HomePhabricator

[avalanche] Limit the size of the orphan proof pool

Description

[avalanche] Limit the size of the orphan proof pool

Summary:
This patch limits the peer manager's orphan proof tracking since orphans are
not guaranteed to have valid UTXOs nor connected nodes and therefore it's
difficult to sift out good vs bad orphan proofs.

Orphaned proofs usefulness varies by scenario:

A) IBD - We want to collect proofs as we start to establish connections to help
us build quorum. It's important to keep in mind these proofs cannot be trusted
until their UTXOs are valid, so we rely on first-seen principle to admit orphans
into the pool from the network up to the limit.

B) Reorg - We want to collect ALL proofs getting reorged so that we can
reconcile them regardless of orphan pool limit. If we do not do this, it's
trivial to force nodes to drop potentially-valid proofs during a reorg.

C) Proof received before UTXO - This is an uncommon occurrence with little
downside to dropping the proof, so we rely on best-effort (ie. the pool not
being full).

This patch implements the orphan proof pool limit in such a way that memory
is reasonably bounded under all three scenarios regardless of the
number/resourcing of malicious actors, with that bound being stricter for
orphans received from the network. Note that these assumptions hold best
with the implementation of a UTXO age limit for proofs, which has not yet
been completed. It will also be necessary to implement an expiration
mechanism so that junk orphans do not sit around forever. This is work for
future patches.

Test Plan:

ninja check-avalanche

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Subscribers: Fabien

Differential Revision: https://reviews.bitcoinabc.org/D11594

Details

Provenance
sdulfariAuthored on Jun 7 2022, 23:15
sdulfariPushed on Jun 10 2022, 23:54
Reviewer
Restricted Project
Differential Revision
D11594: [avalanche] Limit the size of the orphan proof pool
Parents
rABC8c4ef5405fc6: [avalanche] Send getavaproofs periodically to one random peer
Branches
Unknown
Tags
Unknown