Findings: The aggregation request works correctly, i.e., OS returns a response. But it fails to deserialize the response because there is no deserializer registered for the parent aggregation.

In federated learning, malicious attackers may control clients and servers to perform gradient poisoning, forge aggregation results, and infer individual gradient privacy, posing serious security ...