Skip to content

Check that new headers are not a descendant of an invalid block #11487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Check that new headers are not a descendant of an invalid block #11487

wants to merge 5 commits into from

Conversation

TheBlueMatt
Copy link
Contributor

This is symmetric with the check in FindNextBlocksToDownload.
Because we do not mark all children of a failed block as invalid
during connection (we cannot walk down the block tree), this may
prevent accepting an invalid block/header.

Plus some other AcceptBlock cleanups.

@TheBlueMatt
Rewrite p2p-acceptblock in preparation for slight behavior changes
ee11354 
Removes checking whitelisted behavior (which will be removed, the
difference in behavior here makes little sense) and no longer
requires that blocks at the same work as our tip be dropped if not
requested (in part because we *do* request those blocks).
@TheBlueMatt
Stop always storing blocks from whitelisted peers
78814d2 
There is no reason to wish to store blocks on disk always just
because a peer is whitelisted. This appears to be a historical
quirk to avoid breaking things when the accept limits were added.
@TheBlueMatt
Accept unrequested blocks with work equal to our tip
fbb7b47 
This is a simple cleanup that makes our accept requirements the
same as our request requirements.
@TheBlueMatt
Check that new headers are not a descendant of an invalid block
09cf351 
This is symmetric with the check in FindNextBlocksToDownload.
Because we do not mark all children of a failed block as invalid
during connection (we cannot walk down the block tree), this may
prevent accepting an invalid block/header.
@TheBlueMatt
[qa] test that invalid blocks on an invalid chain get a disconnect
7a8e117
@sipa
Copy link
Member

sipa commented Oct 12, 2017

Concept ACK, utACK 09cf351, haven't reviewed the tests.

promag
promag reviewed Oct 12, 2017
View reviewed changes
src/validation.cpp
return false;

// Try to process all requested blocks that we don't have, but only
// process an unrequested block if it's new and has enough work to
// advance our tip, and isn't too many blocks ahead.
bool fAlreadyHave = pindex->nStatus & BLOCK_HAVE_DATA;
bool fHasMoreWork = (chainActive.Tip() ? pindex->nChainWork > chainActive.Tip()->nChainWork : true);
bool fHasMoreOrSameWork = (chainActive.Tip() ? pindex->nChainWork >= chainActive.Tip()->nChainWork : true);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While here why not remove the ternary and add above assert(chainActive.Tip())?

@achow101
Copy link
Member

Isn't this already being done by AcceptBlockHeader? It checks that the previous block was not marked invalid. What does this do in addition to that?

@laanwj laanwj modified the milestones: 0.15.1, 0.15.0.2 Oct 12, 2017
@theuni
Copy link
Member

theuni commented Oct 12, 2017

utACK 7a8e117.

@achow101 Say someone sends you 2 valid-looking connecting headers. Then an invalid block 1. Then header 3. At that point you should mark 2 as invalid rather than accepting 3.

knoxcard
knoxcard approved these changes Oct 14, 2017
View reviewed changes
src/validation.cpp
for (const CBlockHeader& header : headers) {
CBlockIndex *pindex = nullptr; // Use a temp pindex instead of ppindex to avoid a const_cast
if (!AcceptBlockHeader(header, state, chainparams, &pindex)) {
if (!AcceptBlockHeader(header, state, chainparams, &pindex, pindex)) {
Copy link
Contributor

@knoxcard knoxcard Oct 14, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop the {, if the following line is just return false.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if (!AcceptBlockHeader(header, state, chainparams, &pindex, pindex)) return false;

@theuni
Copy link
Member

theuni commented Oct 19, 2017

Needs rebase

@TheBlueMatt TheBlueMatt mentioned this pull request Oct 19, 2017
Merged
@TheBlueMatt
Copy link
Contributor Author

See #11531 for a (likely better) version of this.

@achow101
Copy link
Member

Should this be closed in favor of #11531?

@maflcko maflcko removed this from the 0.15.0.2 milestone Oct 25, 2017
laanwj added a commit that referenced this pull request Nov 1, 2017
@laanwj
Merge #11531: Check that new headers are not a descendant of an inval…
cffa5ee 
…id block (more effeciently)

f3d4adf Make p2p-acceptablock not an extended test (Matt Corallo)
00dcda6 [qa] test that invalid blocks on an invalid chain get a disconnect (Matt Corallo)
015a525 Reject headers building on invalid chains by tracking invalidity (Matt Corallo)
932f118 Accept unrequested blocks with work equal to our tip (Matt Corallo)
3d9c70c Stop always storing blocks from whitelisted peers (Matt Corallo)
3b4ac43 Rewrite p2p-acceptblock in preparation for slight behavior changes (Matt Corallo)

Pull request description:

  @sdaftuar pointed out that the version in #11487 was somewhat DoS-able as someone could feed you a valid chain that forked off the the last checkpoint block and force you to do lots of work just walking backwards across blocks for each new block they gave you. We came up with a few proposals but settled on the one implemented here as likely the simplest without obvious DoS issues. It uses our existing on-load mapBlockIndex walk to make sure everything that descends from an invalid block is marked as such, and then simply caches blocks which we attempted to connect but which were found to be invalid. To avoid DoS issues during IBD, this will need to depend on #11458.

  Includes tests from #11487.

Tree-SHA512: 46aff8332908e122dae72ceb5fe8cd241902c2281a87f58a5fb486bf69d46458d84a096fdcb5f3e8e07fbcf7466232b10c429f4d67855425f11b38ac0bf612e1
codablock pushed a commit to codablock/dash that referenced this pull request Sep 26, 2019
@laanwj @codablock
Merge bitcoin#11531: Check that new headers are not a descendant of a…
b246b58 
…n invalid block (more effeciently)

f3d4adf Make p2p-acceptablock not an extended test (Matt Corallo)
00dcda6 [qa] test that invalid blocks on an invalid chain get a disconnect (Matt Corallo)
015a525 Reject headers building on invalid chains by tracking invalidity (Matt Corallo)
932f118 Accept unrequested blocks with work equal to our tip (Matt Corallo)
3d9c70c Stop always storing blocks from whitelisted peers (Matt Corallo)
3b4ac43 Rewrite p2p-acceptblock in preparation for slight behavior changes (Matt Corallo)

Pull request description:

  @sdaftuar pointed out that the version in bitcoin#11487 was somewhat DoS-able as someone could feed you a valid chain that forked off the the last checkpoint block and force you to do lots of work just walking backwards across blocks for each new block they gave you. We came up with a few proposals but settled on the one implemented here as likely the simplest without obvious DoS issues. It uses our existing on-load mapBlockIndex walk to make sure everything that descends from an invalid block is marked as such, and then simply caches blocks which we attempted to connect but which were found to be invalid. To avoid DoS issues during IBD, this will need to depend on bitcoin#11458.

  Includes tests from bitcoin#11487.

Tree-SHA512: 46aff8332908e122dae72ceb5fe8cd241902c2281a87f58a5fb486bf69d46458d84a096fdcb5f3e8e07fbcf7466232b10c429f4d67855425f11b38ac0bf612e1
codablock pushed a commit to codablock/dash that referenced this pull request Sep 29, 2019
@laanwj @codablock
Merge bitcoin#11531: Check that new headers are not a descendant of a…
7d21a78 
…n invalid block (more effeciently)

f3d4adf Make p2p-acceptablock not an extended test (Matt Corallo)
00dcda6 [qa] test that invalid blocks on an invalid chain get a disconnect (Matt Corallo)
015a525 Reject headers building on invalid chains by tracking invalidity (Matt Corallo)
932f118 Accept unrequested blocks with work equal to our tip (Matt Corallo)
3d9c70c Stop always storing blocks from whitelisted peers (Matt Corallo)
3b4ac43 Rewrite p2p-acceptblock in preparation for slight behavior changes (Matt Corallo)

Pull request description:

  @sdaftuar pointed out that the version in bitcoin#11487 was somewhat DoS-able as someone could feed you a valid chain that forked off the the last checkpoint block and force you to do lots of work just walking backwards across blocks for each new block they gave you. We came up with a few proposals but settled on the one implemented here as likely the simplest without obvious DoS issues. It uses our existing on-load mapBlockIndex walk to make sure everything that descends from an invalid block is marked as such, and then simply caches blocks which we attempted to connect but which were found to be invalid. To avoid DoS issues during IBD, this will need to depend on bitcoin#11458.

  Includes tests from bitcoin#11487.

Tree-SHA512: 46aff8332908e122dae72ceb5fe8cd241902c2281a87f58a5fb486bf69d46458d84a096fdcb5f3e8e07fbcf7466232b10c429f4d67855425f11b38ac0bf612e1
barrystyle pushed a commit to PACGlobalOfficial/PAC that referenced this pull request Jan 22, 2020
@laanwj
Merge bitcoin#11531: Check that new headers are not a descendant of a…
95b0dce 
…n invalid block (more effeciently)

f3d4adf Make p2p-acceptablock not an extended test (Matt Corallo)
00dcda6 [qa] test that invalid blocks on an invalid chain get a disconnect (Matt Corallo)
015a525 Reject headers building on invalid chains by tracking invalidity (Matt Corallo)
932f118 Accept unrequested blocks with work equal to our tip (Matt Corallo)
3d9c70c Stop always storing blocks from whitelisted peers (Matt Corallo)
3b4ac43 Rewrite p2p-acceptblock in preparation for slight behavior changes (Matt Corallo)

Pull request description:

  @sdaftuar pointed out that the version in bitcoin#11487 was somewhat DoS-able as someone could feed you a valid chain that forked off the the last checkpoint block and force you to do lots of work just walking backwards across blocks for each new block they gave you. We came up with a few proposals but settled on the one implemented here as likely the simplest without obvious DoS issues. It uses our existing on-load mapBlockIndex walk to make sure everything that descends from an invalid block is marked as such, and then simply caches blocks which we attempted to connect but which were found to be invalid. To avoid DoS issues during IBD, this will need to depend on bitcoin#11458.

  Includes tests from bitcoin#11487.

Tree-SHA512: 46aff8332908e122dae72ceb5fe8cd241902c2281a87f58a5fb486bf69d46458d84a096fdcb5f3e8e07fbcf7466232b10c429f4d67855425f11b38ac0bf612e1
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
2 more reviewers

@promag promag promag left review comments

@knoxcard knoxcard knoxcard approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
Validation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@TheBlueMatt @sipa @achow101 @theuni @promag @knoxcard @laanwj @fanquake @maflcko