[Neo Core Fix]Fix https://github.com/neo-project/neo/issues/2862

[Jim8y]

Closes #2862

Description

There is an issue in the memorypool where attacker can dos the node by sending tons of transactions with ascending transaction fees.

Fixes # #2862

Type of change

• Optimization (the change is only an optimization)
• Style (the change is only a code style for better maintenance or standard purpose)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Test Configuration:

• TestReVerifyTopUnverifiedTransactionsIfNeeded
• TestReVerifyTopUnverifiedTransactionsWithSmartThrottler

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

[Jim8y]

@superboyiii can you help to test it? I will fix the test if this pr is truly working. @dusmart can you take a look?

[roman-khimov]

Not a solution to me.

[cschuchardt88]

Why are all these markdown file in with the source? Should be in docs folder in the root of the repo.

[Jim8y]

Why are all these markdown file in with the source? Should be in docs folder in the root of the repo.

I know what you mean, but we don't have a doc folder.

[Jim8y]

Not a solution to me.

I need more specific reason.

resolved

[shargon]

Partially review at Jim8y#1

[shargon]

committee address?

[vncoelho]

Move to config

[vncoelho]

I reviewed the PR, @Jim8y.
I see some hope in it right now.

This is currently not in milestone for 3.8.0, however, I will try to take a look more carefully soon.

[vncoelho]

_optimalMaxTransactionsPerSecond instead of _maxTransactionsPerSecond

[Jim8y]

no difference to the code.

[vncoelho]

nomenclature is bad like this, maxTransactionPerSecond for something that is variable does not looks good to me.

[vncoelho]

move to double as well and base %, already divided by 100.

The only use of it is aligned with memPool Use

[vncoelho]

get this value from previous line before calling the method, it is called just once as it is right now

[vncoelho]

I am not sure.

avgBlockTime should usually not be lower than " _system.Settings.MillisecondsPerBlock".
So, usually blockTimeRatio is close to "1".

So, there is an average load from 30 - 60

[Jim8y]

its either 0 or 30 actually.

[vncoelho]

How?

(int)(Math.Min(blockTimeRatio, 2) * 30);

BlockTimeRatio will never/RARELY be less than 1.
So the range is 30 - 60 in this formula

[vncoelho]

These weights does not look like %, they are more than 100

[Jim8y]

how could it be more than 100?

 var memPoolUtilization = (double)_memoryPool.Count / _system.Settings.MemoryPoolMaxTransactions * 100;

[vncoelho]

Check in the thread below

[vncoelho]

This is bad for any weight metric, insert some cut after weighting.

This part of the code needs enhanced.

If we decide move on with this solution I can later test and analyze.

[Jim8y]

Updated, now maximum load is 100.

[vncoelho]

how could it be more than 100?

The same reason you have this Math.Min(load, 100); here

[vncoelho]

This is bad formula as well, @Jim8y.
load += (avgBlockTime < _system.Settings.MillisecondsPerBlock?1:0) * 30; // Cap at 30 points is a degree function in control theory.

[vncoelho]

Previous formula was surely better, you just need to adjust the weights.

[Jim8y]

could not understand, maybe you can provide one for me.

[AnnaShaleva]

Not a solution to me.

I need more specific reason.

I agree with Roman, and I don't quite like the idea of restricting the node in that way. I also agree with the #2862 (comment), it seems that this problem should be resolved on a consensus level rather than by restricting TPS at mempool level.

[dusmart]

It's great to have a feasible solution here.

My concern is that will this smart throttler can not defend us from other DoS vectors. A possible scene maybe the leader CN chooses a low priority tx somehow, then the other CNs may not get that low priority tx during a heavy network load. Then the consensus could not be reached. I've got to say. This is not the issue introduced by this PR. It's there already.

It would be better if this or some new PRs could prevent the above scene.

[Jim8y]

I agree with Roman, and I don't quite like the idea of restricting the node in that way. I also agree with the #2862 (comment), it seems that this problem should be resolved on a consensus level rather than by restricting TPS at mempool level.

@AnnaShaleva I dont care about how you agree with roman, i am sorry to say this anna, you and roman are in the same community and ofcourse you are with him all the time. What i care is what is your solution, you can always say this is not a perfect solution, I accept that, but where is your solution? leaving the network unprotected for months even years just waiting for a perfect solution is your solution? Previously i also asked @shargon not to sayI dont like or I dont think , cause it means nothing to me, as i dont care about how you feel, but I do respect and value your technical opinion. Propose your solution, work on it, that is what we need right now.

You are such a great reviewer and core contributer, I will always carefully consider your suggestions. As long as its not some feeling.

[Jim8y]

replaced with #3631