-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Transaction is removed from Mempool cache if CheckTX result != 0 #5751
Comments
see tendermint#5751 Signed-off-by: p4u <pau@dabax.net>
What do you think about something like this? |
see tendermint/tendermint#5751 Signed-off-by: p4u <pau@dabax.net>
see tendermint#5751 Signed-off-by: p4u <pau@dabax.net>
I'm in favor of adding TTLs. Related tendermint/spec#154 |
see tendermint#5751 Signed-off-by: p4u <pau@dabax.net>
@melekes that's nice, however this thread seems to be kind of stopped. So I am not sure when this new approach will be available. Would it be fine for you meanwhile to accept my modification in order to let the user decide about the cache removal? |
It's been all of 29 hours and we're only human 😅 Anyways, thanks for all the info in Discord and for your diligent debugging. Again, I think we can patch this without waiting for our full upcoming mempool refactor. Going to capture a few notes from that conversation here:
|
see tendermint#5751 Signed-off-by: p4u <pau@dabax.net>
The more correct way to fix this may be introducing the I would also like to remind you that mempool cache is the first layer of protection against replay attacks, but since it's limited in size, ABCI application must also implement replay protection. |
Agree that's a better approach @melekes
Yes... I have been reminded several times for the replay protection. We do have it implemented :) |
Let's keep this in mind when considering the mempool refactor redesign. I don't think keeping it in the cache is a viable idea also changing ABCI might seem overkill (but maybe that is the preferred solution?). |
Here a clear example that shows the point of this issue:
That's a Tendermint network of 6 nodes. So the first time the TX enters the mempool it is OK. But then the same transaction is received 4 more times from other p2p nodes. So the checkTx is executed 5 times. Our replay protection will prevent it to go further but that's not a good strategy IMO.... The Tendermint cache should prevent the application from this, only in case the cache is Full this behavior should be possible. |
@alexanderbez as far as I understand, since you are now using protobuf for types, we don't break backwards compatibility so ABCI should not be affected. @melekes I'd need some help with protobuf. I am not sure how to compile it... Maybe it's worth you make it instead of me?
|
I'm wary of making additions like this at the abci level primarily because it sets a precedent. This is an implementation detail or lack there of that we are pushing into the abci level. This also requires specification updates in tendermint/spec Maybe the config approach is better if it really needs to happen in this codebase. The config is due for a cleanup so it would be easy to hide something in there that won't affect users.
There is a make command that uses docker: |
I undrestand @marbar3778 I think that since the whole mempool needs to be probably rewritten, an approach such as the config flag should be enough for now. At least for us, so +1 |
see tendermint#5751 Signed-off-by: p4u <pau@dabax.net>
If set to true, an invalid transaction will be kept in cache in order to avoid processing it again. see tendermint#5751 Signed-off-by: p4u <pau@dabax.net>
If set to true, an invalid transaction will be kept in cache in order to avoid processing it again. see #5751 Signed-off-by: p4u <pau@dabax.net>
When set to true, an invalid transaction will be kept in the cache (this may help some applications to protect against spam). NOTE: this is a temporary config option. The more correct solution would be to add a TTL to each transaction (i.e. CheckTx may return a TTL in ResponseCheckTx). Closes: #5751
When set to true, an invalid transaction will be kept in the cache (this may help some applications to protect against spam). NOTE: this is a temporary config option. The more correct solution would be to add a TTL to each transaction (i.e. CheckTx may return a TTL in ResponseCheckTx). Closes: #5751
When set to true, an invalid transaction will be kept in the cache (this may help some applications to protect against spam). NOTE: this is a temporary config option. The more correct solution would be to add a TTL to each transaction (i.e. CheckTx may return a TTL in ResponseCheckTx). Closes: #5751
When set to true, an invalid transaction will be kept in the cache (this may help some applications to protect against spam). NOTE: this is a temporary config option. The more correct solution would be to add a TTL to each transaction (i.e. CheckTx may return a TTL in ResponseCheckTx). Closes: #5751
Tendermint version (use
tendermint version
orgit rev-parse --verify HEAD
if installed from source):v0.34.0
ABCI app (name for built-in, URL for self-written if it's publicly available):
https://github.com/vocdoni/go-dvote
What happened:
If a transaction executed by checkTX returns an error code value (different from 0), the transaction is removed from the mempool cache as can be shown here: https://github.com/tendermint/tendermint/blob/master/mempool/clist_mempool.go#L453
That opens the door to spam/flood the tendermint application with invalid transactions, since the cache layer will let it pass always. The flow would be something like this:
Invalid transaction -> Cache -> CheckTx -> Remove from Cache -> Receive it again -> Cache -> CheckTx -> etc..
As far as I understand the mempool cache objective is to avoid this kind of problems, when a transaction is considered invalid or already executed it remains in the cache in order not let it go into the mempool again. So IMO this remove does not have much sense. In order to avoid a future-valid-transaction enter the mempool again, a TTL could be used for purging the cache.
What you expected to happen:
If this behavior does not want to be changed, the mempool implementation should export some method to enable/disable this cache removal, so the application developer might choose what to do.
The text was updated successfully, but these errors were encountered: