Document attestation target clamping as defensive guard (#214)

pablodeymo · web-flow · commit 7fb55f7f7878 · 2026-03-13T15:55:41.000-03:00
## Motivation

A spec-to-code compliance audit (FINDING-003) identified that
`get_attestation_target` adds a clamping guard to `latest_justified`
that the spec does not have. The code was correct but lacked explanation
of why the guard exists and that it diverges from the spec.

## Description

Clarifies the comment on the `latest_justified` clamping in
`get_attestation_target` to explain:

- The spec's justifiability walk-back has no lower bound and can produce
attestations where `target.slot &lt; source.slot`
- These would fail `is_valid_vote` Rule 5 and be discarded, but
producing them wastes work and pollutes the network
- The clamping is our defensive addition, not spec behavior
- This edge case triggers when a block advances `latest_justified`
between `safe_target` updates (interval 2)

## How to Test

Documentation-only change. `cargo test --workspace --release` passes.
diff --git a/crates/blockchain/src/store.rs b/crates/blockchain/src/store.rs
@@ -693,10 +693,16 @@ pub fn get_attestation_target(store: &Store) -> Checkpoint {
             .get_block_header(&target_block_root)
             .expect("parent block exists");
     }
-    // Ensure target is at or after the source (latest_justified) to maintain
-    // the invariant: source.slot <= target.slot. When a block advances
-    // latest_justified between safe_target updates (interval 2), the walk-back
-    // above can land on a slot behind the new justified checkpoint.
+    // Guard: clamp target to latest_justified (not in the spec).
+    //
+    // The spec's walk-back has no lower bound, so it can produce attestations
+    // where target.slot < source.slot (source = latest_justified). These would
+    // fail is_valid_vote Rule 5 (target.slot > source.slot) and be discarded,
+    // but producing them wastes work and pollutes the network.
+    //
+    // This happens when a block advances latest_justified between safe_target
+    // updates (interval 2), causing the walk-back to land behind the new
+    // justified checkpoint.
     //
     // See https://github.com/blockblaz/zeam/blob/697c293879e922942965cdb1da3c6044187ae00e/pkgs/node/src/forkchoice.zig#L654-L659
     let latest_justified = store.latest_justified();
