Document why peers on old versions are rejected

Describe why it's a security issue above the check.
ZcashFoundation · Jul 23, 2021 · 12f3b6f · 12f3b6f
1 parent fda74f5
commit 12f3b6f
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/zebra-network/src/peer/handshake.rs b/zebra-network/src/peer/handshake.rs
@@ -567,6 +567,8 @@ pub async fn negotiate_version(
         Err(HandshakeError::NonceReuse)?;
     }
 
+    // SECURITY: Reject connections to peers on old versions, because they might not know about all
+    // network upgrades and could lead to chain forks or slower block propagation.
     let tip_height = best_tip_height.non_finalized();
     let min_version = Version::min_remote_for_height(config.network, tip_height);
     if remote_version < min_version {