[Feature Request] testmempoolaccept without signature #14859

issue nopara73 opened this issue on December 3, 2018
  1. nopara73 commented at 4:54 AM on December 3, 2018: none

    In coinjoins I must scrutinize unconfirmed inputs registrations before the transaction is built.
    For now, the only things I do are

    1. To make sure it comes from another coinjoin created by me. (It's more like a convenience thing to rule out a host of possible attacks.)
    2. Check how many unconfirmed coinjoins there are at the moment. If larger than 24, then I don't accept any unconfirmed input to be registered.

    Lately I encountered an issue where at coinjoin propagation I got the following error from RPC: too-long-mempool-chain: too many descendants for tx....

    Thus I figured it would be useful if I could build a fake unsigned transaction (I do not have signature at the point when the input is registered) and test mempool acceptance for that.

    I know it wouldn't replace the first sanity check I described, but it would replace my second sanity check in a future proof way.

    Also I'd be happy to hear out other suggestions, too.

  2. nopara73 cross-referenced this on Dec 3, 2018 from issue coordiantor: too-long-mempool chain by nopara73
  3. laanwj added the label Feature on Dec 4, 2018
  4. nopara73 cross-referenced this on Dec 8, 2018 from issue Pull Request testmempoolaccept without signature into Bitcoin Core by nopara73
  5. madeken commented at 5:28 PM on December 10, 2018: none

    Also I'd be happy to hear out other suggestions, too.

    getmempoolentry does expose ancestorcount and ancestorsize, so you can loop through and apply an overzealous check by using that.

  6. nopara73 commented at 5:39 PM on December 10, 2018: none

    getmempoolentry does expose ancestorcount and ancestorsize, so you can loop through and apply an overzealous check by using that.

    While they're called the same, unfortunately they're different.

    the method returns the counts and sizes of the direct ancestors and descendants. However, the mempool acceptance policy checks if any ancestor would have 'n' or more in-mempool descendants and if any ancestor would have more than 'n' kilobytes of in-mempool descendants (https://github.com/zkSNACKs/WalletWasabi/pull/936#discussion_r239950022)

    Of course this method makes me able to walk the chain if that's what you're referring to by "overzealous check", so thank you.

  7. madeken commented at 6:04 PM on December 10, 2018: none

    By "overzealous check", I just meant erring on the extremely conservative side. Which will allow you to avoid most problems, while still allowing legitimate unconfirmed usecases.

    I might be wrong here, but I think fundamentally if you ever accept unconfirmed inputs you always need to handle the mempool acceptance errors. As you sort of fundamentally have a TOCTTOU style condition, when other transactions in that "package" are potentially spent and your transaction which was previously acceptable is now not.

    The only way around that I see is removing the whole limitdescendant(count/size) stuff in favor of pure ancestor restrictions, but that opens a bit of a bag of DoS vectors.

  8. MarcoFalke cross-referenced this on Dec 12, 2018 from issue rpc: Allow testmempoolaccept to test unsigned transactions by lontivero
  9. MarcoFalke commented at 8:43 PM on August 7, 2019: member

    See also the discussion in #14939 (comment)

  10. nopara73 commented at 2:35 PM on August 8, 2019: none

    I think this can be closed unless someone would like to spark a new discussion on this topic.

  11. nopara73 closed this on Aug 8, 2019
  12. bitcoin locked this on Dec 16, 2021
Contributors
nopara73madekenMarcoFalke
Labels
Feature
Linked (view graph)
#14939 rpc: Allow testmempoolaccept to test unsigned transactions
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:54 UTC