Skip to content

fix: raise snap response limits to prevent SnapSync regression#10904

Merged
kamilchodola merged 2 commits intomasterfrom
kch/fix-snap-limits
Mar 20, 2026
Merged

fix: raise snap response limits to prevent SnapSync regression#10904
kamilchodola merged 2 commits intomasterfrom
kch/fix-snap-limits

Conversation

@kamilchodola
Copy link
Contributor

@kamilchodola kamilchodola commented Mar 20, 2026

Summary

  • Raises MaxResponseAccounts and MaxResponseSlotsPerAccount from 16,384 to 131,072 in SnapMessageLimits
  • Adds invariant tests ensuring response limits stay consistent with the 3 MiB response cap
  • Adds boundary roundtrip tests at production-scale counts (40K accounts, 50K storage slots)

Changes

#10753 introduced RLP deserialization limits for snap protocol messages. The response-side limits were set at 16,384 — too low for valid responses within the 3 MiB cap. Peers sending normal AccountRange responses (25K–38K accounts observed on Hoodi) triggered RlpLimitException, which disconnects and bans the peer for 15 minutes with -10,000 reputation. This progressively banned all snap-serving peers, collapsing SnapSync from ~25% in 5 minutes to ~1% in 15 minutes.

131,072 safely exceeds the theoretical maximum at minimum entry size (3 MiB / ~36 bytes ≈ 87K items).

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Testing

  • 4 new tests in SnapMessageLimitsTests:
    • MaxResponseAccounts_accommodates_max_response_bytes — invariant: limit ≥ max items at min entry size
    • MaxResponseSlotsPerAccount_accommodates_max_response_bytes — same for storage slots
    • Roundtrip_AccountRange_at_40k_accounts — serialize/deserialize 40K accounts without RlpLimitException
    • Roundtrip_StorageRange_at_50k_slots — serialize/deserialize 50K slots without RlpLimitException
  • Verified locally on Hoodi via Docker (Nethermind + Lodestar): SnapSync restored to ~6% in 1.5 minutes

See also #10902 for additional follow-up findings from the #10753 refactor.

@kamilchodola
fix: raise snap response limits to prevent peer banning during SnapSync
3e15159 
MaxResponseAccounts (16,384) and MaxResponseSlotsPerAccount (16,384)
were too low for valid snap protocol responses within the 3 MiB cap.
Peers sending 25K-38K accounts or large storage ranges triggered
RlpLimitException, which disconnected and banned the peer for 15
minutes — collapsing SnapSync throughput to ~1% in 15 minutes
(was 25% in 5 minutes before #10753).

Raise both limits to 131,072 which safely exceeds the theoretical
maximum item count at minimum entry size within a 3 MiB response.

Add invariant tests that verify response limits are consistent with
MaxResponseBytes, plus boundary roundtrip tests at production-scale
counts (40K accounts, 50K slots).
@kamilchodola kamilchodola merged commit ba117e5 into master Mar 20, 2026
423 checks passed
@kamilchodola kamilchodola deleted the kch/fix-snap-limits branch March 20, 2026 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flcl42 flcl42 flcl42 approved these changes

@LukaszRozmej LukaszRozmej LukaszRozmej approved these changes

@asdacap asdacap Awaiting requested review from asdacap asdacap is a code owner

@marcindsobczak marcindsobczak Awaiting requested review from marcindsobczak marcindsobczak is a code owner

Assignees

No one assigned

Labels

bug fix + reliability network

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kamilchodola @flcl42 @LukaszRozmej