right now indexer backup is not checksummed (nor deterministic) and can potentially differ from node to node. if a rogue node publishes an incomplete indexer, a bootstrapping node can pull that broken indexer during the statesync init.
@p4u proposes removing the indexer backup from the state snapshot, and implementing some out-of-band mechanism, for example an "authoritative" node that maintains the complete indexer and publishes the resulting backup over ipns (very much like the archiver). that would be pulled during ApplySnapshotChunk, when the height of the state is already known. if there's any failure, our code would simply report to cometbft that the whole statesync failed and cometbft would try again, with another snapshot (and height, possibly)
right now indexer backup is not checksummed (nor deterministic) and can potentially differ from node to node. if a rogue node publishes an incomplete indexer, a bootstrapping node can pull that broken indexer during the statesync init.
@p4u proposes removing the indexer backup from the state snapshot, and implementing some out-of-band mechanism, for example an "authoritative" node that maintains the complete indexer and publishes the resulting backup over ipns (very much like the archiver). that would be pulled during ApplySnapshotChunk, when the height of the state is already known. if there's any failure, our code would simply report to cometbft that the whole statesync failed and cometbft would try again, with another snapshot (and height, possibly)