[rfc] add option to bypass contextual timelocks in testmempoolaccept? #21413
Conversation
Allows CheckSequenceLocks to use heights and coins from any CoinsView provided. The typical usage would still be to create a CCoinsViewMemPool from a pool and pass it in.
Functions in CCoinsViewCache need to be marked virtual so that CCoinsViewTemporary can override them.
Only allow test accepts for now. Use the CCoinsViewTemporary to keep track of coins created by each transaction so that subsequent transactions can spend them. Uncache all coins since we only ever do test accepts (Note this is different from ATMP which doesn't uncache for valid test_accepts) to minimize impact on the coins cache. Require that the input txns have no conflicts and be ordered topologically. In the future, we should sanitize and sort the package before validation.
Only allow "packages" with no conflicts, sorted in order of dependency, and no more than -limitdescendantcount for now. Note that these groups of transactions don't necessarily need to be exactly 1 package or have any dependency relationships. it may help to use -w to view the diff
This is for test_accepts only, and not allowed in an actual submission to mempool - see assert statements. Provide an option to bypass BIP68 nSequence and nLockTime checks. This means clients can use testmempoolaccept to check whether L2 transaction chains (which typically have timelock conditions) are valid without submitting them. Note that BIP112 and BIP65 are still checked since they are script (non-contextual) checks. This does not invalidate any signature or script caching.
Test the bypass_timelocks option in testmempoolaccept. This lets us bypass BIP68 relative locktime checks (in nSequence) and absolute locktime checks (in nLocktime). OP_CSV and OP_CLTV script checks are still done, so setting bypass_timelocks=True doesn't mean that bad scripts pass.
|
Concept ACK. This will probably be useful for people developing lightning and other offchain contracts that use timelocks/relative timelocks. |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
| @@ -590,6 +590,7 @@ class MemPoolAccept | |||
| const CChainParams& m_chainparams; | |||
| const int64_t m_accept_time; | |||
| const bool m_bypass_limits; | |||
| const bool m_bypass_timelocks; | |||
There was a problem hiding this comment.
I think I would get even further and have m_bypass_absolute_timelocks/m_bypass_relative_timelocks.
You might be willingly to shrug about the relative timelocks encumbering the nSequence of a transaction while being sure the nLocktime make sense (e.g spotting bug in your anti-fee snipping logic).
There was a problem hiding this comment.
How common is it to have both in a transaction? 😮
If it's very common then sure. But also for this particular case, checking absolute but not relative, calling another testmempoolaccept without bypass_timelocks and checking that it fails on non-BIP68-final would do the trick, since nLockTime is checked before the nSequences.
| @@ -889,6 +889,7 @@ static RPCHelpMan testmempoolaccept() | |||
| }, | |||
| }, | |||
| {"maxfeerate", RPCArg::Type::AMOUNT, /* default */ FormatMoney(DEFAULT_MAX_RAW_TX_FEE_RATE.GetFeePerK()), "Reject transactions whose fee rate is higher than the specified value, expressed in " + CURRENCY_UNIT + "/kB\n"}, | |||
| {"bypass_timelocks", RPCArg::Type::BOOL, /* default */ "false", "Don't enforce BIP68 sequence locks and timelocks. Don't use unless you know what you're doing!\n"} | |||
There was a problem hiding this comment.
I'll write a doc/release note for this :)
There was a problem hiding this comment.
Prefer turning maxfeerate into an options Object
|
Concept ACK. I hate to suggest significant scope creep, but I wonder if it might be more useful to:
For contract protocol developers making heavy use of timelocks, I think this gets you the flexible standardness checker @ariard was requesting in #20833. Examples:
I think the takeaways here are that you can always easily check absolute timelocks and heightlocks by passing in later specific times and heights (and checking things when it's easy is better than bypassing them). It's also easy to check relative locks in the same way for spends of UTXOs that have been confirmed. It's only for relative timelocks between unconfirmed transactions where I think you want to truly bypass checks. I think the above also addresses @ariard's comment about having more granular control over the bypasses. |
|
@harding ah, that is super helpful! Thanks! For overriding relative timelocks between unconfirmed transactions in a package, approach-wise, I think we could just add a special |
|
🐙 This pull request conflicts with the target branch and needs rebase. Want to unsubscribe from rebase notifications on this pull request? Just convert this pull request to a "draft". |
|
concept ACK, this type of feature has has the potential to help anyone using timelocks, a key feature in Bitcoin scripting and smart contracts. not scope creep but wondering what this could look like for pre-image reveals, adapter sigs |
|
Sad to see this closed. From the LDK-side, I think we're still interested to integrate such enhanced That said, I think I'm also to blame as I advocated this change without following-up on the review bandwidth. Maybe we can reconsider it, when we're done with other policy-related PRs, like package relay :) |
|
I wasn't really working on this (needed rebase for a long time) so I mostly wanted to mark it up for grabs in case somebody else wants to work on it. I do plan to revisit in the future when I have more time :) |
Draft because this depends on an open PR and I'm only looking for Concept ACKs for now.
With #20833, we can test transactions chains against validation rules + policy without broadcasting them. There was discussion about how to make it useful by applications which have spending paths that require some delay (e.g. "if Alice doesn't redeem, Bob can get the coins 144 blocks later"). This PR implements a
test_accept-only flag,bypass_timelocks, to skipCheckFinalTxandCheckSequenceLocks, i.e. that tx nLocktime and nSequence are ok based on the current block height/time. Script checks are still done as-is, so if the transaction itself has an error beyond not being final yet, it still fails.I've added a few lines here and there in the functional tests just to make sure it works as expected. If people think this is useful, I can write more tests from scratch.