diff --git a/node/pkg/processor/observation.go b/node/pkg/processor/observation.go index d5434d350..edb6c3389 100644 --- a/node/pkg/processor/observation.go +++ b/node/pkg/processor/observation.go @@ -289,18 +289,8 @@ func (p *Processor) handleInboundSignedVAAWithQuorum(ctx context.Context, m *gos return } - // Verify VAA signature to prevent a DoS attack on our local store. - if !v.VerifySignatures(p.gs.Keys) { - p.logger.Warn("received SignedVAAWithQuorum message with invalid VAA signatures", - zap.String("digest", hash), - zap.Any("message", m), - zap.Any("vaa", v), - ) - return - } - + // Verify VAA has enough signatures for quorum quorum := CalculateQuorum(len(p.gs.Keys)) - if len(v.Signatures) < quorum { p.logger.Warn("received SignedVAAWithQuorum message without quorum", zap.String("digest", hash), @@ -312,6 +302,16 @@ func (p *Processor) handleInboundSignedVAAWithQuorum(ctx context.Context, m *gos return } + // Verify VAA signatures to prevent a DoS attack on our local store. + if !v.VerifySignatures(p.gs.Keys) { + p.logger.Warn("received SignedVAAWithQuorum message with invalid VAA signatures", + zap.String("digest", hash), + zap.Any("message", m), + zap.Any("vaa", v), + ) + return + } + // We now established that: // - all signatures on the VAA are valid // - the signature's addresses match the node's current guardian set