Notes on Compact Block getdata fallback responses #13370

issue TheBlueMatt openend this issue on June 1, 2018
  1. TheBlueMatt commented at 6:42 pm on June 1, 2018: contributor

    This came up at a meeting a while back, but I realized it was never materially written down anywhere.

    Compact Block high-bandwidth processing can fall back to getdatas when the client belives a short id collision may have occurred (among a few other cases). In such cases, we are required to wait until we have verified the full block before we can respond to the getdata request (hence the few awkward ActivateBestChain calls in net_processing). However, in case we find the block to be invalid (or decide its actually not our best-chain-candidate due to some race receiving another block in parallel) we will simply leave the getdata unresponded to. This will result in us eventually getting disconnected for stalling.

    It is important to note that, were an attacker able to generate a block which, when relayed, would cause getdata fallbacks on an invalid block, such an attacker would be able to cause massive disconnections across the network, especially targeting mining nodes or other nodes which receive blocks particularly fastly. I do not believe such creation is currently possible, but definitely could be bad if we did something dumb like fixing the nonce in the future.

    During the meeting we discussed using the existing NOTFOUND message for block requests as well, which seemed to have some level of support (or a BLOCK_NOTFOUND or whathaveyou) and using that to allow peers to simply reject providing a block without being disconnected as a staller.

  2. maflcko added the label P2P on Jun 1, 2018
  3. willcl-ark commented at 10:50 am on October 10, 2022: member

    It appears this might still be a potential issue in 24.0rc1 and master.

    IIUC when node A detects a short id collision on a compact block it will request the full block from node B with a getdata:

    https://github.com/bitcoin/bitcoin/blob/def75f0fb51b2d2d54cd4d772cf54d45b0fa5ae8/src/net_processing.cpp#L4195-L4201

    If node B has in the meantime determined that block to be invalid after validation (or re-orged it) then the following clause will execute causing node B to never respond to the getdata request for the block:

    https://github.com/bitcoin/bitcoin/blob/def75f0fb51b2d2d54cd4d772cf54d45b0fa5ae8/src/net_processing.cpp#L2106-L2109

    One thing that is not immediately clear to me is where node A marks B for disconnection in the case a getdata is not responded to; is this still how the P2P protocol works internally?

    If the disconnection is still a prospect, it does seem that using the NOTFOUND message is the approach that makes the most sense, and avoids having to add a new message.

  4. instagibbs commented at 12:09 pm on July 3, 2025: member

    Is it a protocol violation, or otherwise dangerous, to just serve the block you advertised even though you later found it was invalid? Clearly it would result in these bad blocks propagating more, but the same could be done with valid-with-recent-PoW-but-stale blocks.

    edit: took a crack at documenting similar case and logic change: https://github.com/bitcoin/bitcoin/pull/32869

  5. instagibbs referenced this in commit aac7e214cd on Jul 3, 2025
  6. instagibbs referenced this in commit e74dcb1dee on Jul 3, 2025


TheBlueMatt willcl-ark instagibbs

Labels
P2P

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-07-26 21:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me