Don’t process unrequested, low-work blocks #11458

pull sdaftuar wants to merge 3 commits into bitcoin:master from sdaftuar:2017-10-blocks-before-minwork changing 3 files +54 −13
  1. sdaftuar commented at 6:36 pm on October 6, 2017: member

    A peer could try to waste our resources by sending us unrequested blocks with low work (eg to fill up our disk). Since e265200 we no longer request blocks until we know we’re on a chain with more than nMinimumChainWork (our anti-DoS threshold), but we would still process unrequested blocks that had more work than our tip (which generally has low-work during IBD), even though we may not yet have found a headers chain with sufficient work.

    Fix this and add a test.

  2. gmaxwell commented at 7:04 pm on October 6, 2017: contributor
    Concept ACK
  3. TheBlueMatt commented at 0:17 am on October 7, 2017: member
    Concept ACK, though fForceProcessing/fRequested doesn’t do the thing you think it does, see, eg #9352#pullrequestreview-13343287.
  4. fanquake added the label Validation on Oct 7, 2017
  5. promag commented at 7:49 am on October 7, 2017: member

    This is only useful if tip chain work is less than minimum chain work, which I think only happens in IBD?

    Edit: ready more carefully the PR description.

    Maybe we should just ignore unrequested blocks if tip chain work < minimum chain work? This way this test could be moved before AcceptBlockHeader?

  6. sdaftuar commented at 12:31 pm on October 7, 2017: member

    Concept ACK, though fForceProcessing/fRequested doesn’t do the thing you think it does, see, eg #9352 (review). @TheBlueMatt Is there a mistake here? I know we use the fForceProcessing/fRequested in a couple ways but I believe this is correct – for instance the unusual use of it in compact block processing shouldn’t be an issue, because we don’t try to reconstruct compact blocks when our chain tip is far behind. Did I miss a case?

  7. achow101 commented at 9:17 pm on October 8, 2017: member
    Concept ACK
  10. TheBlueMatt commented at 11:07 pm on October 19, 2017: member

    @sdaftuar Indeed. You were right, I was confused, but this does leave the logic being added here super brittle to future changes. For those following along at home, the reason compact blocks always passing fRequested as true doesn’t break this is that it does a CanDirectFetch first, which only looks at the timestamp of our chainActive.Tip(). Thus, this logic would be broken if there were any way for an attacker to cheaply feed us a single best-chain block which had a timestamp close to today, though there should be no way to do so as other ways to get the block onto disk (and, thus, to become our chainActive.Tip()) without meeting the nMinimumChainWork test in FindNextBlocksToDownload. This anti-DoS-logic-stradling-validation-and-net_processing stuff irritates me endlessly, but I think this is fine for now (and should likely be backported in 0.15.0.2 if we do one as a part of #11531).

    utACK (didn’t review test changes, which will conflict with #11531) f0940e462cb435f10ef6f052dae609655202f245

  11. TheBlueMatt commented at 11:34 pm on October 19, 2017: member
    Also, maybe add a comment about the CanDirectFetch stuff somewhere.
  12. Don't process unrequested, low-work blocks 
    A peer could try to waste our resources by sending us unrequested blocks with
low work, eg to fill up our disk.  Since
e2652002b6011f793185d473f87f1730c625593b we no longer request blocks until we
know we're on a chain with more than nMinimumChainWork (our anti-DoS
threshold), but we would still process unrequested blocks that had more work
than our tip.  This commit fixes that behavior.
    ce8cd7a7da
  13. qa: add test for minchainwork use in acceptblock 08fd822771
  14. sdaftuar force-pushed on Oct 20, 2017
  15. sdaftuar commented at 0:39 am on October 20, 2017: member
    Needed a rebase due to a conflict in the test.
  16. Add comment explaining forced processing of compact blocks 01b52cedd4
  17. sdaftuar commented at 0:59 am on October 20, 2017: member
    @TheBlueMatt I added a comment. @promag Thanks for the patch and for the review, but I (slightly) prefer the code that I’ve presented already. Skipping the call to AcceptBlockHeader doesn’t do much in the adversarial case (which is the only case we’re concerned about here), because an attacker would just separately deliver the header which we would process and store. And it seems clearer to me to just put this in the same block with the other checks we do when a block is not requested.
  18. promag commented at 8:45 am on October 20, 2017: member

    utACK 01b52ce.

    Nit, I would squash the test with the commit adding the feature.

  19. sipa commented at 11:03 am on October 20, 2017: member
    utACK 01b52cedd42f50a93b40981c91af7c12de6e45ce
  20. TheBlueMatt commented at 5:25 pm on October 20, 2017: member
    utACK 01b52cedd42f50a93b40981c91af7c12de6e45ce, didnt review the test parts.
  21. laanwj merged this on Oct 21, 2017
  22. laanwj closed this on Oct 21, 2017
  23. laanwj referenced this in commit c0e5139413 on Oct 21, 2017
  24. laanwj referenced this in commit cffa5ee132 on Nov 1, 2017
  25. MarcoFalke added the label Needs backport on Nov 1, 2017
  26. TheBlueMatt commented at 2:44 pm on November 1, 2017: member
    Needs backport (#11531 depends on this somewhat indirectly)
  27. MarcoFalke added this to the milestone 0.15.0.2 on Nov 1, 2017
  28. MarcoFalke referenced this in commit 07502603c0 on Nov 1, 2017
  29. MarcoFalke referenced this in commit 6c8e2471b6 on Nov 1, 2017
  30. MarcoFalke referenced this in commit 691c73379f on Nov 1, 2017
  31. MarcoFalke referenced this in commit 347c74b9ea on Nov 1, 2017
  32. MarcoFalke referenced this in commit d20508f84a on Nov 1, 2017
  33. MarcoFalke referenced this in commit 1aa6f8807a on Nov 1, 2017
  34. MarcoFalke referenced this in commit 2ff59ef99b on Nov 1, 2017
  35. MarcoFalke referenced this in commit 4a9621dac9 on Nov 1, 2017
  36. MarcoFalke referenced this in commit d98815e64e on Nov 1, 2017
  37. MarcoFalke referenced this in commit 5fa26f0a5b on Nov 1, 2017
  38. MarcoFalke referenced this in commit b40f5924f3 on Nov 1, 2017
  39. MarcoFalke referenced this in commit 69cb6e10ce on Nov 1, 2017
  40. MarcoFalke removed the label Needs backport on Nov 1, 2017
  41. MarcoFalke referenced this in commit 3acec38781 on Nov 2, 2017
  42. MarcoFalke referenced this in commit 2df65eeb98 on Nov 2, 2017
  43. MarcoFalke referenced this in commit ffb6ea4e5e on Nov 2, 2017
  44. codablock referenced this in commit e820f396aa on Sep 26, 2019
  45. codablock referenced this in commit b246b58720 on Sep 26, 2019
  46. codablock referenced this in commit 35d60de2b5 on Sep 29, 2019
  47. codablock referenced this in commit 7d21a78fa1 on Sep 29, 2019
  48. barrystyle referenced this in commit e07add8dd8 on Jan 22, 2020
  49. barrystyle referenced this in commit 95b0dcef19 on Jan 22, 2020
  50. MarcoFalke locked this on Sep 8, 2021


sdaftuar gmaxwell TheBlueMatt promag achow101 meshcollider sipa

Labels
Validation

Milestone
0.15.1

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-05 01:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me