When beginning sync, we currently ask a peer for the current tip height, then follow the chain up to that point. This can be DoSed if a malicious peer sends a fake height that is too high, since our client never thinks it has finished syncing.
We can fix this by trusting the header time is accurate to check if we are synced close enough to the current time. Can also probably skip the initial height query and just binary search upwards (or use a time heuristic to guess the tip height).
When beginning sync, we currently ask a peer for the current tip height, then follow the chain up to that point. This can be DoSed if a malicious peer sends a fake height that is too high, since our client never thinks it has finished syncing.
We can fix this by trusting the header time is accurate to check if we are synced close enough to the current time. Can also probably skip the initial height query and just binary search upwards (or use a time heuristic to guess the tip height).