Reexamine the solution for informing the node-service about poet proofs

[poszu]

Description

The ATX Builder (which runs on the smeshing-service), registers in poet services and downloads proofs from them without interaction with the node-service. Because of this, the node-service is not aware of any poet proofs. This creates a problem when the smeshing-service publishes an ATX to the node-service - the ATX cannot be validated because the node-service doesn't know the poet proof (it's not part of the ATX).

In the current implementation, there is a special POST endpoint /poet, which is used to send the poet proof to the node-service, which validates it and stores it in the state DB. This opens up a vulnerability - the node-service is easily DOS-able by sending it many (potentially millions) of valid poet proofs.

The poet proof is pushed to the node-service in:

go-spacemesh/activation/poetdb.go

Lines 111 to 116 in f31f02b

	if db.remoteStorer != nil {
	err := db.remoteStorer.StorePoetProof(ctx, proofMessage)
	if err != nil {
	db.logger.Warn("failed to store the poet proof in remote store", zap.Error(err))
	}
	}

Note

A minimal poet proof is easy to create. It needs to have only 150 leaves and more proofs can be created upon it by adding one more leaf (151, 152, 153 and so on).

We need to find a better way of informing the node-service about the poet proof used in the ATX. One way could be to include the proof along with the published ATX.