Feat: pbft to rollup sequencer, include P2P & block produce #25

tomatoishealthy · 2025-12-30T04:14:19Z

PR checklist

Tests written/updated, or no tests needed
CHANGELOG_PENDING.md updated, or no changelog entry needed
Updated relevant documentation (docs/) and code comments, or no
documentation updates needed

blocksync/reactor.go

+					seqR, ok := bcR.Switch.Reactor("SEQUENCER").(sequencerReactor)
+					if ok {
+						if err := seqR.StartSequencerRoutines(); err != nil {
+							bcR.Logger.Error("Failed to start sequencer mode", "err", err)


In general, to fix clear-text logging of sensitive information, either (a) ensure the error content is sanitized before logging, or (b) avoid logging the error details entirely, logging only high-level context instead. When an error may indirectly contain secrets (e.g., because it was created from a URL with embedded credentials), it's safer not to log the raw error string.

For this specific case, the minimal, non-breaking fix is to stop logging the err value from seqR.StartSequencerRoutines() in blocksync/reactor.go. This preserves behavior (sequencer mode still starts or fails as before; the control flow remains unchanged) but removes the potentially sensitive error string from logs. We can keep the informational message that sequencer mode failed, but omit the detailed error argument. Concretely:

In blocksync/reactor.go, around lines 471–475, replace:
if err := seqR.StartSequencerRoutines(); err != nil { bcR.Logger.Error("Failed to start sequencer mode", "err", err) }
with:
if err := seqR.StartSequencerRoutines(); err != nil { // Do not log the underlying error to avoid leaking sensitive data (e.g., RPC credentials). bcR.Logger.Error("Failed to start sequencer mode") }

No new methods or imports are needed; we are only changing the logging arguments in an existing call.

node/node.go

+				if seqR, ok := bcR.(*bc.Reactor); ok {
+					if bbR, ok := seqR.Switch.Reactor("SEQUENCER").(interface{ StartSequencerRoutines() error }); ok {
+						if err := bbR.StartSequencerRoutines(); err != nil {
+							ssR.Logger.Error("Failed to start sequencer routines", "err", err)


In general, to fix clear-text logging issues, avoid logging values that may directly or indirectly contain sensitive data (like passwords, tokens, full URLs with credentials). Instead, either (1) omit the sensitive content entirely, (2) log only non-sensitive metadata, or (3) sanitize/redact the value before logging.

Here, the concrete sink is ssR.Logger.Error("Failed to start sequencer routines", "err", err) in node/node.go. The tainted value is the err that may contain, deep in its chain, the password originally parsed from the RPC URL. The simplest, least intrusive fix is to stop logging the raw err value in this specific call while still returning it to the caller if needed, or to log a sanitized summary that does not expose credentials. Since this logging is for diagnostics and we are inside a goroutine where we only log and return, we can safely change the log call to avoid including the err object.

The best minimal fix without changing control flow is:

In node/node.go, inside the startStateSync function’s goroutine, change the block:

if err := bbR.StartSequencerRoutines(); err != nil { ssR.Logger.Error("Failed to start sequencer routines", "err", err) }

to log only a generic message, e.g.:

if err := bbR.StartSequencerRoutines(); err != nil { ssR.Logger.Error("Failed to start sequencer routines") }

This preserves behavior (we still attempt to start, and still do nothing further on error), but removes the potential leakage of sensitive information via the error string. No new imports or helper functions are required.

tomatoishealthy requested a review from a team as a code owner December 30, 2025 04:14

tomatoishealthy requested review from Web3Jumb0 and removed request for a team December 30, 2025 04:14

tomatoishealthy mentioned this pull request Dec 30, 2025

Transition from PBFT consensus to a Rollup-style sequencer architecture morph-l2/morph#846

Open

7 tasks

github-advanced-security bot found potential problems Dec 30, 2025

View reviewed changes

tomatoishealthy force-pushed the feat/pbft_to_singleSeq branch from fadfa35 to 4fed633 Compare December 30, 2025 06:01

tomatoishealthy changed the title ~~Feat: pbft to single sequencer, include P2P & block produce~~ Feat: pbft to rollup sequencer, include P2P & block produce Dec 30, 2025

concensus: pbft to single sequencer, include P2P & block produce

f3beaf4

tomatoishealthy force-pushed the feat/pbft_to_singleSeq branch from 4fed633 to f3beaf4 Compare December 30, 2025 08:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Feat: pbft to rollup sequencer, include P2P & block produce #25

Feat: pbft to rollup sequencer, include P2P & block produce #25

tomatoishealthy commented Dec 30, 2025

Uh oh!

Check failure

Copilot Autofix

Check failure

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

@@ -471,7 +471,8 @@
             					seqR, ok := bcR.Switch.Reactor("SEQUENCER").(sequencerReactor)
             					if ok {
             						if err := seqR.StartSequencerRoutines(); err != nil {
-            							bcR.Logger.Error("Failed to start sequencer mode", "err", err)
+            							// Avoid logging the underlying error as it may contain sensitive data
+            							bcR.Logger.Error("Failed to start sequencer mode")
             						}
             					}
             				} else {

Feat: pbft to rollup sequencer, include P2P & block produce #25

Are you sure you want to change the base?

Feat: pbft to rollup sequencer, include P2P & block produce #25

Conversation

tomatoishealthy commented Dec 30, 2025

PR checklist

Uh oh!

Check failure

Uh oh!

Copilot Autofix

Check failure

Uh oh!

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants