Skip to content

fix: prevent out-of-range panic in validator and builder balance sort#779

Closed
damilolaedwards wants to merge 1 commit into
ethpandaops:masterfrom
damilolaedwards:fix/validator-builder-balance-sort-panic
Closed

fix: prevent out-of-range panic in validator and builder balance sort#779
damilolaedwards wants to merge 1 commit into
ethpandaops:masterfrom
damilolaedwards:fix/validator-builder-balance-sort-panic

Conversation

@damilolaedwards

Copy link
Copy Markdown
Contributor

Summary

The balance sort on the validators and builders pages can panic with an index out of range, which surfaces as a 500 on those pages.

GetFilteredValidatorSet and GetFilteredBuilderSet load balances from the epoch-start snapshot, but the result set is streamed from the canonical head. Validators projected from the pending-deposit queue, and builders onboarded mid-epoch, appear in the head set at indexes past that snapshot. The balance comparators indexed the balances slice directly, so sorting a set that includes one of those entries reads out of range and panics.

This is reachable in normal use: a non-empty pending-deposit queue is the common state after Electra, so the validators balance-descending sort is affected on mainnet today; the builders sort is affected once Gloas is live. No special input is needed, an ordinary request to the page with the balance sort triggers it.

The other accesses already guard the index (the ascending validator sort uses a bounds-safe helper, and the db-index sorts and result building check the length). Only the comparators were missed.

Fix

Route the comparator lookups through a bounds-safe accessor that returns 0 for an index past the snapshot, so projected validators and freshly onboarded builders sort as zero balance instead of panicking. The validator descending branch now matches the ascending one, and the builders sort gets the same treatment as its sibling code paths.

Tests

Added tests for the bounds-safe lookups and for sorting a set that contains an out-of-range index. They pass with the fix and fail with an index out of range without it.

go build, go vet and gofmt are clean.

…lance

The balance sort comparators indexed the balances snapshot directly. Validators
projected from the pending-deposit queue and builders onboarded mid-epoch live at
indexes past that snapshot, so sorting the set by balance could index out of
range and return a 500 for the validators and builders pages. Route the lookups
through a bounds-safe accessor that treats a missing index as zero, matching the
existing ascending validator sort.

Add tests covering the bounds-safe lookups and the sort with an out-of-range index.
@pk910

pk910 commented Jul 1, 2026

Copy link
Copy Markdown
Member

I've incorporated the fix into #783 as that PR reworks the builder handling and would conflict

@pk910 pk910 closed this Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants