feat: double spend spam protection #1945
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
grumbach
commented
Jul 5, 2024
Comment on lines
-31
to
-36
| /// The maximum number of double spend attempts to store that we got from PUTs | ||
| const MAX_DOUBLE_SPEND_ATTEMPTS_TO_KEEP_FROM_PUTS: usize = 15; | ||
|
|
||
| /// The maximum number of double spend attempts to store inside a record | ||
| const MAX_DOUBLE_SPEND_ATTEMPTS_TO_KEEP_PER_RECORD: usize = 30; | ||
|
|
There was a problem hiding this comment.
The MAX is now 2 as this measure protected us until the attackers reached the MAX double spent attempt to keep!
grumbach
force-pushed
the
double_spend_spam_protection
branch
from
bd81c37 to
4cec77c
Compare
RolandSherwin
force-pushed
the
double_spend_spam_protection
branch
from
4cec77c to
551b542
Compare
sn_node/src/put_validation.rs
Outdated
| let array: Vec<_> = live_spends.clone().into_iter().collect(); | ||
| if let [one, two] = array.as_slice() { | ||
| warn!("Got two live spends {one:?} and {two:?}, things are messed up!"); | ||
| return Ok((one.to_owned().clone(), two.to_owned().clone())); |
There was a problem hiding this comment.
If we return early here, will we have an inconsistent state among our nodes if there are more than 2 live branches?
Having >1 live branch is very unlikely, but should we collect all live branches and then return the first 2, just to be deterministic?
There was a problem hiding this comment.
You are absolutely right!
grumbach
force-pushed
the
double_spend_spam_protection
branch
from
551b542 to
1bc3e4a
Compare
grumbach
force-pushed
the
double_spend_spam_protection
branch
from
331bdf8 to
8071507
Compare
grumbach
force-pushed
the
double_spend_spam_protection
branch
from
0e489e1 to
b3a73f7
Compare
RolandSherwin
approved these changes
Jul 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The attack
An attack to hide a good spend. Say we have:
A->B->C->D
The attacker wants to get rid of B to poison C and D. They can spam the network with lots of double spends for B until none of the nodes have the original one. The attack is quite intricate and we discussed different alternatives with 2 spends as max for a spend record or unlimited (record size) as max. In both cases the attack was successful.
The solution was to add a descendency check in the case where we have more than 2 spends to choose which to keep: