[A43] Lattice hash of a snapshot is never validated by re-computing the hash #149
Description
When Mithril is started from empty state, instead of replaying blocks from genesis up to the most recent blocks, Mithril instead downloads a recent snapshot of Solana that contains all Solana accounts at a given slot. Mithril then initializes a new AccountsDB and populates it with data from that snapshot.
As these snapshot are from potentially untrusted RPC servers, Mithril must ensure validity of the given snapshot, i.e., that all accounts have not been altered and that metadata is correct, such as, e.g., the parent block bankhash.
In the past, this check was performed implicitly by Mithril when replaying blocks eventually, since epochs, i.e., blocks, used to contain Epoch Account Hashes (EAH) that hashed all accounts roughly once per epoch. This mechanism was implemented in Mithril, but has since been replaced in Solana and Mithril by the lattice hash mechanism. The lattice hash is a hash that can be computed from all accounts and is used in all bankhash calculations since replacing EAH. At the same time, nodes do not have to hash all accounts for every bankhash, since the lattice hash of a previous slot can be transmuted with the account deltas between both slots. This significantly reduces compute requirements for Solana.
However, since Mithril continuously the lattice hash using the lattice hash of the previous slot, no implicit check of the snapshot is ever performed for all accounts. As Mithril parses and uses the lattice hash provided in the snapshot, Mithril will instead run into a bankhash mismatch when processing a transaction that uses account data altered by an altered snapshot. This can happen at any given point in the future and could be exploited to cause a Denial-of-Service by introducing a transaction on the Solana blockchain that would trigger the bankhash mismatch by using the altered account data.
Recommendation
We recommend to validate the lattice hash provided in a snapshot by re-computing the lattice hash from all accounts in the snapshot. In case of a mismatch, the respective snapshot should be discarded.