Don't process unrequested, low-work blocks #11458

pull sdaftuar wants to merge 3 commits into bitcoin:master from sdaftuar:2017-10-blocks-before-minwork changing 3 files +54 −13
  1. sdaftuar commented at 6:36 PM on October 6, 2017: member

    A peer could try to waste our resources by sending us unrequested blocks with low work (eg to fill up our disk). Since e265200 we no longer request blocks until we know we're on a chain with more than nMinimumChainWork (our anti-DoS threshold), but we would still process unrequested blocks that had more work than our tip (which generally has low-work during IBD), even though we may not yet have found a headers chain with sufficient work.

    Fix this and add a test.

  2. gmaxwell commented at 7:04 PM on October 6, 2017: contributor

    Concept ACK

  3. TheBlueMatt commented at 12:17 AM on October 7, 2017: contributor

    Concept ACK, though fForceProcessing/fRequested doesn't do the thing you think it does, see, eg #9352#pullrequestreview-13343287.

  4. fanquake added the label Validation on Oct 7, 2017
  5. promag commented at 7:49 AM on October 7, 2017: member

    This is only useful if tip chain work is less than minimum chain work, which I think only happens in IBD?

    Edit: ready more carefully the PR description.

    Maybe we should just ignore unrequested blocks if tip chain work < minimum chain work? This way this test could be moved before AcceptBlockHeader?

  6. sdaftuar commented at 12:31 PM on October 7, 2017: member

    Concept ACK, though fForceProcessing/fRequested doesn't do the thing you think it does, see, eg #9352 (review). @TheBlueMatt Is there a mistake here? I know we use the fForceProcessing/fRequested in a couple ways but I believe this is correct -- for instance the unusual use of it in compact block processing shouldn't be an issue, because we don't try to reconstruct compact blocks when our chain tip is far behind. Did I miss a case?

  7. achow101 commented at 9:17 PM on October 8, 2017: member

    Concept ACK

  9. TheBlueMatt cross-referenced this on Oct 19, 2017 from issue Check that new headers are not a descendant of an invalid block (more effeciently) by TheBlueMatt
  11. TheBlueMatt commented at 11:07 PM on October 19, 2017: contributor

    @sdaftuar Indeed. You were right, I was confused, but this does leave the logic being added here super brittle to future changes. For those following along at home, the reason compact blocks always passing fRequested as true doesn't break this is that it does a CanDirectFetch first, which only looks at the timestamp of our chainActive.Tip(). Thus, this logic would be broken if there were any way for an attacker to cheaply feed us a single best-chain block which had a timestamp close to today, though there should be no way to do so as other ways to get the block onto disk (and, thus, to become our chainActive.Tip()) without meeting the nMinimumChainWork test in FindNextBlocksToDownload. This anti-DoS-logic-stradling-validation-and-net_processing stuff irritates me endlessly, but I think this is fine for now (and should likely be backported in 0.15.0.2 if we do one as a part of #11531).

    utACK (didn't review test changes, which will conflict with #11531) f0940e462cb435f10ef6f052dae609655202f245

  12. TheBlueMatt commented at 11:34 PM on October 19, 2017: contributor

    Also, maybe add a comment about the CanDirectFetch stuff somewhere.

  13. Don't process unrequested, low-work blocks
    A peer could try to waste our resources by sending us unrequested blocks with
low work, eg to fill up our disk.  Since
e2652002b6011f793185d473f87f1730c625593b we no longer request blocks until we
know we're on a chain with more than nMinimumChainWork (our anti-DoS
threshold), but we would still process unrequested blocks that had more work
than our tip.  This commit fixes that behavior.
    ce8cd7a7da
  14. qa: add test for minchainwork use in acceptblock 08fd822771
  15. sdaftuar force-pushed on Oct 20, 2017
  16. sdaftuar commented at 12:39 AM on October 20, 2017: member

    Needed a rebase due to a conflict in the test.

  17. Add comment explaining forced processing of compact blocks 01b52cedd4
  18. sdaftuar commented at 12:59 AM on October 20, 2017: member

    @TheBlueMatt I added a comment. @promag Thanks for the patch and for the review, but I (slightly) prefer the code that I've presented already. Skipping the call to AcceptBlockHeader doesn't do much in the adversarial case (which is the only case we're concerned about here), because an attacker would just separately deliver the header which we would process and store. And it seems clearer to me to just put this in the same block with the other checks we do when a block is not requested.

  19. promag commented at 8:45 AM on October 20, 2017: member

    utACK 01b52ce.

    Nit, I would squash the test with the commit adding the feature.

  20. sipa commented at 11:03 AM on October 20, 2017: member

    utACK 01b52cedd42f50a93b40981c91af7c12de6e45ce

  21. TheBlueMatt commented at 5:25 PM on October 20, 2017: contributor

    utACK 01b52cedd42f50a93b40981c91af7c12de6e45ce, didnt review the test parts.

  22. laanwj merged this on Oct 21, 2017
  23. laanwj closed this on Oct 21, 2017
  24. laanwj referenced this in commit c0e5139413 on Oct 21, 2017
  25. laanwj referenced this in commit cffa5ee132 on Nov 1, 2017
  26. MarcoFalke added the label Needs backport on Nov 1, 2017
  27. TheBlueMatt commented at 2:44 PM on November 1, 2017: contributor

    Needs backport (#11531 depends on this somewhat indirectly)

  28. MarcoFalke added this to the milestone 0.15.0.2 on Nov 1, 2017
  29. MarcoFalke referenced this in commit 07502603c0 on Nov 1, 2017
  30. MarcoFalke referenced this in commit 6c8e2471b6 on Nov 1, 2017
  31. MarcoFalke referenced this in commit 691c73379f on Nov 1, 2017
  32. MarcoFalke referenced this in commit 347c74b9ea on Nov 1, 2017
  33. MarcoFalke referenced this in commit d20508f84a on Nov 1, 2017
  34. MarcoFalke referenced this in commit 1aa6f8807a on Nov 1, 2017
  35. MarcoFalke referenced this in commit 2ff59ef99b on Nov 1, 2017
  36. MarcoFalke referenced this in commit 4a9621dac9 on Nov 1, 2017
  37. MarcoFalke referenced this in commit d98815e64e on Nov 1, 2017
  38. MarcoFalke referenced this in commit 5fa26f0a5b on Nov 1, 2017
  39. MarcoFalke referenced this in commit b40f5924f3 on Nov 1, 2017
  40. MarcoFalke referenced this in commit 69cb6e10ce on Nov 1, 2017
  41. MarcoFalke removed the label Needs backport on Nov 1, 2017
  42. morcos cross-referenced this on Nov 2, 2017 from issue 0.15: Backports by MarcoFalke
  43. MarcoFalke referenced this in commit 3acec38781 on Nov 2, 2017
  44. MarcoFalke referenced this in commit 2df65eeb98 on Nov 2, 2017
  45. MarcoFalke referenced this in commit ffb6ea4e5e on Nov 2, 2017
  46. codablock referenced this in commit e820f396aa on Sep 26, 2019
  47. codablock referenced this in commit b246b58720 on Sep 26, 2019
  48. codablock referenced this in commit 35d60de2b5 on Sep 29, 2019
  49. codablock referenced this in commit 7d21a78fa1 on Sep 29, 2019
  50. barrystyle referenced this in commit e07add8dd8 on Jan 22, 2020
  51. barrystyle referenced this in commit 95b0dcef19 on Jan 22, 2020
  52. bitcoin locked this on Sep 8, 2021
Contributors
sdaftuargmaxwellTheBlueMattpromagachow101meshcollidersipa
Labels
Validation

Milestone
0.15.1

Linked (view graph)
#9352 Attempt reconstruction from all compact block announcements#11531 Check that new headers are not a descendant of an invalid block (more effeciently)#11592 0.15: Backports
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:55 UTC