fix: blob sidecar validation to ensure KZG commitment count matches

CHANGELOG.md

@@ -14,14 +14,20 @@ The format is based on Keep a Changelog, and this project adheres to Semantic Ve
 - `Finished building block`: Display error only if not nil.
 - Added support to update target and max blob count to different values per hard fork config.
 - Log before blob filesystem cache warm-up.
-- 
+- New design for the attestation pool. [PR](https://github.com/prysmaticlabs/prysm/pull/14324)
+- Add field param placeholder for Electra blob target and max to pass spec tests.
+
 ### Changed
 
 - Process light client finality updates only for new finalized epochs instead of doing it for every block.
 - Refactor subnets subscriptions.
 - Refactor RPC handlers subscriptions.
 - Go deps upgrade, from `ioutil` to `io`
 - Move successfully registered validator(s) on builder log to debug.
+- Update some test files to use `crypto/rand` instead of `math/rand`
+- Enforce Compound prefix (0x02) for target when processing pending consolidation request.
+- Limit consolidating by validator's effective balance.
+- Use 16-bit random value for proposer and sync committee selection filter.
 
 ### Deprecated
 
@@ -32,6 +38,8 @@ The format is based on Keep a Changelog, and this project adheres to Semantic Ve
 ### Fixed
 
 - Added check to prevent nil pointer deference or out of bounds array access when validating the BLSToExecutionChange on an impossibly nil validator.
+- Fix blob sidecar validation to ensure KZG commitment count matches.
+- Fixed blob sidecar validation to ensure exact match between available sidecars and KZG commitments.
 
 ### Security
 
@@ -367,7 +375,8 @@ details.
 
 ### Security
 
-- Go version updated to 1.22
+This release contains some important fixes that improve the resiliency of Ethereum Consensus Layer.
+See https://github.com/prysmaticlabs/prysm/pull/12387 and https://github.com/prysmaticlabs/prysm/pull/12398.
 
 ## [v5.0.4](https://github.com/prysmaticlabs/prysm/compare/v5.0.3...v5.0.4) - 2024-07-21
 
@@ -1582,29 +1591,11 @@ non-portable version by default.
 
 ### Fixed
 
-- Late block task wait for initial sync
-- Log the right block number
-- Fix for keystore field name to align with EIP2335
-- Fix epoch participation parsing for API
-- Spec checker, ensure file does not exit or error
-- Uint256 parsing for builder API
-- Fuzz target for execution payload
-- Contribution doc typo
-- Unit test TestFieldTrie_NativeState_fieldConvertersNative
-- Typo on beacon-chain/node/node.go
-- Remove single bit aggregation for aggregator
-- Deflake cloners_test.go
-- Use diff context to update proposer cache background
-- Update protobuf and protobuf deps
-- Run ineffassign for all code
-- Increase validator client startup proposer settings deadline
-- Correct log level for 'Could not send a chunked response'
-- Rrune invalid blocks during initial sync
-- Handle Epoch Boundary Misses
-- Bump google.golang.org/grpc from 1.40.0 to 1.53.0
-- Fix bls signature batch unit test
-- Fix Context Cancellation for insertFinalizedDeposits
-- Lock before saving the poststate to db
+- Sandwich attack on honest reorgs
+- Missing config yamls for specific domains
+- Release lock before panic for feed
+- Return 500 in `/eth/v1/node/peers` interface
+- Checkpoint sync uses correct slot
 
 ### Security
 

beacon-chain/sync/rpc_blob_sidecars_by_range.go

@@ -32,6 +32,29 @@ func (s *Service) streamBlobBatch(ctx context.Context, batch blockBatch, wQuota
 			s.writeErrorResponseToStream(responseCodeServerError, p2ptypes.ErrGeneric.Error(), stream)
 			return wQuota, errors.Wrapf(err, "could not retrieve sidecars for block root %#x", root)
 		}
+
+		// Get the number of KZG commitments in the block
+		kzgCommitments := len(b.Block().Body().BlobKzgCommitments())
+
+		// Check if we have all required blob sidecars only if there are KZG commitments
+		if kzgCommitments > 0 {
+		// Count available blob sidecars
+			availableSidecars := 0
+
+			for _, hasIndex := range idxs {
+				if hasIndex {
+					availableSidecars++
+				}
+			}
+
+			if availableSidecars != kzgCommitments {
+				s.writeErrorResponseToStream(responseCodeServerError, errMissingBlobsForBlockCommitments.Error(), stream)
+				return wQuota, errors.Wrapf(errMissingBlobsForBlockCommitments, 
+					"block root %#x has %d KZG commitments but only %d available sidecars", 
+					root, kzgCommitments, availableSidecars)
+			}
+		}
+
 		for i, l := uint64(0), uint64(len(idxs)); i < l; i++ {
 			// index not available, skip
 			if !idxs[i] {

beacon-chain/sync/rpc_blob_sidecars_by_range_test.go

@@ -147,6 +147,24 @@ func TestBlobByRangeOK(t *testing.T) {
 			},
 			total: func() *int { x := int(params.BeaconConfig().MaxRequestBlobSidecars); return &x }(),
 		},
+		{
+			name: "missing blob sidecars for block with KZG commitments",
+			nblocks: 1,
+			requestFromSidecars: func(scs []blocks.ROBlob) interface{} {
+				return &ethpb.BlobSidecarsByRangeRequest{
+					StartSlot: scs[0].Slot(),
+					Count:     1,
+				}
+			},
+			defineExpected: func(t *testing.T, scs []blocks.ROBlob, req interface{}) []*expectedBlobChunk {
+				return []*expectedBlobChunk{
+					{
+						code:    responseCodeServerError,
+						message: errMissingBlobsForBlockCommitments.Error(),
+					},
+				}
+			},
+		},
 	}
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {