-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to a (txid, auth_digest)
identifier in places where the node needs to commit to a specific instance of a transaction
#5198
Comments
For mempool DoS limitation, isn't what we're evicting an equivalence set of possible transactions with the same effect? For v5 transactions, the mempool operates in terms of such equivalence sets anyway. So I think evicting by txid is actually correct. Remember that transactions have to be valid in order to ever be evicted. The fact that a user can't resubmit an evicted transaction is expected behaviour, regardless of whether the witness data was changed. That is independent of the problem with invalid transactions. We definitely shouldn't consider a txid to be invalid just because we have seen a transaction with that txid that has invalid witness data. (We MAY cache that a txid is invalid if the invalidity was independent of witness data. At first glance I think that's unlikely to be useful, since witness-independent validity checks don't involve any expensive cryptographic operations AFAIK.) |
@str4d, can this be closed? That is, are we confident that all cases where we should be using wtxids have been found? |
ZIP 244 changes how txids are derived (for v5 txs onward), to enable committing to the effects of a transaction separately from its specific contents (as auth data can be malleated, e.g. re-signing a transaction). The places where
zcashd
assumes atxid
has this effect-committing property, don't need to be changed.However,
zcashd
also assumes atxid
has an instance-committing property in other places, such as for mempool DoS prevention, as well as potentially other places inherited frombitcoind
. If these use txids for v5 transactions, there is a user DoS problem:zcashd
nodes reject the transaction as invalid, and add itstxid
to the recently-rejected list.Upstream had a similar problem for SegWit transactions, which they addressed four years after deploying SegWit by adding P2P support for relaying transactions via
wtxid
(BIP 339, impl). This works becausewtxid
is a commitment to a Bitcoin SegWit transaction instance, including effecting data.In our case, we opted in ZIP 244 to instead have an
auth_digest
that commits to just the authorizing data of a transaction. The tuple(txid, auth_digest)
is our equivalent of Bitcoin'swtxid
. We should use this tuple wherever we need to reference a transaction instance.For the P2P changes, see #5199. This issue is for identifying and fixing code internal to
zcashd
that needs to be updated:CTxMempool::IsRecentlyEvicted
The text was updated successfully, but these errors were encountered: