Store poisoning mature
An attacker may deliberately submit objects with a wrong hash to a store, in an attempt to poison the cache. If store accepts such objects, it will claim to have objects that it does not actually have.
Preventing poisoning at the store
Stores can avoid poisoning simply by checking the SHA-256 hash of each incoming object.
Alternatively, the store may defer this check until the first has object request, or until an object with the same hash is submitted.
Preventing poisoning at the client
If the client does not trust the store, it must avoid has object requests, and instead request the bytes of each object through a get object request, and verify the hash manually.
Conceptually, store poisoning is equivalent to data loss. In fact, errors in the underlying storage system may also result in objects with wrong hashes.