pub const MAX_INBOUND_CONCURRENCY: usize = 200;Expand description
The maximum number of concurrent inbound download and verify tasks. Also used as the maximum lookahead limit, before block verification.
We expect the syncer to download and verify checkpoints, so this bound can be small.
ยงSecurity
The maximum block size is 2 million bytes. A deserialized malicious
block with ~225_000 transparent outputs can take up 9MB of RAM.
The total queue bound is MAX_INBOUND_CONCURRENCY * 9 MB. Each peer IP
is limited to one in-flight download (9 MB) by the per-IP cap enforced
in Downloads::download_and_verify, so a sybil or IPv6-range attacker
still needs many distinct source IPs to approach the total bound.
(See #1880 for more details.)
Malicious blocks will eventually timeout or fail contextual validation. Once validation fails, the block is dropped, and its memory is deallocated.