From 3ff209d95d76def5fc648b8d08ab4366c925bb46 Mon Sep 17 00:00:00 2001
From: gammazero <gammazero@users.noreply.github.com>
Date: Wed, 9 Feb 2022 11:06:56 -0800
Subject: [PATCH] Add replay rejection

---
 chain/sub/incoming.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/chain/sub/incoming.go b/chain/sub/incoming.go
index 222ad3dea..f8578bee8 100644
--- a/chain/sub/incoming.go
+++ b/chain/sub/incoming.go
@@ -1,6 +1,7 @@
 package sub
 
 import (
+	"bytes"
 	"context"
 	"sync"
 	"time"
@@ -451,6 +452,7 @@ func recordFailure(ctx context.Context, metric *stats.Int64Measure, failureType
 type peerMsgInfo struct {
 	peerID    peer.ID
 	lastCid   cid.Cid
+	lastSeqno []byte
 	rateLimit *ratelimit.Window
 	mutex     sync.Mutex
 }
@@ -513,6 +515,17 @@ func (v *IndexerMessageValidator) Validate(ctx context.Context, pid peer.ID, msg
 	msgInfo.mutex.Lock()
 	defer msgInfo.mutex.Unlock()
 
+	if ok {
+		// Reject replayed messages.
+		seqno := msg.Message.GetSeqno()
+		if bytes.Equal(msgInfo.lastSeqno, seqno) {
+			log.Warnf("rejecting replayed indexer message")
+			stats.Record(ctx, metrics.IndexerMessageValidationFailure.M(1))
+			return pubsub.ValidationReject
+		}
+		msgInfo.lastSeqno = seqno
+	}
+
 	if !ok || originPeer != msgInfo.peerID {
 		// Check that the miner ID maps to the peer that sent the message.
 		err = v.authenticateMessage(ctx, minerID, originPeer)