From 40505a9bc065033472be5c0bcaf2882efd421ce2 Mon Sep 17 00:00:00 2001
From: Delweng <delweng@gmail.com>
Date: Wed, 15 Oct 2025 16:24:48 +0800
Subject: [PATCH] eth/protocols/eth: reject message containing duplicated txs
 and drop peer (#32728)

Drop peer if sending the same transaction multiple times in a single message.

Fixes https://github.com/ethereum/go-ethereum/issues/32724


---------

Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
Co-authored-by: Gary Rong <garyrong0905@gmail.com>
Co-authored-by: Csaba Kiraly <csaba.kiraly@gmail.com>
---
 eth/protocols/eth/handlers.go | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/eth/protocols/eth/handlers.go b/eth/protocols/eth/handlers.go
index 15ad048bcf..aad3353d88 100644
--- a/eth/protocols/eth/handlers.go
+++ b/eth/protocols/eth/handlers.go
@@ -494,12 +494,19 @@ func handleTransactions(backend Backend, msg Decoder, peer *Peer) error {
 	if err := msg.Decode(&txs); err != nil {
 		return err
 	}
+	// Duplicate transactions are not allowed
+	seen := make(map[common.Hash]struct{})
 	for i, tx := range txs {
 		// Validate and mark the remote transaction
 		if tx == nil {
 			return fmt.Errorf("Transactions: transaction %d is nil", i)
 		}
-		peer.markTransaction(tx.Hash())
+		hash := tx.Hash()
+		if _, exists := seen[hash]; exists {
+			return fmt.Errorf("Transactions: multiple copies of the same hash %v", hash)
+		}
+		seen[hash] = struct{}{}
+		peer.markTransaction(hash)
 	}
 	return backend.Handle(peer, &txs)
 }
@@ -514,12 +521,19 @@ func handlePooledTransactions(backend Backend, msg Decoder, peer *Peer) error {
 	if err := msg.Decode(&txs); err != nil {
 		return err
 	}
+	// Duplicate transactions are not allowed
+	seen := make(map[common.Hash]struct{})
 	for i, tx := range txs.PooledTransactionsResponse {
 		// Validate and mark the remote transaction
 		if tx == nil {
 			return fmt.Errorf("PooledTransactions: transaction %d is nil", i)
 		}
-		peer.markTransaction(tx.Hash())
+		hash := tx.Hash()
+		if _, exists := seen[hash]; exists {
+			return fmt.Errorf("PooledTransactions: multiple copies of the same hash %v", hash)
+		}
+		seen[hash] = struct{}{}
+		peer.markTransaction(hash)
 	}
 	requestTracker.Fulfil(peer.id, peer.version, PooledTransactionsMsg, txs.RequestId)