-
Notifications
You must be signed in to change notification settings - Fork 20.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote DoS by memory exhaustion in the TxPool using MsgTxTy #252
Comments
Funny, was just thinking about this problem today - is a serious issue. Not sure you can just have a limit, since a bad peer could just fill your limit with bad txs and then you're not really contributing to the network. We could have nodes run the tx execution and punish peers sending bad execution or executions that run out of gas, but these executions will have to be redone when txs come in the block possibly in another order, so that's also not that nice. One thing we can maybe count on is more of the nodes to be mining (say, unlike btc), in which case they will verify the txs, so its less of an issue. But at the least the node should check that the sender has at least as much funds as gas included in the tx (I suppose you can ignore value, ie the comment in ValidateTransaction()) Further on that thought - if the intention really is to keep this ASIC hard and/or move to PoS, we will have much closer agreement between the validating set and the mining set, so again this won't be as big an issue. Can we rely on that? What is the significance/importance of having nodes propagate txs if it turns out those txs might actually be invalid executions (and hence impossible to get included in a block)? It's just DoSing the network. |
Been thinking about this more. We can mitigate a big part of the attack if the transaction pool tracks an intermediate account balance state. Otherwise I can send a billion transactions each sending 0.01 eth from an account with 0.01 eth and the peers will store all of them but only one will get mined. But if they track in the txpool such an intermediate state they would notice the double spend immediately and drop them, like in bitcoin, stifling the RAM DoS. Is that feasible? What do you think? Can we just use the ChainManager's transState? |
The transient state is intended for such use though I don't think this is the right solution. There might be good reason to allow for transactions with the same nonce and not being necessarily an attempt to double spend. For example what if you create 2 transactions each containing the same instructions, though, with a different |
thats a reasonable concern. surely someone should enable that but should it be default behaviour? reminds me of the bitcoin Replace By Fee tools patch. maybe someone from the community will want to maintain a branch that supports that. also I notice the "check account has sufficient balance" is commented out but I don't understand why |
Is this issue still open? If so, what changes are needed to close it out? |
Most of these have been addressed in the TxPool. Will close |
* read from genesis file * add: set code in finalize and assemble * new: storing data in bor config * chg: remove unwanted code * chg: refactor * minor change * add error states * Fix small things * Add test * Add more coverage in genesis finalize test * Ensure balance is not changed * Add decode safe check * Change bor config block alloc field name * Remove block alloc values in blocks * Add genesis alloc code change info logging Co-authored-by: Ferran Borreguero <ferranbt@protonmail.com>
* Fix ancient receipts * bumped version to 0.2.11 * Genesis change fix (ethereum#252) * read from genesis file * add: set code in finalize and assemble * new: storing data in bor config * chg: remove unwanted code * chg: refactor * minor change * add error states * Fix small things * Add test * Add more coverage in genesis finalize test * Ensure balance is not changed * Add decode safe check * Change bor config block alloc field name * Remove block alloc values in blocks * Add genesis alloc code change info logging Co-authored-by: Ferran Borreguero <ferranbt@protonmail.com> * add block alloc * change block alloc * remove byte array * mainnet upgrade Co-authored-by: Ferran Borreguero <ferranbt@protonmail.com> Co-authored-by: Sandeep Sreenath <sandeep.sreenath@gmail.com> Co-authored-by: Jaynti Kanani <jdkanani@gmail.com>
* add l1 config in genesis config (ethereum#249) * add l1 config in genesis config * fix lint * Update params/config.go Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> --------- Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * extend node configuration (ethereum#251) * extend node configuration * use block number instead of hash * accept safe, finalized and numbers for L1Confirmations * fix typos --------- Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> Co-authored-by: Péter Garamvölgyi <peter@scroll.io> * Fix/improve node config parsing (ethereum#260) * raise error on failed parsing * default value * add l1-message-type, transaction methods (ethereum#252) * add l1-message-type, transaction methods * goimports * Update core/types/transaction.go Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * txpool l1 check, pointer change, marhsal test * draft: start implementing l1message gas behavior * draft: start implementing l1message gas behavior * change to gas usage * error comment typo Co-authored-by: Haichen Shen <shenhaichen@gmail.com> * goimports * update nonce, add hash test (fails), marshal test * goimports * target addr cant be nil * change call msg * comment out test * lint --------- Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> Co-authored-by: Haichen Shen <shenhaichen@gmail.com> * Add L1 message database (ethereum#255) * add l1-message-type, transaction methods * goimports * Update core/types/transaction.go Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * add L1 message store to rawdb * remove comments * rename to l1_message * rename variables and add comments * write l1 msgs in a batch * add more comments * update tests * allow batched and non-batched writes * rename to accessors_l1_message * handle error * add range check * fix tests * update comments * nit * support blocks with 0 l1 messages --------- Co-authored-by: Max Wolff <maxcwolff@gmail.com> Co-authored-by: Max Wolff <max@scroll.io> * Fix L1Message Deep Copy, Complete Bridge Tx Hash test (ethereum#269) * deep copy value field, add tx hash test comment * typo * Rename nonce to queueindex, increment sender nonce on L1 message execution (ethereum#271) * change nonce to queueindex, increment nonce on L1 message * fix db acccessors * Update core/types/transaction_marshalling.go Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> --------- Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * Fix db inspect command (ethereum#276) fix db inspect command * Add l1 sync service (ethereum#256) * extend node configuration * add l1-message-type, transaction methods * goimports * Update core/types/transaction.go Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * use block number instead of hash * accept safe, finalized and numbers for L1Confirmations * add L1 message store to rawdb * remove comments * fix typos * add L1 message sync service * use l1 contract address and chain ID * use L1DeploymentBlock * add confirmation config * move bridge client to separate file * use uint64 block number * fix bigint comparison * rename constants * add more logs * rename to l1_message * rename variables and add comments * write l1 msgs in a batch * add more comments * update tests * allow batched and non-batched writes * rename to accessors_l1_message * handle error * check if config is provided * improve sync service DB batched writes * add range check * fix tests * update comments * nit * fix flush range and improve comments * solve circular dependency * update stress tests * initialize l1 client for geth * start sync service * add more comments * check nil correctly * address comments * fix merge * fix genesis l1config deserialization * add sync progress logs * initial sync * handle leveldb not found error * use errors.Is * address comments * update DefaultPollInterval --------- Co-authored-by: Nazarii Denha <dengaaa2002@gmail.com> Co-authored-by: Max Wolff <maxcwolff@gmail.com> Co-authored-by: Max Wolff <max@scroll.io> * Add L1 message validation (ethereum#272) * add L1 message validation * add comments and better error handling * handle leveldb not found error * update incorrect condition for genesis block * typo * change inclusion index logic * disable L1 message check for legacy tests * set NumL1MessagesPerBlock to 0 in tests * update default genesis config * Add L1 msg validation tests (ethereum#303) add L1 msg validation tests * Update miner include l1 messages (ethereum#265) * add l1-message-type, transaction methods * goimports * Update core/types/transaction.go Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * add L1 message store to rawdb * add L1 message sync service * remove comments * use l1 contract address and chain ID * extend node configuration * use block number instead of hash * accept safe, finalized and numbers for L1Confirmations * fix typos * use L1DeploymentBlock * add confirmation config * move bridge client to separate file * use uint64 block number * fix bigint comparison * rename constants * add more logs * Fix/improve node config parsing (ethereum#260) * raise error on failed parsing * default value * rename to l1_message * rename variables and add comments * write l1 msgs in a batch * add more comments * update tests * allow batched and non-batched writes * rename to accessors_l1_message * handle error * check if config is provided * improve sync service DB batched writes * include l1 messages in blocks: part 1 * add l1-message-type, transaction methods (ethereum#252) * add l1-message-type, transaction methods * goimports * Update core/types/transaction.go Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * txpool l1 check, pointer change, marhsal test * draft: start implementing l1message gas behavior * draft: start implementing l1message gas behavior * change to gas usage * error comment typo Co-authored-by: Haichen Shen <shenhaichen@gmail.com> * goimports * update nonce, add hash test (fails), marshal test * goimports * target addr cant be nil * change call msg * comment out test * lint --------- Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> Co-authored-by: Haichen Shen <shenhaichen@gmail.com> * Add L1 message database (ethereum#255) * add l1-message-type, transaction methods * goimports * Update core/types/transaction.go Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * add L1 message store to rawdb * remove comments * rename to l1_message * rename variables and add comments * write l1 msgs in a batch * add more comments * update tests * allow batched and non-batched writes * rename to accessors_l1_message * handle error * add range check * fix tests * update comments * nit * support blocks with 0 l1 messages --------- Co-authored-by: Max Wolff <maxcwolff@gmail.com> Co-authored-by: Max Wolff <max@scroll.io> * build(docker): auto docker push when pushing git tags (ethereum#258) * build(docker): update docker trigger tag prefix (ethereum#259) * Fix L1Message Deep Copy, Complete Bridge Tx Hash test (ethereum#269) * deep copy value field, add tx hash test comment * typo * commitl1messages * lint * Revert "add L1 message sync service" This reverts commit 5305e8a. * Revert "move bridge client to separate file" This reverts commit 0b220be. * update branch * use commitMessages for l1Txs * little fix * fix config * fix test * comment fixes * fix * fix config check --------- Co-authored-by: Max Wolff <maxcwolff@gmail.com> Co-authored-by: Max Wolff <max@scroll.io> Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> Co-authored-by: Péter Garamvölgyi <peter@scroll.io> Co-authored-by: Haichen Shen <shenhaichen@gmail.com> Co-authored-by: HAOYUatHZ <37070449+HAOYUatHZ@users.noreply.github.com> * Add ErrUnknownAncestor tests (ethereum#305) add ErrUnknownAncestor tests * worker test include l1 msgs (ethereum#306) * worker test include l1 msgs * move L1 message index update next to block insertion --------- Co-authored-by: Péter Garamvölgyi <peter@scroll.io> * exclude l1 messages from transaction count limit in block (ethereum#307) * exclude l1 messages from transaction count limit in block * fix comments * trigger ci * nit --------- Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> Co-authored-by: Péter Garamvölgyi <peter@scroll.io> * Expose queueIndex on Transaction (ethereum#316) expose queueIndex on Transaction * test that l1msg doesn't count in maxTxPerBlock limit (ethereum#312) * test that l1msg doesn't count in maxTxPerBlock limit * fix, comment * retrigger ci * change order inside test --------- Co-authored-by: HAOYUatHZ <37070449+HAOYUatHZ@users.noreply.github.com> Co-authored-by: Péter Garamvölgyi <th307q@gmail.com> * reuse trace nonce field for queueIndex * expose scroll APIs on the geth console * add L1 message query APIs * Trigger new block on new l1 messages (ethereum#343) * trigger new block on new l1 messages * typo * initialize l1MsgCh * fix worker l1msg tests (ethereum#345) --------- Co-authored-by: Nazarii Denha <dengaaa2002@gmail.com> * test(worker): ensure that l1 messages are included in the correct order (ethereum#346) test that l1msgs added in correct order * rename enqueueIndex --> queueIndex * move QueueIndex into transaction * improve l1 db interface * formatting * bump version * print l1config * add API to query latest included message queue index * clean up tx limit logic * add clarifying comments and todos to ValidateL1Messages * improve db comments and logs * clean up L1MessageTx type handling * format * format * improve L1 message block check * fix missing L1 event handling * fix TestL1MessageValidationFailure * simplify sync height resume logic * make l1Config.l1MessageQueueAddress non-pointer * improve command line flags * remove todo * use abigen tools for log filtering * cache block L1 message count * nit: fix variable name case * improve logs * flush pending writes to DB before shutdown --------- Co-authored-by: Nazarii Denha <dengaaa2002@gmail.com> Co-authored-by: Max Wolff <max@scroll.io> Co-authored-by: Haichen Shen <shenhaichen@gmail.com> Co-authored-by: Max Wolff <maxcwolff@gmail.com> Co-authored-by: HAOYUatHZ <37070449+HAOYUatHZ@users.noreply.github.com> Co-authored-by: HAOYUatHZ <haoyu@protonmail.com>
…ionaloptions Upgrade ConditionalOptions variables to type math.HexOrDecimal64 to support eth_sendRawTransactionConditional
…registry Remove hardfork activation time overrides
Each new transaction send using the MsgTxTy message is queued in the TxPool. An attacker can supply transactions at a higher rate than the time the victim node requires to evaluate each transaction. For example, in a 100 KByte/sec connection to a victim node the attacker can transmit approximately 1000 transactions per second, while verifying the transaction signature may cost more than 1 msec. This can lead to the accumulation of messages in the queue and the consumption of all available memory. Also the attack can be used to delay the processing of transaction from other peers.
Several fixes are possible, for example:
The text was updated successfully, but these errors were encountered: