-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mempool: reject txs that don't fit in an empty mempool #1225
Conversation
5061ad5
to
501d885
Compare
maxTotalRefScriptSize = 1024 * 1024 -- 1MiB | ||
, curTotalRefScriptSize + newTxRefScriptSize Prelude.<= maxTotalRefScriptSize | ||
mempoolStaysBelowCapacity = | ||
curTotalRefScriptSize + newTxRefScriptSize Prelude.<= maxTotalRefScriptSize | ||
-- In case the tx exceeds the per-tx limit, let it be rejected by tx | ||
-- validation (such that we are not blocked here forever/for a long | ||
-- time). | ||
-- | ||
-- For Babbage, this is 100KiB (see @totalRefScriptsSizeLimit@ in | ||
-- "Ouroboros.Consensus.Shelley.Eras"), and for Conway, this is 200KiB | ||
-- (see @maxRefScriptSizePerTx@ in "Cardano.Ledger.Conway.Rules.Ledger"). | ||
txRefScriptSizeTooLarge = newTxRefScriptSize Prelude.> 200 * 1024 | ||
, mempoolStaysBelowCapacity || txRefScriptSizeTooLarge |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Subtlety: It would also be enough to prevent a hard deadlock by replacing 200 * 1024
with maxTotalRefScriptSize
. However, this is still problematic in that honest nodes can be forced to forge very small blocks:
- Suppose someone first submits a tx
A
using a very small (eg just one byte) referene script, and then one txB
that includes 1MiB of reference scripts. - The tx
A
would enter the mempool, then potentially a few other txs from other peers, and then adding txB
would block, causing no new transactions to be added, until... - ...an SPO mints a block, all txs in the mempool are removed, and the tx
B
can now be rejected. The problem is that the resulting block only contains very few txs.
The approach taken here makes sure that this can only happen when the mempool already contains 1024 - 200 = 824
KiB of ref scripts, which is already larger than basically all "normal" blocks using reference scripts. This is also similar to how #1175 handles this case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved. Only one suggestion for a small addition in the comment, regarding overflow.
ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Mempool/Update.hs
Outdated
Show resolved
Hide resolved
501d885
to
7a2a047
Compare
Follow-up to #1168 that makes sure that adding a tx exceeding the per-tx limit does not cause a deadlock which prevents txs from being added to the mempool until the node is restarted.
We accomplish this by validating such transactions and relying on the per-tx limit to reject them.