From 0b7b64cbcb94df3dcd55267945506fb99c4a416a Mon Sep 17 00:00:00 2001
From: sumanjeet0012 <sumanjeet0012@gmail.com>
Date: Tue, 26 May 2026 00:55:11 +0530
Subject: [PATCH 1/2] fix(peerstore): validate signer matches peer ID in
 envelope

---
 libp2p/peer/peerstore.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libp2p/peer/peerstore.py b/libp2p/peer/peerstore.py
index 2fc7b4a3d..282a5a3a9 100644
--- a/libp2p/peer/peerstore.py
+++ b/libp2p/peer/peerstore.py
@@ -337,6 +337,14 @@ def consume_peer_record(self, envelope: Envelope, ttl: int) -> bool:
         record = envelope.record()
         peer_id = record.peer_id
 
+        # Reject records whose signer does not match the record's peer ID.
+        try:
+            signer_peer_id = ID.from_pubkey(envelope.public_key)
+        except Exception:
+            return False
+        if signer_peer_id != peer_id:
+            return False
+
         existing = self.peer_record_map.get(peer_id)
         if existing and existing.seq > record.seq:
             return False  # reject older record

From 5abb8810e7990b28c8a1c87a874a20015493181b Mon Sep 17 00:00:00 2001
From: sumanjeet0012 <sumanjeet0012@gmail.com>
Date: Sat, 30 May 2026 15:29:50 +0530
Subject: [PATCH 2/2] added newsfragment file

---
 newsfragments/1338.bugfix.rst | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 newsfragments/1338.bugfix.rst

diff --git a/newsfragments/1338.bugfix.rst b/newsfragments/1338.bugfix.rst
new file mode 100644
index 000000000..35f52ef91
--- /dev/null
+++ b/newsfragments/1338.bugfix.rst
@@ -0,0 +1 @@
+Fixed KadDHT peer record validation to ensure signed ``PeerRecord``s have matching signer identity and peer ID, preventing certified address book poisoning for arbitrary peer IDs.