Ability to charge extra fee for operational transaction to prevent spam

[xlc]

I believe it is currently possible to spam & congest a network by submitting a lot of operational transactions. They will fail but they will be included prior than normal transactions unless a sufficiently high tip is added.

This could also potentially block some critical operational transactions.

A simple solution is modify the transaction fee for any operational transaction to add a high enough base fee, and refund it if the transaction succeeds. This will raise the cost of attack via failing operational transactions.

[bkchr]

CC @tomusdrw

[tomusdrw]

Yes. Operational extrinsics should be used carefully, and indeed they may introduce an extra weight (or extra base fee) that is refunded in case they are successful.

The OperationalFeeMultiplier controls how much priority they are given compared to Normal transactions. Normal transactions can place a significant tip value to get in front of the Operational ones and also other Operational ones may simply include a tip to prevent being "blocked".

Indeed the ChargeTransactionFeePayment could have a base_fee mechanism calculated automatically instead of configuring every Operational extrinsic manually (i.e. we require base_fee more before execution, but we charge without base_fee in case dispatch succeeds).