Skip to content

[doc] explain why CheckBlock() is called before AcceptBlock#15545

Merged
maflcko merged 1 commit intobitcoin:masterfrom
Sjors:2019/03/clarify-checkblock
Jun 4, 2021
Merged

[doc] explain why CheckBlock() is called before AcceptBlock#15545
maflcko merged 1 commit intobitcoin:masterfrom
Sjors:2019/03/clarify-checkblock

Conversation

@Sjors
Copy link
Member

@Sjors Sjors commented Mar 6, 2019
edited
Loading

@Sjors
Copy link
Member Author

Sjors commented Mar 6, 2019
edited
Loading

@sdaftuar if there's a CVE for the v0.13 issue that might be better to link to. Also it would be nice to have a permanent URL for your PDF, which was quite insightful.

I would also like to improve the related comment in Merkle to better explain what "treating that identically" means:

bitcoin/src/consensus/merkle.cpp

Lines 37 to 40 in 6a178e5

valid) versions of the same block. We defend against this by detecting
the case where we would hash two identical hashes at the end of the list
together, and treating that identically to the block having an invalid
merkle root. Assuming no double-SHA256 collisions, this will detect all

@Sjors Sjors force-pushed the 2019/03/clarify-checkblock branch from 86b53a5 to 00a5e89 Compare March 6, 2019 12:09
@fanquake fanquake added the Docs label Mar 6, 2019
sdaftuar
sdaftuar reviewed Mar 6, 2019
View reviewed changes
src/validation.cpp Outdated

// Ensure that CheckBlock() passes before calling AcceptBlock, as
// belt-and-suspenders.
// belt-and-suspenders. When CheckBlock() fails, e.g. due to an unknown
Copy link
Member

@sdaftuar sdaftuar Mar 6, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might say something slightly different, to emphasize why we might want to keep this check here, even if we fix all the currently known malleability issues:

Skipping AcceptBlock() for CheckBlock() failures means that we will never mark a block as invalid if
CheckBlock() fails.  This is protective against consensus failure if there are any unknown forms of block
malleability that cause CheckBlock() to fail; see e.g. CVE-2012-2459 and 
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html.  Because CheckBlock() is
not very expensive, the anti-DoS benefits of caching failure (of a definitely-invalid block) are not substantial.

@sdaftuar
Copy link
Member

sdaftuar commented Mar 6, 2019

@sdaftuar if there's a CVE for the v0.13 issue that might be better to link to. Also it would be nice to have a permanent URL for your PDF, which was quite insightful.

I would also like to improve the related comment in Merkle to better explain what "treating that identically" means:

I wasn't sure if a CVE for the 0.13 issue is worth it at this point, anyway linking to the mailing list archive seems sufficient for now? I was planning to also PR a test that will catch a regression with regards to the issue I raised in that email, so I'd be happy to update the code comments at that point as well.

@Sjors
Copy link
Member Author

Sjors commented Mar 6, 2019

Such a test would be great. Feel free to include this change in your PR in that case. I'll just leave this open so we don't forget.

@luke-jr
Copy link
Member

luke-jr commented Apr 17, 2019

It's arguably the same issue as CVE-2017-12842

@DrahtBot
Copy link
Contributor

DrahtBot commented Jun 9, 2019
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

No conflicts as of last run.

This was referenced Feb 11, 2020
Closed
Closed
@DrahtBot DrahtBot closed this Mar 9, 2020
@DrahtBot
Copy link
Contributor

DrahtBot commented Mar 9, 2020

The last travis run for this pull request was 369 days ago and is thus outdated. To trigger a fresh travis build, this pull request should be closed and re-opened.

@DrahtBot DrahtBot reopened this Mar 9, 2020
@DrahtBot DrahtBot mentioned this pull request Jul 19, 2020
Closed
@DrahtBot DrahtBot mentioned this pull request May 31, 2021
Merged
@Sjors Sjors force-pushed the 2019/03/clarify-checkblock branch from 00a5e89 to 3d552b0 Compare June 3, 2021 17:12
@Sjors
Copy link
Member Author

Sjors commented Jun 3, 2021

Rebased and switched to @sdaftuar's suggested comment, which I found easier to read 2 years later...

@sdaftuar
Copy link
Member

sdaftuar commented Jun 3, 2021

Thanks for updating this, looks good to me.

@maflcko
Copy link
Member

maflcko commented Jun 4, 2021

cr ACK 3d552b0

@maflcko maflcko merged commit a748782 into bitcoin:master Jun 4, 2021
@Sjors Sjors deleted the 2019/03/clarify-checkblock branch June 4, 2021 07:54
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Jun 4, 2021
Merge bitcoin#15545: [doc] explain why CheckBlock() is called before …
7149e02 
…AcceptBlock

3d552b0 [doc] explain why CheckBlock() is called before AcceptBlock() (Sjors Provoost)

Pull request description:

  Based on https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html and its PDF attachment.

ACKs for top commit:
  MarcoFalke:
    cr ACK 3d552b0

Tree-SHA512: d1ef39855317853e0e7e051ec6015054d0d227fcdf20281c2c1921056537f1f79044aa1bdd35f46475edd17596fbcae79aeb338c4865b1269a01b158f6cb2ac4
gwillen pushed a commit to ElementsProject/elements that referenced this pull request Jun 1, 2022
@apoelstra
Merge a748782 into merged_master (Bitcoin PR bitcoin/bitcoin#15545)
35c1809
@bitcoin bitcoin locked as resolved and limited conversation to collaborators Aug 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@sdaftuar sdaftuar sdaftuar left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Docs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Sjors @sdaftuar @luke-jr @DrahtBot @maflcko @fanquake