
@@ -544,6 +546,17 @@ impl PaymentVerifier {
 
         let pool_hash = merkle_proof.winner_pool_hash();
 
+        // Run cheap local checks BEFORE expensive on-chain queries.
+        // This prevents DoS via garbage proofs that trigger RPC lookups.
+        for candidate in &merkle_proof.winner_pool.candidate_nodes {
+            if !verify_merkle_candidate_signature(candidate) {
+                return Err(Error::Payment(format!(
+                    "Invalid ML-DSA-65 signature on merkle candidate node (reward: {})",
+                    candidate.reward_address
+                )));
+            }
+        }
+
         // Check pool cache first
         let cached_info = {
             let mut pool_cache = self.pool_cache.lock();
@@ -619,20 +632,8 @@ impl PaymentVerifier {
             on_chain_info
         };
 
-        // pool_hash was derived from merkle_proof.winner_pool and used to query
-        // the contract. The contract only returns data if a payment exists for that
-        // hash. The ML-DSA signature check below ensures the pool contents are
-        // authentic (nodes actually signed their candidate quotes).
-
-        // Verify ML-DSA-65 signatures and timestamp/data_type consistency
-        // on all candidate nodes in the winner pool.
+        // Verify timestamp consistency (signatures already checked above before RPC).
         for candidate in &merkle_proof.winner_pool.candidate_nodes {
-            if !crate::payment::verify_merkle_candidate_signature(candidate) {
-                return Err(Error::Payment(format!(
-                    "Invalid ML-DSA-65 signature on merkle candidate node (reward: {})",
-                    candidate.reward_address
-                )));
-            }
             if candidate.merkle_payment_timestamp != payment_info.merkle_payment_timestamp {
                 return Err(Error::Payment(format!(
                     "Candidate timestamp mismatch: expected {}, got {} (reward: {})",
