[Feature] Mitigate payment-free verification #2428
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I'll also rerun consensus test 8.- Load-Batch-Proposal-Attack. |
vicsn
reviewed
Apr 9, 2024
| /// - The transaction is producing a duplicate output | ||
| /// - The transaction is producing a duplicate transition public key | ||
| /// - The transaction is another deployment in the block from the same public fee payer. | ||
| fn should_abort_transaction( |
There was a problem hiding this comment.
As there are other reasons and locations where a transaction may be aborted, perhaps a more descriptive name would be: check_transaction_uniqueness_in_block
d0cd
approved these changes
Apr 9, 2024
Co-authored-by: vicsn <[email protected]> Signed-off-by: Raymond Chu <[email protected]>
Co-authored-by: vicsn <[email protected]> Signed-off-by: Raymond Chu <[email protected]>
Co-authored-by: vicsn <[email protected]> Signed-off-by: Raymond Chu <[email protected]>
|
@vicsn @onetrickwolf can you guys run this branch with CI validation and consensus burn-in / test criteria checks? |
raychu86
changed the title
|
Long-running e2e test passed, consensus test 8 passed as well and clearly logs many |
howardwu
approved these changes
Apr 19, 2024
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
This PR adds a few rules to mitigate the case where malicious parties can force validators to perform transaction verification without having to pay transaction fees (due to transaction aborts).
Example cases:
In both of these cases, the validators will perform verification on all transactions, but only the first transaction will be accepted. All others will be aborted.
The mitigating factors in this PR are:
VM::prepare_for_speculate.VM::atomic_speculate, but now we also perform it prior to tx verification.Note that these checks are added prior to verification, so it may be aggressive in aborting transactions. For example given transactions A and B who have the same fee record. If A is aborted for a separate reason (for example, invalid finalize operation):
1. This PR will abort both A and B.
2. The previous logic will only abort A and accept B.
Possible future mitigations:
Test Plan
Tests have been added to ensure that there can only be 1 deployment per block per public fee payer. In addition, more checks have been added to existing tests to ensure that the aborted transactions do not incur verification costs.
Note
This could break existing testnets, and will require a chain reset.