getnetworksolps
& getnetworkhashps
RPCs hang with large num_blocks
#6688
Labels
A-rpc
Area: Remote Procedure Call interfaces
C-bug
Category: This is a bug
C-security
Category: Security issues
I-hang
A Zebra component stops responding to requests
S-needs-triage
Status: A bug report needs triage
Description
This bug is potentially remotely triggerable via a mining pool web or query interface, then via JSON-RPC to
zebrad
.Some pool software could provide a query interface that takes arbitrary height ranges, or have a large default range. It wouldn't be a typical implementation, but there's a lot of weird mining software out there. If that happens, Zebra would hang.
This impacts Zebra with the
getblocktemplate-rpcs
feature enabled:Scheduling
This might be a blocker for asking mining pools to run Zebra on production mainnet miners. We might want to check with any pools that start running Zebra.
Steps to Reproduce
When I run
zebrad
on RPC port 28232, and send the following largenum_blocks
orheight
:Expected Behaviour
I expect the RPC to return an error or a valid value.
Actual Behaviour
Instead, they hang or return an invalid answer.
Analysis
This is happening because we read the entire block from the state, for every height in the RPC range (1.5 kB to 2 MB per block).
Instead, we could do these quick fixes:
Testing
We should test that the limit range works using unit tests, and also matches
zcashd
usingzcash-rpc-diff
.We should test every RPC that accepts heights with a real state service and heights between 2^22 to 2^32. Some of these values are outside the valid height range, but some RPC methods don't check the valid height range. (And it might increase in future.) We could use a proptest for this.
Environment
Zebra Version
Zebra Features
This only happens with
getblocktemplate-rpcs
.Operating System
The text was updated successfully, but these errors were encountered: