Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: Dr.Z on December 05, 2017, 02:34:29 AM



Title: Thoughts on transaction pool and orphan pool and DOS attack
Post by: Dr.Z on December 05, 2017, 02:34:29 AM
When a node receives a transaction, it first verifies the signature is valid or not. If the transactions pass the validation with a correct signature, they are added to the transaction pool. If a transaction’s inputs refer to a transaction that is not yet known, the orphan transaction will be stored temporarily in the orphan pool.

DOS attack: Just simply fake some transactions with randomly generated key pairs, they will pass the validation and fill up the orphan pool(since the nodes cant find the input address).

Am I wrong with the transaction validation mechanism on the node or do I miss other technical details? Because this sounds trivial and no one thought about this?


Title: Re: Thoughts on transaction pool and orphan pool and DOS attack
Post by: Dr.Z on December 06, 2017, 01:56:06 AM
Wrong place?


Title: Re: Thoughts on transaction pool and orphan pool and DOS attack
Post by: unholycactus on December 06, 2017, 02:07:08 AM
The generated keys won't control any funds. This makes you unable to produce a valid transaction.


Title: Re: Thoughts on transaction pool and orphan pool and DOS attack
Post by: ranochigo on December 06, 2017, 11:53:27 AM
DOS attack: Just simply fake some transactions with randomly generated key pairs, they will pass the validation and fill up the orphan pool(since the nodes cant find the input address).

Am I wrong with the transaction validation mechanism on the node or do I miss other technical details? Because this sounds trivial and no one thought about this?
Nearly there. The orphan pools serves primarily those without a parent transaction that can be found in their UTXO. For those transactions, they are stored in a orphan pool with a max transaction size of only 100, if I'm not wrong.
You can't do much with it. Even if you want to spam up to their limits, its fruitless and it won't be relayed to other nodes.

Oooh wait, I found it: https://github.com/bitcoin/bitcoin/blob/3c098a8aa0780009c11b66b1a5d488a928629ebf/src/net_processing.h#L13.


Title: Re: Thoughts on transaction pool and orphan pool and DOS attack
Post by: Dr.Z on December 07, 2017, 01:00:34 AM
Nearly there. The orphan pools serves primarily those without a parent transaction that can be found in their UTXO. For those transactions, they are stored in a orphan pool with a max transaction size of only 100, if I'm not wrong.
You can't do much with it. Even if you want to spam up to their limits, its fruitless and it won't be relayed to other nodes.

Oooh wait, I found it: https://github.com/bitcoin/bitcoin/blob/3c098a8aa0780009c11b66b1a5d488a928629ebf/src/net_processing.h#L13.

Thank you. What happens when it reaches the limit. Drop existing transactions or refuse new coming transactions.
I think although the spams won't affect other transactions, it will somehow interrupt the service of orphan pool.


Title: Re: Thoughts on transaction pool and orphan pool and DOS attack
Post by: ranochigo on December 07, 2017, 02:47:34 AM
Thank you. What happens when it reaches the limit. Drop existing transactions or refuse new coming transactions.
I think although the spams won't affect other transactions, it will somehow interrupt the service of orphan pool.
For each additional orphan transaction newly received, the client will select one random transaction to kick out, IIRC.

Frankly speaking, the orphan pool isn't of too much importance and if anyone were to spam it, the service wouldn't be really affected either. The main transaction pool should be the mempool.