core/txpool: add 7702 protection to blobpool #31526
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lightclient
reviewed
Apr 1, 2025
Member
lightclient
left a comment
lightclient
left a comment
There was a problem hiding this comment.
This approach LGTM. I see how you mean that it is a bit weird exposing the HasPendingAuth. One nice benefit of the way you've done this is that we don't need to additionally track all the auths using the reserver. This was my original approach and it ended up being quite tricky reserving and unreserving the authorities, so this minimizes the surface for issues there. Additionally, since we want to still allow 1 in-flight tx in the blob pool from accounts with pending delegations to avoid a deadlock in the account, it is going to be necessary to expose some legacy pool details to the blob pool.
rjl493456442
force-pushed
the
blobpool-7702
branch
from
b606fec to
710bcc3
Compare
Member
Author
|
@lightclient Please take another look |
lightclient
force-pushed
the
blobpool-7702
branch
from
c220ea7 to
38783b7
Compare
lightclient
previously approved these changes
Apr 8, 2025
Member
lightclient
left a comment
lightclient
left a comment
There was a problem hiding this comment.
LGTM - I made a small change on the Reserver so that it will not require each use of Hold and Release to also include the pool name. Please take a look at it and the naming and let me know if you think it's okay.
Member
Author
|
LGTM @lightclient ! |
lightclient
approved these changes
Apr 8, 2025
sivaratrisrinivas
pushed a commit
to sivaratrisrinivas/go-ethereum
that referenced
this pull request
Apr 21, 2025
This pull request introduces two constraints in the blobPool: (a) If the sender has a pending authorization or delegation, only one in-flight executable transaction can be cached. (b) If the authority address in a SetCode transaction is already reserved by the blobPool, the transaction will be rejected. These constraints mitigate an attack where an attacker spams the pool with numerous blob transactions, evicts other transactions, and then cancels all pending blob transactions by draining the sender’s funds if they have a delegation. Note, because there is no exclusive lock held between different subpools when processing transactions, it's totally possible the SetCode transaction and blob transactions with conflict sender and authorities are accepted simultaneously. I think it's acceptable as it's very hard to be exploited. --------- Co-authored-by: lightclient <lightclient@protonmail.com>
trantienduchn
added a commit
to trantienduchn/ronin
that referenced
this pull request
May 21, 2025
pick up: ethereum/go-ethereum#31526 --------- Co-authored-by: rjl493456442 <garyrong0905@gmail.com> Co-authored-by: lightclient <lightclient@protonmail.com>
trantienduchn
added a commit
to trantienduchn/ronin
that referenced
this pull request
May 27, 2025
pick up: ethereum/go-ethereum#31526 --------- Co-authored-by: rjl493456442 <garyrong0905@gmail.com> Co-authored-by: lightclient <lightclient@protonmail.com>
trantienduchn
added a commit
to ronin-chain/ronin
that referenced
this pull request
May 27, 2025
* core/txpool: add 7702 protection to blobpool pick up: ethereum/go-ethereum#31526 --------- Co-authored-by: rjl493456442 <garyrong0905@gmail.com> Co-authored-by: lightclient <lightclient@protonmail.com> * core/txpool: move delegation checks into one place * core/txpool: simplify err check --------- Co-authored-by: rjl493456442 <garyrong0905@gmail.com> Co-authored-by: lightclient <lightclient@protonmail.com>
jakub-freebit
pushed a commit
to fblch/go-ethereum
that referenced
this pull request
Jul 3, 2025
This pull request introduces two constraints in the blobPool: (a) If the sender has a pending authorization or delegation, only one in-flight executable transaction can be cached. (b) If the authority address in a SetCode transaction is already reserved by the blobPool, the transaction will be rejected. These constraints mitigate an attack where an attacker spams the pool with numerous blob transactions, evicts other transactions, and then cancels all pending blob transactions by draining the sender’s funds if they have a delegation. Note, because there is no exclusive lock held between different subpools when processing transactions, it's totally possible the SetCode transaction and blob transactions with conflict sender and authorities are accepted simultaneously. I think it's acceptable as it's very hard to be exploited. --------- Co-authored-by: lightclient <lightclient@protonmail.com>
howjmay
pushed a commit
to iotaledger/go-ethereum
that referenced
this pull request
Aug 27, 2025
This pull request introduces two constraints in the blobPool: (a) If the sender has a pending authorization or delegation, only one in-flight executable transaction can be cached. (b) If the authority address in a SetCode transaction is already reserved by the blobPool, the transaction will be rejected. These constraints mitigate an attack where an attacker spams the pool with numerous blob transactions, evicts other transactions, and then cancels all pending blob transactions by draining the sender’s funds if they have a delegation. Note, because there is no exclusive lock held between different subpools when processing transactions, it's totally possible the SetCode transaction and blob transactions with conflict sender and authorities are accepted simultaneously. I think it's acceptable as it's very hard to be exploited. --------- Co-authored-by: lightclient <lightclient@protonmail.com>
4 tasks
gballet
pushed a commit
to gballet/go-ethereum
that referenced
this pull request
Sep 11, 2025
This pull request introduces two constraints in the blobPool: (a) If the sender has a pending authorization or delegation, only one in-flight executable transaction can be cached. (b) If the authority address in a SetCode transaction is already reserved by the blobPool, the transaction will be rejected. These constraints mitigate an attack where an attacker spams the pool with numerous blob transactions, evicts other transactions, and then cancels all pending blob transactions by draining the sender’s funds if they have a delegation. Note, because there is no exclusive lock held between different subpools when processing transactions, it's totally possible the SetCode transaction and blob transactions with conflict sender and authorities are accepted simultaneously. I think it's acceptable as it's very hard to be exploited. --------- Co-authored-by: lightclient <lightclient@protonmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces two constraints in the blobPool:
(a) If the sender has a pending authorization or delegation, only one in-flight
executable transaction can be cached.
(b) If the authority address in a SetCode transaction is already reserved by
the blobPool, the transaction will be rejected.
These constraints mitigate an attack where an attacker spams the pool with
numerous blob transactions, evicts other transactions, and then cancels all
pending blob transactions by draining the sender’s funds if they have a delegation.
Note, because there is no exclusive lock held between different subpools
when processing transactions, it's totally possible the SetCode transaction
and blob transactions with conflict sender and authorities are accepted
simultaneously. I think it's acceptable as it's very hard to be exploited.