From c0ea7c181579770b4e4ca5a7254088320f63a328 Mon Sep 17 00:00:00 2001 From: Jernej Kos Date: Fri, 24 May 2024 12:11:57 +0200 Subject: [PATCH] keymanager: Increase MAX_FRESH_HEIGHT_AGE This avoids issues where key managers get out of sync during operation and start rejecting otherwise valid requests. It should still be safe especially since all new runtimes now perform freshness checks. --- .changelog/5703.bugfix.md | 5 +++++ keymanager/src/runtime/secrets.rs | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 .changelog/5703.bugfix.md diff --git a/.changelog/5703.bugfix.md b/.changelog/5703.bugfix.md new file mode 100644 index 00000000000..a58980268dd --- /dev/null +++ b/.changelog/5703.bugfix.md @@ -0,0 +1,5 @@ +keymanager: Increase MAX_FRESH_HEIGHT_AGE + +This avoids issues where key managers get out of sync during operation +and start rejecting otherwise valid requests. It should still be safe +especially since all new runtimes now perform freshness checks. diff --git a/keymanager/src/runtime/secrets.rs b/keymanager/src/runtime/secrets.rs index 0b1dad6d5ea..10b2b326829 100644 --- a/keymanager/src/runtime/secrets.rs +++ b/keymanager/src/runtime/secrets.rs @@ -73,8 +73,8 @@ const MAX_EPHEMERAL_KEY_AGE: EpochTime = 10; /// Maximum age of a fresh height in the number of blocks. /// /// A height is considered fresh if it is not more than specified amount -/// of blocks lower than the height of the latest trust root. -const MAX_FRESH_HEIGHT_AGE: u64 = 50; +/// of blocks lower than the height of the latest verified height. +const MAX_FRESH_HEIGHT_AGE: u64 = 600; // ~1 hr @ 6s/block /// Master and ephemeral secrets RPC handler. pub struct Secrets {