Enable tx replacement on testnet. #2516

pull mikehearn wants to merge 1 commits into bitcoin:master from mikehearn:replacements-on-testnet changing 1 files +1 −1
  1. mikehearn commented at 1:21 PM on April 12, 2013: contributor

    Tested: wrote a program that replaces a non-final tx and checked it against a bitcoind with this patch, replacement was successful.

  2. Enable tx replacement on testnet.
    Tested: wrote a program that replaces a non-final tx and checked it against a bitcoind with this patch, replacement was successful.
    cded58cadc
  3. TheBlueMatt commented at 4:33 PM on April 12, 2013: member

    False negative...sorry, Ive reset this pull so it should come back with a new test

  4. BitcoinPullTester commented at 4:33 PM on April 12, 2013: none

    Automatic sanity-testing: FAILED BUILD/TEST, see http://jenkins.bluematt.me/pull-tester/cded58cadc0202fa36be5ff67e35b45c992b6da0 for binaries and test log.

    This could happen for one of several reasons:

    1. It chanages paths in makefile.linux-mingw or otherwise changes build scripts in a way that made them incompatible with the automated testing scripts (you can find the patches applied at test-time at http://jenkins.bluematt.me/pull-tester/files/patches/)
    2. It adds/modifies tests which test network rules (thanks for doing that), which conflicts with a patch applied at test time
    3. It does not build on either Linux i386 or Win32 (via MinGW cross compile)
    4. The test suite fails on either Linux i386 or Win32
    5. The block test-cases failed (lookup the first bNN identifier which failed in https://github.com/TheBlueMatt/test-scripts/blob/master/FullBlockTestGenerator.java)

    If you believe this to be in error, please ping BlueMatt on freenode or TheBlueMatt here.

    This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  5. TheBlueMatt commented at 4:36 PM on April 12, 2013: member

    This pull needs rebased to get the updated contrib/ before it will test

  6. in src/main.cpp:None in cded58cadc 
     668 | @@ -669,7 +669,7 @@ bool CTxMemPool::accept(CValidationState &state, CTransaction &tx, bool fCheckIn
 669 |          if (mapNextTx.count(outpoint))
 670 |          {
 671 |              // Disable replacement feature for now
 672 | -            return false;
 673 | +            if (!fTestNet) return false;
    rebroad commented at 5:44 AM on April 13, 2013:

    Isn't the testnet supposed to be as similar as possible to the live network? Instead of making this dependent on whether it's the testnet or not, why not use a command line option instead?

    mikehearn commented at 7:18 AM on April 13, 2013:

    No. We use it for testing of new features also. That's why the isstandard checks are not applied on the testnet. On 13 Apr 2013 07:45, "R E Broadley" notifications@github.com wrote:

    In src/main.cpp:

    @@ -669,7 +669,7 @@ bool CTxMemPool::accept(CValidationState &state, CTransaction &tx, bool fCheckIn if (mapNextTx.count(outpoint)) { // Disable replacement feature for now

    •        return false;
    •        if (!fTestNet) return false;

    Isn't the testnet supposed to be as similar as possible to the live network? Instead of making this dependent on whether it's the testnet or not, why not use a command line option instead?

    — Reply to this email directly or view it on GitHubhttps://github.com/bitcoin/bitcoin/pull/2516/files#r3782989 .

  7. petertodd commented at 1:40 AM on April 14, 2013: contributor

    NACK without anti-DoS measures and a discussion on the email list about how to price network bandwidth. Note Gavin's relevant discussion about non-chain messages attached to tx's.

  8. sipa commented at 11:59 PM on April 15, 2013: member

    How about: keep a counter in the mempool, remembering the sum of the sizes of all replacements a transaction has had. When deciding whether to accept a transaction as a replacement, increase this number and then check whether its fee is enough for that size. That's certainly overkill, as it will correctly count network and processing overhead, but not blockchain or UTXO burdening (as those only happen after finalizing). In any case, it's easy to implement, seems safe to me, and would at least allow experimenting with this on testnet.

  9. mikehearn commented at 9:04 AM on April 16, 2013: contributor

    I'm quite aware of the DoS and other issues, that's why this pull is only for the testnet. Obviously we can't prove we made the feature safe without actually being able to demo failed attacks. Re-enabling on the testnet doesn't have any downsides, and has some upsides. The fixes to make it workable on the main network can come later.

  10. petertodd commented at 12:21 PM on April 16, 2013: contributor

    @sipa @mikehearn replied on bitcoin-dev mailing list

  11. qubez commented at 2:14 PM on April 16, 2013: none

    As one relay anti-DOS mechanism, the minimum increase in fee to replace an existing mempool transaction could be set to minrelayfee.

    This would mean a languishing zero fee transaction could only be replaced if it's total fee was increased to at least 0.0001 (or 0.0001 per KB). The replacement transaction could only be again replaced if all its previous ins/outs are unchanged and the total fee is increased by at least another 0.0001 more. The resending client must also ensure that besides this resend increase, the priority-required fee is also added or increased if the transaction gains a KB or drops out of free priority, and the relay node enforces this correctly.

    This gives the ability to increase pending transaction fees, but makes continued replacement not get beyond relays without spending more each time (and using up unspents). This also would discourage adding new non-change payment outputs to an existing transaction instead of creating a new transaction.

    Also at the relay level, replacements should be bounced if existing ins/outs are altered, so 0-conf transactions are still as trustable as before: modtransaction

  12. mikehearn commented at 2:43 PM on April 16, 2013: contributor

    Guys, your enthusiasm is commendable but can we please keep the "redesign Bitcoin" discussions on the mailing list or forum please. This pull is very simple and is not the right place to discuss strategies for re-enabling on the main network - the goal is simply to enable on the testnet so we can experiment and try different things there without needing to run locally patched testnet-in-boxes all the time.

  13. qubez commented at 3:02 PM on April 16, 2013: none

    OK, this won't destroy testnet as we know it. I just wonder if a 0.9 testnet could actually be testing something instead of allowing testing of anything.

    Would this impact testing of double-spend resistance or formulas, such as people who may want to test their "dice" or commerce 0-confirmations sites with testcoins first?

  14. mikehearn commented at 3:29 PM on April 16, 2013: contributor

    Sure. I think it's clear that whatever is implemented would be deployed first on testnet before the line that disables it is removed.

  15. petertodd commented at 3:32 PM on April 16, 2013: contributor

    @mikehearn We already know we have to test DoS behavior, and fix that behavior, so we already know the code will need to be changed a few times. Under those circumstances I see no reason to put that code into the client everyone is going to be running, potentially disrupting their testing activities for no good reason. (enabling long-disabled code is essentially the same thing as adding new code)

    Setting up a dozen nodes for testing isn't a big deal - I'd be happy to run one or two with the tx-replacement patch if you want. @qubez FWIW what you wrote is probably the fourth or fifth re-invention of those ideas - a good sign! Also, how did you do that graphic BTW? We could use more graphics on the wiki explaining transactions, among other things, just saying... :)

  16. mikehearn commented at 3:35 PM on April 16, 2013: contributor

    There are already lots of ways to practically DoS the testnet, for instance, by draining all the coins from the faucet or by finding the nodes and DDoSing them, or bringing up lots of dummy nodes. I'm not sure we should be trying to optimise the testnet for robustness against malicious attackers, except in the sense that it's useful to test that.

    Yes I know it's possible to run private testnets. I just don't see why this is a big deal. Forward progress is important.

  17. petertodd commented at 4:31 PM on April 16, 2013: contributor

    Seems to me that everyone who commented has proposed something similar to requiring the fees of the replacement transaction be higher than the original. Requiring an increase of txsize * MIN_RELAY_FEE for each replacement has been proposed multiple times and would require just one or two lines of code. Its important that the design accept that network bandwidth isn't free, and that rule matches the same rule elsewhere for accepting transaction to the mempool.

    I'll ACK that.

  18. mikehearn commented at 4:34 PM on April 16, 2013: contributor

    I haven't commented because this is the wrong place for the discussion. Suffice it to say, that is not how the system was designed to work and that change would make it fairly useless, so I will not be doing it that way. Once again, if you want to propose a re-design that doesn't meet Satoshi's original goals, go ahead and do that - on the forum or mailing list.

  19. petertodd commented at 4:43 PM on April 16, 2013: contributor

    huh, so I guess you are expecting replacements are free? what are your thoughts on how dos protection might eventually work?

  20. mikehearn commented at 4:44 PM on April 16, 2013: contributor

    I'll send a mail to the list with my overall plan in it.

  21. petertodd commented at 4:51 PM on April 16, 2013: contributor

    post first next time

  22. mikehearn commented at 5:02 PM on April 16, 2013: contributor

    What I'm going to post is not anything new, you just weren't there for the original discussions (they're buried on the forum somewhere). But I will happily repeat and elaborate on the topic.

  23. petertodd commented at 5:12 PM on April 16, 2013: contributor

    fwiw, I've been around bitcoin a lot longer than you might realize

  24. sipa commented at 5:43 PM on April 16, 2013: member

    Please, let's keep it on topic.

    As long as it is about a proof-of-concept DoS protection mechanism as long as this in testnet-only, I see no problem discussing it here. Before enabling it on the main network we can have a broader discussion, but that shouldn't prevent experimenting with the technical infrastructure for transaction replacement first.

    The easiest solution is certainly requiring that every replacement adds MIN_FEE. I think that's overkill, but it should work. It means you have to keep enough change around for all times you may need to replace, and forgetting this would in practice result in your non-final transaction not being replaceable. So what I suggest is requiring that every replaced version pays for its size and the size of all its previous versions together, using whatever the fee policy is at that time. You can pay the fee once in advance, or increase it along the way if needed. This is still trivial to implement, IMHO, and one only pays for replacements effectively broadcast on the network.

    EDIT: Even better, you can retain this "summed seen size" of transaction versions, and use it in priority calculations when constructing blocks. This gives you an automatic prioritization for block inclusion based on the load you've caused to the network.

  25. jgarzik commented at 5:51 PM on April 16, 2013: contributor

    Taking a higher level view: There are two conflicting, equally valid goals:

    1. Mimic mainnet rules as closely as possible
    2. Provide an avenue for testing new features, enabling and testing them on testnet before doing so on mainnet

    Existing members of the ecosystem probably value 1) more highly. Unless it's a feature they want to see added/enabled. In which case, they would value 2) more highly. Neither is the "wrong" answer.

    Enabling a new feature may inhibit testing of an existing feature, thereby hiding bugs.

    Maybe 'testnet' (existing feature testing) needs a sister coin 'nextnet'?

  26. jgarzik commented at 5:54 PM on April 16, 2013: contributor

    So, I would NAK this pull req on testnet, and ACK this pull req on nextnet, using that logic.

  27. gmaxwell commented at 6:12 PM on April 16, 2013: contributor

    Adding some color (or perhaps another take on it) to jgarzik's position, I'd say that to whatever extent we enable things on testnet they should be of a form and character that we at least believe we'd eventually implement on mainnet. E.g. testing not pure research. So I'm okay with testnet being "nextnet" to a degree— pulling in features we've basically agreed to for mainnet but feel need more testing... I'm less okay with it being "perhapsnet".

  28. petertodd commented at 6:58 PM on April 16, 2013: contributor

    I don't think we should stress too much about implementing a maybe net. Lots of options like vps servers exist for people to try their new concepts. Anyway according to my seed usually only thirty to fifty test net nodes are ever running.

  29. petertodd commented at 7:04 PM on April 16, 2013: contributor

    @sipa tax replacement can only replace outputs and scriptsigs, not inputs. You already have to pick in advance your max fee and gradually increase it by replacing outputs.

  30. sipa commented at 7:06 PM on April 16, 2013: member

    @petertodd I know. I don't see how that conflicts with my proposal? You have to pick a maximum change in advance indeed, but you're not required to actually use more and more of it at every step. You can, if you want to compensate for the decreased priority, though.

  31. petertodd commented at 7:08 PM on April 16, 2013: contributor

    Ah good. See I think the next question is do inputs really have to be locked? What's wrong with adding to the input set?

    Pieter Wuille notifications@github.com wrote:

    @petertodd I know. I don't see how that conflicts with my proposal? You have to pick a maximum change in advance indeed, but you're not required to actually use more and more of it at every step. You can, if you want to compensate for the decreased priority, though.

    Reply to this email directly or view it on GitHub: #2516 (comment)

  32. mikehearn commented at 9:51 AM on April 17, 2013: contributor

    Re: nextnet. I'm agnostic. Having a public testnet is convenient but indeed not technically necessary. Having a third "researchnet" is probably overkill though, there's overhead involved and given there aren't many testnet nodes to start with I guess a researchnet/nextnet would have even fewer.

    So I'd prefer to just re-use the testnet. The cost/benefit tradeoff there feels right. But as Jeff says, it's something reasonable people can disagree on, neither position is obviously the best.

  33. petertodd commented at 7:53 AM on April 18, 2013: contributor

    With the recent -development mailing list post pointing out how the "rapidly-adjusting micropayments" use on the Contracts page in the wiki doesn't even work due to a bug that would be obvious to anyone who actually wrote an implementation I'm also going to amend my NAK to include the requirement for a toy-implementation. At least tx-replacement example should be implemented, but ideally a few use-cases. @mikehearn you could have easily done that on a single machine with a modified bitcoind and determined if a fix is or is not possible, and what changes (if any) need to be done with tx replacement without wasting everyones' time.

    Of course, I too am guilty of advocating stuff without writing any code...

  34. jgarzik commented at 4:02 PM on June 24, 2013: contributor

    Closing; no clear consensus and this never really moved forward. It is a trivial patch and we can re-open in an instant, if there is consensus that we want this.

    Revisiting the discussion, I'm more agnostic: if other devs think there is value in this feature on testnet, ok. Otherwise, not. I tend to prefer testnet stay as close as possible to mainnet rules, but it is a philosophical point.

  35. jgarzik closed this on Jun 24, 2013
  36. petertodd commented at 11:28 PM on August 31, 2016: contributor

    Note that this pull-req has been implemented by #6871, which also includes anti-DoS protection via fees.

  37. DrahtBot locked this on Sep 8, 2021
Contributors
mikehearnTheBlueMattBitcoinPullTesterrebroadpetertoddsipaqubezjgarzikgmaxwell
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-02 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me