Default state_default of missing m.room.power_levels event is incorrect

[kegsay]

In the distant past, state_default was 0 if the PL event was missing. https://github.com/matrix-org/synapse/blob/v0.18.5/synapse/api/auth.py#L997

This got changed in matrix-org/synapse@5c9afd6 to address room hijacking if there was no PL event.

The spec however hasn't been updated and still has the scary warnings about state_default being 0. Specifically, these statements lie:

If the room contains no m.room.power_levels event, both the state_default and events_default are 0.

Note: As noted above, in the absence of an m.room.power_levels event, the state_default is 0

[richvdh]

links:

the spec text in question is at https://matrix.org/docs/spec/client_server/r0.6.1#m-room-power-levels.

this was changed in MSC1304 and implemented in matrix-org/synapse#3397. The spec should have been updated by matrix-org/matrix-spec-proposals#1656 but looks like this bit got forgotten.