Page MenuHomePhabricator

[avalanche] Limit the size of the orphan proof pool
ClosedPublic

Authored by sdulfari on Jun 9 2022, 03:58.

Details

Reviewers
Fabien
Group Reviewers
Restricted Project
Commits
rABCa4e16bfa942c: [avalanche] Limit the size of the orphan proof pool
Summary

This patch limits the peer manager's orphan proof tracking since orphans are
not guaranteed to have valid UTXOs nor connected nodes and therefore it's
difficult to sift out good vs bad orphan proofs.

Orphaned proofs usefulness varies by scenario:

A) IBD - We want to collect proofs as we start to establish connections to help
us build quorum. It's important to keep in mind these proofs cannot be trusted
until their UTXOs are valid, so we rely on first-seen principle to admit orphans
into the pool from the network up to the limit.

B) Reorg - We want to collect ALL proofs getting reorged so that we can
reconcile them regardless of orphan pool limit. If we do not do this, it's
trivial to force nodes to drop potentially-valid proofs during a reorg.

C) Proof received before UTXO - This is an uncommon occurrence with little
downside to dropping the proof, so we rely on best-effort (ie. the pool not
being full).

This patch implements the orphan proof pool limit in such a way that memory
is reasonably bounded under all three scenarios regardless of the
number/resourcing of malicious actors, with that bound being stricter for
orphans received from the network. Note that these assumptions hold best
with the implementation of a UTXO age limit for proofs, which has not yet
been completed. It will also be necessary to implement an expiration
mechanism so that junk orphans do not sit around forever. This is work for
future patches.

Test Plan
ninja check-avalanche

Diff Detail

Event Timeline

Bumped limit to work better during IBD

sdulfari edited the summary of this revision. (Show Details)
sdulfari published this revision for review.Jun 9 2022, 21:44
sdulfari edited the summary of this revision. (Show Details)
Fabien requested changes to this revision.Jun 10 2022, 20:09
Fabien added a subscriber: Fabien.
Fabien added inline comments.
src/avalanche/peermanager.cpp
220

This can also be triggered by a new block, not only a new proof from the network

src/avalanche/test/peermanager_tests.cpp
843

You might want to test these orphans are evicted after another block is connected so the pool will not grow

This revision now requires changes to proceed.Jun 10 2022, 20:09
  • Make comments more accurate
  • Made AVALANCHE_MAX_ORPHAN_PROOFS static
  • Added missing test cases for replacement and trimming when pool is full
This revision is now accepted and ready to land.Jun 10 2022, 22:06