add -limitdummyscriptdatasize option #29520

pull Retropex wants to merge 4 commits into bitcoin:master from Retropex:relayinscription changing 9 files +304 −0
  1. Retropex commented at 10:05 pm on February 29, 2024: none

    Same as #28408, but with one new options:

    -limitdummyscriptdatasize which allows you to choose the maximum size of the relayed dummy script with the default value MAX_BLOCK_WEIGHT (maximum size of a block)

    PR based on the work of @luke-jr and @LarryRuane with the help of @nsvrn and @ChrisMartl

  2. DrahtBot commented at 10:05 pm on February 29, 2024: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage

    For detailed information about the code coverage, see the test coverage report.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept NACK russeree, glozow, michaelfolkson, 1440000bytes
    Concept ACK ChrisMartl, GregTonoski
    Stale ACK nsvrn

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #30592 (Remove mempoolfullrbf by instagibbs)
    • #29942 (Remove redundant -datacarrier option by vostrnad)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  3. DrahtBot added the label CI failed on Mar 1, 2024
  4. DrahtBot commented at 2:34 am on March 1, 2024: contributor

    🚧 At least one of the CI tasks failed. Make sure to run all tests locally, according to the documentation.

    Possibly this is due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

    Leave a comment here, if you need help tracking down a confusing failure.

    Debug: https://github.com/bitcoin/bitcoin/runs/22147391033

  5. russeree commented at 3:15 am on March 1, 2024: contributor

    NACK, engaging in filtering of specific patterns of script is a long term drain on developers and would not effectively curb the problem because of the fact that miners could always just take the transactions in directly, F2Pool, Marathon Slipstream, Luxor, etc …

    Relay policy is largely designed to prevent attack vectors and DoS attacks on node runners. Relay policy as a governance mechanism IMO is an incredibly dangerous path to take.

    A better approach would be to consider trying to change the consensus rules of the network to better shape long term user behavior. Though this is a harder ask because it would require consensus.

  6. ChrisMartl commented at 5:23 am on March 1, 2024: none
    ACK
  7. ChrisMartl commented at 5:42 am on March 1, 2024: none

    governance mechanism

    Please elaborate or provide rationale for this terminology on your comment / review.

  8. ChrisMartl commented at 5:46 am on March 1, 2024: none

    long term drain on developers

    No true. Some developer contribute and some maintainer “click” on “merge” (effort close to zero).

    The “long term drain” is on side of actors attempting to DoS the system.

  9. russeree commented at 6:43 am on March 1, 2024: contributor

    governance mechanism

    Please elaborate or provide rationale for this terminology on your comment / review.

    Rules put into place in order to curb specific consensus valid behaviors. An example would be place a restriction on the relaying of a specific amount of sats or even TXIDs that have been ground to form vanity addresses. This would be governance.

  10. Retropex commented at 10:17 am on March 1, 2024: none

    NACK, engaging in filtering of specific patterns of script is a long term drain on developers and would not effectively curb the problem because of the fact that miners could always just take the transactions in directly, F2Pool, Marathon Slipstream, Luxor, etc …

    They are already doing it so there is no reason to refuse this change. In addition, it is activated by default so it does not change the default relay policy, it only gives the choice to the node runners.

  11. Retropex force-pushed on Mar 1, 2024
  12. glozow commented at 3:34 pm on March 1, 2024: member

    This is largely a duplicate of #28408 that does not address its problems, so my NACK there applies here #28408 (comment)

    Also, please take high-level discussion to a different forum such as Delving.

  13. glozow added the label TX fees and policy on Mar 1, 2024
  14. nsvrn commented at 4:22 pm on March 1, 2024: contributor

    tACK ccc7df4b4903908855ab0db740b9ce59f711aded

    • Unit and functional tests pass on my local Linux environment
    • Tested both relayinscription and relayinscriptionsize with different values on local regtest against inscription/ord spam transactions, works as intended. Error on rejection:
    0RPC error response: RpcError { code: -26, message: "txn-inscription-exceeded", data: None }
    
    • I’ll be precise on “higher high level discussion” as the authority people suggested so: it is imminent to give optionality to nodes which prefer to not relay spam, otherwise they scramble to using/trusting inconvenient patches and community stores of packaged software.
  15. chrisguida commented at 7:25 pm on March 1, 2024: none

    @glozow the comment you linked is extremely long… would you mind summarizing what you see as the outstanding issues so we can get them addressed?

    Do you just mean your comments here?

    This will not prevent ordinals. Given the high fees, this policy is incentive-incompatible to adopt as a miner. Even if this relay policy is adopted, this has not stopped ordinals in the past (4MB tx in mempool.space, in ordiscan, as tweeted). This change is likely harmful to the node by making its mempool exclude transactions that will be mined. This is a restriction to default policy, which can impact many users beyond an individual node operator, including making it difficult for people to access existing funds, and disrupting compact block relay. This will not prevent data-carrying transactions. See above. It may be best to leave the methods that are most efficient wrt network resource costs. People are calling this “spam” because they don’t like ordinals. While I also personally think Bitcoin is best used for financial transactions, I disagree with this framing of “spam.” In transaction validation and relay logic, we should define spam on the basis of network resources consumed and whether those costs are well bounded and/or paid for, not on the basis of use case. We have no way of detecting whether a bunch of bytes are real/legitimate/useful and, even if we could, it is not protocol development’s place to decide which use cases of Bitcoin are legitimate and which ones aren’t.

  16. in src/script/script.h:551 in 7e006d2e6f outdated
    544@@ -545,9 +545,10 @@ class CScript : public CScriptBase
    545     bool HasValidOps() const;
    546 
    547     /**
    548-     * Returns whether the script is guaranteed to fail at execution,
    549+     * Returns whether the scriptPubKey is guaranteed to fail at execution,
    550      * regardless of the initial stack. This allows outputs to be pruned
    551-     * instantly when entering the UTXO set.
    552+     * instantly when entering the UTXO set. Note that this is incorrect for
    553+     * witness scripts, which are not always limited by MAX_SCRIPT_SIZE.
    


    achow101 commented at 11:31 pm on March 1, 2024:

    In 7e006d2e6f2d656fa74d76b49716dc622a2f8bfa “doc: script: Document that IsUnspendable is incorrect for some witness scripts”

    Witness scripts cannot be scriptPubKeys, so this addition seems to be incorrect with the above change of script to scriptPubKey.

  17. in src/script/script.cpp:334 in 822a1f23cb outdated
    315+            switch (opcode) {
    316+            case OP_IF: case OP_NOTIF:
    317+                ++inside_noop;
    318+                break;
    319+            case OP_ENDIF:
    320+                if (0 == --inside_noop) {
    


    achow101 commented at 11:40 pm on March 1, 2024:

    In 822a1f23cb1dedb2bce496c66964400310e9296c “script: Add CScript::DatacarrierBytes”

    It’s not clear to me why inside_noop needs to be a counter that is incremeted under essentially the same conditions as inside_conditional. ISTM this could be condensed and combined with with the above code for inside_conditional, and just record the depth of the conditional that the no-op began.

  18. in src/policy/policy.cpp:310 in 78fe7b6cd6 outdated
    305@@ -306,3 +306,50 @@ int64_t GetVirtualTransactionInputSize(const CTxIn& txin, int64_t nSigOpCost, un
    306 {
    307     return GetVirtualTransactionSize(GetTransactionInputWeight(txin), nSigOpCost, bytes_per_sigop);
    308 }
    309+
    310+std::pair<CScript, unsigned int> GetScriptForTransactionInput(CScript prevScript, const CTxIn& txin)
    


    achow101 commented at 11:41 pm on March 1, 2024:

    In 78fe7b6cd639b12f42e4af71a7f9ed25f71185e2 “policy: GetScriptForTransactionInput to figure out P2SH, witness, taproot”

    nit: variable names in new code should use snake_case.

  19. in src/policy/policy.h:172 in 78fe7b6cd6 outdated
    168@@ -168,4 +169,6 @@ static inline int64_t GetVirtualTransactionInputSize(const CTxIn& tx)
    169     return GetVirtualTransactionInputSize(tx, 0, 0);
    170 }
    171 
    172+std::pair<CScript, unsigned int> GetScriptForTransactionInput(CScript prevScript, const CTxIn&);
    


    achow101 commented at 11:43 pm on March 1, 2024:

    In 78fe7b6cd639b12f42e4af71a7f9ed25f71185e2 “policy: GetScriptForTransactionInput to figure out P2SH, witness, taproot”

    Can you add a comment that explains what this function does and what it’s return values are.

  20. in src/script/script.cpp:308 in 822a1f23cb outdated
    303+        if (opcode == OP_IF || opcode == OP_NOTIF) {
    304+            ++inside_conditional;
    305+        } else if (opcode == OP_ENDIF) {
    306+            if (!inside_conditional) return size();  // invalid
    307+            --inside_conditional;
    308+        } else if (opcode == OP_RETURN && !inside_conditional) {
    


    achow101 commented at 11:50 pm on March 1, 2024:

    In e9a207d23b588f686d919aa556cd82a921926114 “Apply -datacarriersize to all datacarrying”

    As this function is also called on scriptPubKeys, the check for OP_RETURN data outputs is repeated here. However, this means that if -relayinscriptionsize is smaller than -datacarriersize, such OP_RETURN outputs would also be excluded. These is confusing and unexpected behavior as presumably the node operator wished to allow OP_RETURNs but not inscriptions in that situation.


    Retropex commented at 8:25 pm on March 2, 2024:
    This condition was removed in the last force push.
  21. in test/functional/feature_taproot.py:741 in e9a207d23b outdated
    737@@ -738,7 +738,7 @@ def spenders_taproot_active():
    738         scripts = [
    739             ("pk_codesep", CScript(random_checksig_style(pubs[1]) + bytes([OP_CODESEPARATOR]))),  # codesep after checksig
    740             ("codesep_pk", CScript(bytes([OP_CODESEPARATOR]) + random_checksig_style(pubs[1]))),  # codesep before checksig
    741-            ("branched_codesep", CScript([random.randbytes(random.randrange(2, 511)), OP_DROP, OP_IF, OP_CODESEPARATOR, pubs[0], OP_ELSE, OP_CODESEPARATOR, pubs[1], OP_ENDIF, OP_CHECKSIG])),  # branch dependent codesep
    742+            ("branched_codesep", CScript([random.randbytes(random.randrange(2, 75)), OP_DROP, OP_IF, OP_CODESEPARATOR, pubs[0], OP_ELSE, OP_CODESEPARATOR, pubs[1], OP_ENDIF, OP_CHECKSIG])),  # branch dependent codesep
    


    achow101 commented at 11:54 pm on March 1, 2024:

    In e9a207d23b588f686d919aa556cd82a921926114 “Apply -datacarriersize to all datacarrying”

    Can you explain why this test is being changed? I would expect either it doesn’t need to be changed, or it would have more dramatic changes than just a reduction in the stack item’s size.


    ajtowns commented at 4:22 am on March 6, 2024:
    It seems indicative of bugs if any existing tests need changing; also a functional test of the new behaviour should be added…

    ajtowns commented at 6:44 am on March 28, 2024:
    I think these changes are just pulled from knots, which changes the default behaviour and breaks this test without changes. See https://github.com/bitcoinknots/bitcoin/commit/9ea7197b87d798c4bbb6b84939f6b4fff672c583#diff-5371490253f356bb2ddeb014bb570c5a422ac73ca6dcd8db0f16b81cafa3c786
  22. in src/test/script_tests.cpp:1472 in 7ddcbd8733 outdated
    1468@@ -1468,6 +1469,261 @@ BOOST_AUTO_TEST_CASE(script_HasValidOps)
    1469     BOOST_CHECK(!script.HasValidOps());
    1470 }
    1471 
    1472+BOOST_AUTO_TEST_CASE(script_DataCarrierBytes)
    


    achow101 commented at 11:57 pm on March 1, 2024:

    In 7ddcbd8733348f59ba84bc8312ddf71bdbc061d7 “QA: script_tests: Check GetScriptForTransactionInput and CScript::DataCarrierBytes”

    I think this could use some tests for other existing scripts to check that the inscription matching isn’t also accidentally catching other scripts that are in use today, such as lightning (which uses OP_DROP).

    It’d also be nice to have a fuzzer for the matching function. Perhaps one that generated valid miniscript and checked that such scripts aren’t caught?

  23. in src/init.cpp:637 in ccc7df4b49 outdated
    633@@ -634,6 +634,8 @@ void SetupServerArgs(ArgsManager& argsman)
    634                              "is of this size or less (default: %u)",
    635                              MAX_OP_RETURN_RELAY),
    636                    ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    637+    argsman.AddArg("-relayinscription", strprintf("Relay and mine inscription transactions and remove the fee reduction for them(default: %u)", DEFAULT_RELAY_INSCRIPTION), ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    


    achow101 commented at 11:58 pm on March 1, 2024:

    In ccc7df4b4903908855ab0db740b9ce59f711aded “add -relayinscription option”

    nit: missing a space in “them(default: %u)”

  24. achow101 commented at 0:00 am on March 2, 2024: member

    All of the renaming and moving in the last commit needs to be squashed into the commits that introduced the code. New code should not be introduced only to be renamed or removed in a subsequent commit.

    Note that I am only looking at the code itself and not giving any opinion on whether this is or is not a good idea.

  25. in src/script/script.cpp:347 in 822a1f23cb outdated
    328+            data_began = opcode_it;
    329+        // Match <data> OP_DROP
    330+        } else if (opcode <= OP_PUSHDATA4) {
    331+            data_began = opcode_it;
    332+        } else if (opcode == OP_DROP && last_opcode <= OP_PUSHDATA4) {
    333+            counted += it - data_began;
    


    achow101 commented at 0:02 am on March 2, 2024:

    In 822a1f23cb1dedb2bce496c66964400310e9296c “script: Add CScript::DatacarrierBytes”

    Inscriptions does not use OP_DROP, nor any other data carrying protocol that I am aware of. Does this exist only to preempt such protocols?


    Retropex commented at 8:32 pm on March 2, 2024:
    @luke-jr will probably be able to confirm but according to my understanding of his code it is actually to prevent a possible bypass.
  26. achow101 commented at 0:23 am on March 2, 2024: member

    I want to point out that the matching function is incredibly easy to bypass. The main thing that it is looking for is a script construction of OP_FALSE OP_IF. This is trivially bypassed by moving the OP_FALSE out of the script and onto the stack. As scripts beginning with OP_IF are also scripts that people actually want to use, you cannot just match on the OP_IF. The following diff is a test demonstrating this that fails:

     0diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp
     1index a07a1546a8a..c06dd8f9925 100644
     2--- a/src/test/script_tests.cpp
     3+++ b/src/test/script_tests.cpp
     4@@ -1645,6 +1645,22 @@ BOOST_AUTO_TEST_CASE(script_GetScriptForTransactionInput)
     5         BOOST_CHECK_EQUAL(scale, 1);
     6         BOOST_CHECK_EQUAL(ret_script.InscriptionBytes(), 0);
     7     }
     8+    { // P2TR scriptpath
     9+        CScript prev_script; // scriptPubKey
    10+        CTxIn tx_in;
    11+        prev_script = CScript() << OP_1 << zeros(32);
    12+        // segwit: empty scriptsig
    13+        tx_in.scriptSig = CScript();
    14+        tx_in.scriptWitness.stack.push_back({});
    15+        CScript script = CScript() << OP_IF << OP_8 << OP_9 << OP_11 << OP_ENDIF;
    16+        auto script_vec{std::vector<unsigned char>(script.begin(), script.end())};
    17+        tx_in.scriptWitness.stack.push_back(script_vec);
    18+        tx_in.scriptWitness.stack.push_back(zeros(33)); // control block
    19+        auto [ret_script, scale] = GetScriptForTransactionInput(prev_script, tx_in);
    20+        BOOST_CHECK(ret_script == script);
    21+        BOOST_CHECK_EQUAL(scale, 1);
    22+        BOOST_CHECK_EQUAL(ret_script.InscriptionBytes(), 5);
    23+    }
    24 }
    25 
    26 static CMutableTransaction TxFromHex(const std::string& str)
    
  27. Retropex force-pushed on Mar 2, 2024
  28. Retropex commented at 8:33 pm on March 2, 2024: none

    the last commit needs to be squashed into the commits that introduced the code

    done !

  29. GregTonoski commented at 10:33 am on March 3, 2024: none

    ACK - very interesting improvement proposal. Well worth considering.

    The option name “-relayinscription” may need renaming. It will not be clearly understood because the “inscription” brand is foreign to Bitcoin and other expoits of the vulnerability of unreachable code (here: OF_FALSE OP_IF) are covered. Perhaps, “-dismiss-bloat-from-mempool” (bounce bloated transactions from mempool) would be more self-explanatory.

  30. michaelfolkson commented at 3:02 pm on March 3, 2024: contributor

    Concept NACK

    This is very similar in spirit to #28408 and hence my Concept NACK rationale from there applies here too #28408 (comment)

  31. Retropex commented at 3:28 pm on March 3, 2024: none

    @michaelfolkson There is no reason to refuse this change because it is enabled by default, it does not change the default relay policy.

    You refuse the sovereignty of nodes runners and this is unacceptable.

  32. michaelfolkson commented at 4:00 pm on March 3, 2024: contributor

    @Retropex:

    Ocean can move quicker than Core so perhaps Ocean can engage in this game of tit-for-tat or whack-a-mole but Core would look ridiculous if it was to do so. @Retropex: As I allude to in this previous comment I don’t think Core should go down the route of adding new policy options (or changing default policy) every time an inscription protocol is altered in response to policy changes in Core or any other implementation. Core has to make decisions on its default policy and what policy options are available. Other implementations (e.g. Knots) are free to make different decisions. Node runners are free to run a different implementation if their policy preferences aren’t facilitated in Core. The difference between Core and Ocean/Knots is that Core moves slower, would lose this game of whack-a-mole (to the extent that winning is even possible) and would look ridiculous in the process. I don’t think Core should engage in this game regardless of whether we are talking default policy or custom policy options. Having a bunch of pointless policy options 5 years down the line that were only introduced to play this game of whack-a-mole is not a good direction for the project or the software.

    That is my view and hence why I’m Concept NACKing this PR and new PRs that crop up with a similar objective. In the spirit of not wanting to create unnecessary noise in this repo I won’t be commenting on this PR again but I will log my Concept NACK on new PRs with a similar objective.

  33. in src/init.cpp:638 in 429f2117fa outdated
    633@@ -634,6 +634,8 @@ void SetupServerArgs(ArgsManager& argsman)
    634                              "is of this size or less (default: %u)",
    635                              MAX_OP_RETURN_RELAY),
    636                    ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    637+    argsman.AddArg("-relayinscription", strprintf("Relay and mine inscription transactions and remove the fee reduction for them (default: %u)", DEFAULT_RELAY_INSCRIPTION), ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    638+    argsman.AddArg("-relayinscriptionsize", strprintf("Maximum size of inscription transactions we relay and mine (default: %u)", MAX_INSCRIPTION_RELAY), ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    


    ajtowns commented at 4:08 am on March 6, 2024:

    This isn’t just about relaying, it’s about accepting into your mempool at all – if someone sends you the result of an inscribed tx you won’t be able to spend those funds until they confirm, and (obviously) you won’t include them in blocks.

    I’d suggest something more like -limitdummyscriptdatasize, which also avoids tying it to one particular protocol; given inscriptions could change their spec to use other formats, and other protocols could adopt a similar format, a more generic name seems better.


    Retropex commented at 8:26 pm on March 12, 2024:
    good idea, I’ve change the code to have the -limitdummyscriptdatasize option.
  34. in src/init.cpp:637 in 429f2117fa outdated
    633@@ -634,6 +634,8 @@ void SetupServerArgs(ArgsManager& argsman)
    634                              "is of this size or less (default: %u)",
    635                              MAX_OP_RETURN_RELAY),
    636                    ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    637+    argsman.AddArg("-relayinscription", strprintf("Relay and mine inscription transactions and remove the fee reduction for them (default: %u)", DEFAULT_RELAY_INSCRIPTION), ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    


    ajtowns commented at 4:09 am on March 6, 2024:
    I don’t think it makes much sense to have two options here; setting the size to 0 should be sufficient to say “I don’t want any of this in my mempool”. Having the default be MAX_BLOCK_WEIGHT serves to avoid the limit.

    Retropex commented at 8:27 pm on March 12, 2024:
    I agree, there is now only one.
  35. in src/validation.cpp:840 in 429f2117fa outdated
    836@@ -837,6 +837,10 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
    837         return state.Invalid(TxValidationResult::TX_INPUTS_NOT_STANDARD, "bad-txns-nonstandard-inputs");
    838     }
    839 
    840+    if (InscriptionBytes(tx, m_view) > m_pool.m_max_inscription_bytes.value_or(0)) {
    


    ajtowns commented at 4:18 am on March 6, 2024:
    Am I missing something? This seems to set the default behaviour to forbid any inscription data. I think this should be: if (m_pool.m_max_inscription_bytes && *m_pool.m_max_inscription_bytes < InscriptionBytes(tx, m_view)) { ... }. That also ensures InscriptionBytes isn’t evaluated at all if it’s not needed.
  36. Retropex force-pushed on Mar 6, 2024
  37. Retropex force-pushed on Mar 10, 2024
  38. Retropex force-pushed on Mar 10, 2024
  39. Bitcoin-Lebowski commented at 3:31 am on March 11, 2024: none

    As this change wouldn’t affect the default behaviour, only make it easier for node runners to opt out of relaying spam (if they perceive inscriptions and arbitrary data of the various kinds we see to be spam of course), surely any objections that core default behaviour shouldn’t be used as a governance mechanism are moot?

    Further, if you hold that view, and assert that it is a reason that this pull request shouldn’t be merged, and therefore you seek to restrict node runners optionality when it comes to the data they are willing to relay, isn’t that itself a form of governance? Worse - the default behaviour is then, in fact, being used as governance.

    If the Bitcoin network is truly majority in favour of the spam, then nobody will use the feature anyway…

  40. Retropex force-pushed on Mar 11, 2024
  41. Retropex force-pushed on Mar 12, 2024
  42. Retropex renamed this:
    add `-relayinscription` option
    add `-limitdummyscriptdatasize` option
    on Mar 12, 2024
  43. Retropex force-pushed on Mar 12, 2024
  44. in src/policy/policy.h:70 in 52c28d9e0a outdated
    65@@ -65,6 +66,8 @@ static constexpr unsigned int DEFAULT_DESCENDANT_LIMIT{25};
    66 static constexpr unsigned int DEFAULT_DESCENDANT_SIZE_LIMIT_KVB{101};
    67 /** Default for -datacarrier */
    68 static const bool DEFAULT_ACCEPT_DATACARRIER = true;
    69+/** Default setting for -limitdummyscriptdatasize */
    70+static const unsigned int MAX_DUMMY_SCRIPT_RELAY = MAX_BLOCK_SERIALIZED_SIZE;
    


    ajtowns commented at 11:56 pm on March 12, 2024:
    0/** The maximum allowed size for a serialized block, in bytes (only for buffer size limits) */
    

    This isn’t a buffer size limit, so this seems like the wrong constant.


    Retropex commented at 2:55 pm on March 13, 2024:
    What do you recommend ? MAX_BLOCK_WEIGHT ?

    ajtowns commented at 4:20 pm on March 13, 2024:
    Yeah, that matches other checks in validation.cpp
  45. in src/kernel/mempool_options.h:54 in 52c28d9e0a outdated
    50@@ -51,6 +51,7 @@ struct MemPoolOptions {
    51      * If nullopt, any size is nonstandard.
    52      */
    53     std::optional<unsigned> max_datacarrier_bytes{DEFAULT_ACCEPT_DATACARRIER ? std::optional{MAX_OP_RETURN_RELAY} : std::nullopt};
    54+    std::optional<unsigned> max_dummy_script_bytes{std::optional{MAX_DUMMY_SCRIPT_RELAY}};
    


    ajtowns commented at 11:57 pm on March 12, 2024:
    If this is always being set to a value, there’s no need for it to be optional.
  46. in src/init.cpp:637 in 52c28d9e0a outdated
    633@@ -634,6 +634,7 @@ void SetupServerArgs(ArgsManager& argsman)
    634                              "is of this size or less (default: %u)",
    635                              MAX_OP_RETURN_RELAY),
    636                    ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    637+    argsman.AddArg("-limitdummyscriptdatasize", strprintf("Maximum size of dummy script we relay and mine (default: %u)", MAX_DUMMY_SCRIPT_RELAY), ArgsManager::ALLOW_ANY, OptionsCategory::NODE_RELAY);
    


    ajtowns commented at 11:58 pm on March 12, 2024:
    “size of dummy script data
  47. in src/validation.cpp:840 in 52c28d9e0a outdated
    836@@ -837,6 +837,10 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
    837         return state.Invalid(TxValidationResult::TX_INPUTS_NOT_STANDARD, "bad-txns-nonstandard-inputs");
    838     }
    839 
    840+    if (DummyScriptBytes(tx, m_view) > m_pool.m_max_dummy_script_bytes.value_or(0)) {
    


    ajtowns commented at 0:08 am on March 13, 2024:
    For the default case where no valid tx can possibly have more dummy script data than is allowed, evaluating this at all seems pointless. Could gate it on tx.GetTotalSize() <= m_max_dummy_script_bytes, perhaps.

    Retropex commented at 9:57 pm on March 13, 2024:
    Maybe I’m missing something but if I replace the condition with tx.GetTotalSize() <= m_max_dummy_script_bytes , the DummyScriptBytes() function will not be called in the rest of the code, so how can it detect inscriptions (or other arbitrary data)?

    ajtowns commented at 11:08 pm on March 13, 2024:

    I just mean:

    0if (GetTotalSize > max_dummy_script_bytes) {
    1    if (DummyScriptBytes() > max_dummy_script_bytes) { ... }
    2}
    
  48. Retropex force-pushed on Mar 14, 2024
  49. in src/validation.cpp:840 in 139bc0ec8f outdated
    836@@ -837,6 +837,12 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws)
    837         return state.Invalid(TxValidationResult::TX_INPUTS_NOT_STANDARD, "bad-txns-nonstandard-inputs");
    838     }
    839 
    840+    if (tx.GetTotalSize() > m_pool.m_max_dummy_script_bytes) {
    


    ajtowns commented at 8:16 am on March 27, 2024:
    m_max_dummy_script_bytes is still defined as optional<unsigned> ; should presumably just be unsigned, but if not, shouldn’t be compared to things without first checking it’s not nullopt

    Retropex commented at 1:46 pm on March 27, 2024:
    An oversight on my part thank you for reporting it.
  50. Retropex force-pushed on Mar 27, 2024
  51. in test/functional/feature_taproot.py:1047 in 74cbd538d2 outdated
    1043@@ -1044,7 +1044,7 @@ def big_spend_inputs(ctx):
    1044     # Test that an input stack size of 1000 elements is permitted, but 1001 isn't.
    1045     add_spender(spenders, "tapscript/1000inputs", leaf="t23", **common, inputs=[getter("sign")] + [b'' for _ in range(999)], failure={"leaf": "t24", "inputs": [getter("sign")] + [b'' for _ in range(1000)]}, **ERR_STACK_SIZE)
    1046     # Test that pushing a MAX_SCRIPT_ELEMENT_SIZE byte stack element is valid, but one longer is not.
    1047-    add_spender(spenders, "tapscript/pushmaxlimit", leaf="t25", **common, **SINGLE_SIG, failure={"leaf": "t26"}, **ERR_PUSH_LIMIT)
    1048+    add_spender(spenders, "tapscript/pushmaxlimit", standard=False, leaf="t25", **common, **SINGLE_SIG, failure={"leaf": "t26"}, **ERR_PUSH_LIMIT)
    


    ajtowns commented at 6:42 am on March 28, 2024:

    I think this change is what’s causing CI to fail – nothing in this PR changes what’s standard by default, so when this testcase turns out to not be rejected from the mempool, it reports it as an error. Changing this to False would only be correct if you were also adding -limitdummyscriptdatasize=80or similar toextra_args`.

    I don’t think you should be changing this test case at all, but rather should be adding a test to mempool_datacarrier.py.


    Retropex commented at 9:30 pm on March 28, 2024:

    I have undo all changes on feature_taproot.py

    Implementing tests are way above want I can do, so it’s up for grab.

  52. Retropex force-pushed on Mar 28, 2024
  53. DrahtBot removed the label CI failed on Mar 28, 2024
  54. Retropex requested review from achow101 on Mar 29, 2024
  55. in src/script/script.h:565 in 02d77aec38 outdated
    553@@ -554,6 +554,8 @@ class CScript : public CScriptBase
    554         return (size() > 0 && *begin() == OP_RETURN) || (size() > MAX_SCRIPT_SIZE);
    555     }
    556 
    557+    size_t DummyScriptBytes() const;
    


    maflcko commented at 9:07 am on April 11, 2024:

    I don’t think script.h is the right place to put policy code. Anything in this file should be considered consensus-critical. My understanding is that all functions in this class are consensus-critical, and adding a new one that isn’t does not seem ideal. See for example commit 87fe71e1fc810ee120a10063fdd26c3245686d54 for some historical context. It wouldn’t be a great outcome if a future change to this function or functionality caused a consensus change and chain split.

    I’d say that pure policy code should purely live in the policy folder.

  56. ajtowns commented at 8:27 am on April 15, 2024: contributor

    Implementing tests are way above want I can do, so it’s up for grab. [ref]

    I don’t think it makes a lot of sense to add features without basic functional tests demonstrating they work as intended. Perhaps someone reading this is up for creating some?

  57. DrahtBot added the label CI failed on Apr 19, 2024
  58. DrahtBot removed the label CI failed on Apr 25, 2024
  59. 1440000bytes changes_requested
  60. 1440000bytes commented at 7:17 am on May 14, 2024: none

    NACK

    This option is useless and adding more “filters” to maintain this will be a waste of time for everyone. There are lot of important and useful things which do not get added in bitcoin core because it will be a maintenance burden. Example: #29134

    Users who are willing to experiment with different types of “filters” should use knots as it keeps adding them in every release.

    Pull requests such as https://github.com/bitcoinknots/bitcoin/pull/78 makes me believe there will be no end to this, no rationale and it wont stop with this pull request. Use knots at your own risk though because a vulnerability wont be surprising the way things are going and under reviewed.

  61. DrahtBot added the label Needs rebase on May 15, 2024
  62. Retropex force-pushed on Jun 4, 2024
  63. DrahtBot removed the label Needs rebase on Jun 4, 2024
  64. DrahtBot added the label Needs rebase on Aug 7, 2024
  65. script: Add CScript::DummyScriptBytes 77a5d0acde
  66. policy: GetScriptForTransactionInput to figure out P2SH, witness, taproot 6c35f5be91
  67. Apply -limitdummyscriptdatasize c120030a1f
  68. QA: script_tests: Check GetScriptForTransactionInput and CScript::DummyScriptBytes() 29e7f35693
  69. Retropex force-pushed on Aug 7, 2024
  70. DrahtBot removed the label Needs rebase on Aug 7, 2024
  71. DrahtBot added the label CI failed on Sep 5, 2024
  72. DrahtBot removed the label CI failed on Sep 11, 2024
  73. achow101 commented at 3:17 pm on October 15, 2024: member
    Closing this as it has not had any activity in a while, and feedback has not been addressed.
  74. achow101 closed this on Oct 15, 2024

  75. GregTonoski commented at 3:36 pm on October 15, 2024: none

    Closing this as it has not had any activity in a while, and feedback has not been addressed.

    Disgraceful.

  76. pinheadmz commented at 3:37 pm on October 15, 2024: member
    @GregTonoski Your comment is off-topic and inflammatory, resulting in a 24 hour ban, please be respectful.
  77. bitcoin locked this on Oct 15, 2024

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-31 03:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me