| blob | c1569545b4e9f862301d6311bd0f50ded798591c |
1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2015 The Bitcoin Core developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
40 #include <atomic>
41 #include <sstream>
43 #include <boost/algorithm/string/replace.hpp>
44 #include <boost/algorithm/string/join.hpp>
45 #include <boost/filesystem.hpp>
46 #include <boost/filesystem/fstream.hpp>
47 #include <boost/math/distributions/poisson.hpp>
48 #include <boost/thread.hpp>
52 #if defined(NDEBUG)
54 #endif
56 /**
57 * Global state
58 */
60 CCriticalSection cs_main;
62 BlockMap mapBlockIndex;
63 CChain chainActive;
66 CWaitableCriticalSection csBestBlock;
67 CConditionVariable cvBlockChange;
92 CTransaction tx;
93 NodeId fromPeer;
94 };
99 /**
100 * Returns true if there are nRequired or more blocks of minVersion or above
101 * in the last Consensus::Params::nMajorityWindow blocks, starting at pstart and going backwards.
102 */
103 static bool IsSuperMajority(int minVersion, const CBlockIndex* pstart, unsigned nRequired, const Consensus::Params& consensusParams);
106 /** Constant stuff for coinbase transactions we create: */
107 CScript COINBASE_FLAGS;
111 // Internal stuff
114 struct CBlockIndexWorkComparator
115 {
117 // First sort by most total work, ...
121 // ... then by earliest time received, ...
125 // Use pointer address as tie breaker (should only happen with blocks
126 // loaded from disk, as those all have id 0).
130 // Identical blocks.
132 }
133 };
137 /**
138 * The set of all CBlockIndex entries with BLOCK_VALID_TRANSACTIONS (for itself and all ancestors) and
139 * as good as our current tip or better. Entries may be failed, though, and pruning nodes may be
140 * missing the data for the block.
141 */
143 /** Number of nodes with fSyncStarted. */
145 /** All pairs A->B, where A (or one of its ancestors) misses transactions, but B has transactions.
146 * Pruned nodes may have entries where B is missing data.
147 */
150 CCriticalSection cs_LastBlockFile;
153 /** Global flag to indicate we should check to see if there are
154 * block/undo files that should be deleted. Set on startup
155 * or if we allocate more file space when we're in prune mode
156 */
159 /**
160 * Every received block is assigned a unique and increasing identifier, so we
161 * know which one to give priority in case of a fork.
162 */
163 CCriticalSection cs_nBlockSequenceId;
164 /** Blocks loaded from disk are assigned id 0, so start the counter at 1. */
167 /**
168 * Sources of received blocks, saved to be able to send them reject
169 * messages or ban them when processing happens afterwards. Protected by
170 * cs_main.
171 */
174 /**
175 * Filter for transactions that were recently rejected by
176 * AcceptToMemoryPool. These are not rerequested until the chain tip
177 * changes, at which point the entire filter is reset. Protected by
178 * cs_main.
179 *
180 * Without this filter we'd be re-requesting txs from each of our peers,
181 * increasing bandwidth consumption considerably. For instance, with 100
182 * peers, half of which relay a tx we don't accept, that might be a 50x
183 * bandwidth increase. A flooding attacker attempting to roll-over the
184 * filter using minimum-sized, 60byte, transactions might manage to send
185 * 1000/sec if we have fast peers, so we pick 120,000 to give our peers a
186 * two minute window to send invs to us.
187 *
188 * Decreasing the false positive rate is fairly cheap, so we pick one in a
189 * million to make it highly unlikely for users to have issues with this
190 * filter.
191 *
192 * Memory used: 1.3 MB
193 */
195 uint256 hashRecentRejectsChainTip;
197 /** Blocks that are in flight, and that are in the queue to be downloaded. Protected by cs_main. */
199 uint256 hash;
202 };
205 /** Number of preferable block download peers. */
208 /** Dirty block index entries. */
211 /** Dirty block file entries. */
214 /** Number of peers from which we're downloading blocks. */
217 /** Relay map, protected by cs_main. */
219 MapRelay mapRelay;
220 /** Expiration-time ordered list of (expire time, relay map entry) pairs, protected by cs_main). */
224 //////////////////////////////////////////////////////////////////////////////
225 //
226 // Registration of network node signals.
227 //
233 string strRejectReason;
234 uint256 hashBlock;
235 };
237 /**
238 * Maintain validation-specific state about nodes, protected by cs_main, instead
239 * by CNode's own locks. This simplifies asynchronous operation, where
240 * processing of incoming data is done after the ProcessMessage call returns,
241 * and we're no longer holding the node's locks.
242 */
244 //! The peer's address
245 CService address;
246 //! Whether we have a fully established connection.
248 //! Accumulated misbehaviour score for this peer.
250 //! Whether this peer should be disconnected and banned (unless whitelisted).
252 //! String name of this peer (debugging/logging purposes).
254 //! List of asynchronously-determined block rejections to notify this peer about.
256 //! The best known block we know this peer has announced.
258 //! The hash of the last unknown block this peer has announced.
259 uint256 hashLastUnknownBlock;
260 //! The last full block we both have.
262 //! The best header we have sent our peer.
264 //! Whether we've started headers synchronization with this peer.
266 //! Since when we're stalling block download progress (in microseconds), or 0.
269 //! When the first entry in vBlocksInFlight started downloading. Don't care when vBlocksInFlight is empty.
273 //! Whether we consider this a preferred download peer.
275 //! Whether this peer wants invs or headers (when possible) for block announcements.
293 }
294 };
296 /** Map maintaining per-node state. Requires cs_main. */
299 // Requires cs_main.
305 }
308 {
311 }
314 {
317 // Whether this node should be marked as a preferred download node.
318 state->fPreferredDownload = (!node->fInbound || node->fWhitelisted) && !node->fOneShot && !node->fClient;
321 }
328 }
335 nSyncStarted--;
339 }
343 }
352 // Do a consistency check after the last peer is removed.
356 }
357 }
359 // Requires cs_main.
360 // Returns a bool indicating whether we requested this block.
362 map<uint256, pair<NodeId, list<QueuedBlock>::iterator> >::iterator itInFlight = mapBlocksInFlight.find(hash);
367 // Last validated block on the queue was received.
368 nPeersWithValidatedDownloads--;
369 }
371 // First block on the queue was received, update the start download time for the next one
373 }
379 }
381 }
383 // Requires cs_main.
384 void MarkBlockAsInFlight(NodeId nodeid, const uint256& hash, const Consensus::Params& consensusParams, CBlockIndex *pindex = NULL) {
388 // Make sure it's not listed somewhere already.
392 list<QueuedBlock>::iterator it = state->vBlocksInFlight.insert(state->vBlocksInFlight.end(), newentry);
396 // We're starting a block download (batch) from this peer.
398 }
400 nPeersWithValidatedDownloads++;
401 }
403 }
405 /** Check whether the last unknown block a peer advertised is not yet known. */
413 if (state->pindexBestKnownBlock == NULL || itOld->second->nChainWork >= state->pindexBestKnownBlock->nChainWork)
416 }
417 }
418 }
420 /** Update tracking information about which blocks a peer is assumed to have. */
429 // An actually better block was announced.
430 if (state->pindexBestKnownBlock == NULL || it->second->nChainWork >= state->pindexBestKnownBlock->nChainWork)
433 // An unknown block was announced; just assume that the latest one is the best one.
435 }
436 }
438 // Requires cs_main
440 {
441 return chainActive.Tip()->GetBlockTime() > GetAdjustedTime() - consensusParams.nPowTargetSpacing * 20;
442 }
444 // Requires cs_main
446 {
447 if (state->pindexBestKnownBlock && pindex == state->pindexBestKnownBlock->GetAncestor(pindex->nHeight))
449 if (state->pindexBestHeaderSent && pindex == state->pindexBestHeaderSent->GetAncestor(pindex->nHeight))
452 }
454 /** Find the last common ancestor two blocks have.
455 * Both pa and pb must be non-NULL. */
461 }
466 }
468 // Eventually all chain branches meet at the genesis block.
471 }
473 /** Update pindexLastCommonBlock and add not-in-flight missing successors to vBlocks, until it has
474 * at most count entries. */
475 void FindNextBlocksToDownload(NodeId nodeid, unsigned int count, std::vector<CBlockIndex*>& vBlocks, NodeId& nodeStaller) {
483 // Make sure pindexBestKnownBlock is up to date, we'll need it.
486 if (state->pindexBestKnownBlock == NULL || state->pindexBestKnownBlock->nChainWork < chainActive.Tip()->nChainWork) {
487 // This peer has nothing interesting.
489 }
492 // Bootstrap quickly by guessing a parent of our best tip is the forking point.
493 // Guessing wrong in either direction is not a problem.
494 state->pindexLastCommonBlock = chainActive[std::min(state->pindexBestKnownBlock->nHeight, chainActive.Height())];
495 }
497 // If the peer reorganized, our previous pindexLastCommonBlock may not be an ancestor
498 // of its current tip anymore. Go back enough to fix that.
499 state->pindexLastCommonBlock = LastCommonAncestor(state->pindexLastCommonBlock, state->pindexBestKnownBlock);
505 // Never fetch further than the best block we know the peer has, or more than BLOCK_DOWNLOAD_WINDOW + 1 beyond the last
506 // linked block we have in common with this peer. The +1 is so we can detect stalling, namely if we would be able to
507 // download that next block if the window were 1 larger.
512 // Read up to 128 (or more, if more blocks than that are needed) successors of pindexWalk (towards
513 // pindexBestKnownBlock) into vToFetch. We fetch 128, because CBlockIndex::GetAncestor may be as expensive
514 // as iterating over ~100 CBlockIndex* entries anyway.
515 int nToFetch = std::min(nMaxHeight - pindexWalk->nHeight, std::max<int>(count - vBlocks.size(), 128));
521 }
523 // Iterate over those blocks in vToFetch (in forward direction), adding the ones that
524 // are not yet downloaded and not in flight to vBlocks. In the mean time, update
525 // pindexLastCommonBlock as long as all ancestors are already downloaded, or if it's
526 // already part of our chain (and therefore don't need it even if pruned).
529 // We consider the chain that this peer is on invalid.
531 }
536 // The block is not already downloaded, and not yet in flight.
538 // We reached the end of the window.
540 // We aren't able to fetch anything, but we would be if the download window was one larger.
542 }
544 }
548 }
550 // This is the first already-in-flight block.
552 }
553 }
554 }
555 }
566 stats.nCommonHeight = state->pindexLastCommonBlock ? state->pindexLastCommonBlock->nHeight : -1;
570 }
572 }
575 {
581 }
584 {
590 }
593 {
594 // Find the first block the caller has in the main chain
598 {
602 }
603 }
605 }
610 //////////////////////////////////////////////////////////////////////////////
611 //
612 // mapOrphanTransactions
613 //
616 {
621 // Ignore big transactions, to avoid a
622 // send-big-orphans memory exhaustion attack. If a peer has a legitimate
623 // large transaction with a missing parent then we assume
624 // it will rebroadcast it later, after the parent transaction(s)
625 // have been mined or received.
626 // 10,000 orphans, each of which is at most 5,000 bytes big is
627 // at most 500 megabytes of orphans:
630 {
633 }
643 }
646 {
651 {
652 map<uint256, set<uint256> >::iterator itPrev = mapOrphanTransactionsByPrev.find(txin.prevout.hash);
658 }
660 }
663 {
667 {
668 map<uint256, COrphanTx>::iterator maybeErase = iter++; // increment to avoid iterator becoming invalid
670 {
673 }
674 }
676 }
680 {
683 {
684 // Evict a random orphan:
691 }
693 }
696 {
699 if ((int64_t)tx.nLockTime < ((int64_t)tx.nLockTime < LOCKTIME_THRESHOLD ? (int64_t)nBlockHeight : nBlockTime))
704 }
706 }
709 {
712 // By convention a negative value for flags indicates that the
713 // current network-enforced consensus rules should be used. In
714 // a future soft-fork scenario that would mean checking which
715 // rules would be enforced for the next block and setting the
716 // appropriate flags. At the present time no soft-forks are
717 // scheduled, so no flags are set.
720 // CheckFinalTx() uses chainActive.Height()+1 to evaluate
721 // nLockTime because when IsFinalTx() is called within
722 // CBlock::AcceptBlock(), the height of the block *being*
723 // evaluated is what is used. Thus if we want to know if a
724 // transaction can be part of the *next* block, we need to call
725 // IsFinalTx() with one more than chainActive.Height().
728 // BIP113 will require that time-locked transactions have nLockTime set to
729 // less than the median time of the previous block they're contained in.
730 // When the next block is created its previous block will be the current
731 // chain tip, so we use that to calculate the median time passed to
732 // IsFinalTx() if LOCKTIME_MEDIAN_TIME_PAST is set.
738 }
740 /**
741 * Calculates the block height and previous block's median time past at
742 * which the transaction will be considered final in the context of BIP 68.
743 * Also removes from the vector of input heights any entries which did not
744 * correspond to sequence locked inputs as they do not affect the calculation.
745 */
746 static std::pair<int, int64_t> CalculateSequenceLocks(const CTransaction &tx, int flags, std::vector<int>* prevHeights, const CBlockIndex& block)
747 {
750 // Will be set to the equivalent height- and time-based nLockTime
751 // values that would be necessary to satisfy all relative lock-
752 // time constraints given our view of block chain history.
753 // The semantics of nLockTime are the last invalid height/time, so
754 // use -1 to have the effect of any height or time being valid.
758 // tx.nVersion is signed integer so requires cast to unsigned otherwise
759 // we would be doing a signed comparison and half the range of nVersion
760 // wouldn't support BIP 68.
764 // Do not enforce sequence numbers as a relative lock time
765 // unless we have been instructed to
768 }
773 // Sequence numbers with the most significant bit set are not
774 // treated as relative lock-times, nor are they given any
775 // consensus-enforced meaning at this point.
777 // The height of this input is not relevant for sequence locks
780 }
786 // NOTE: Subtract 1 to maintain nLockTime semantics
787 // BIP 68 relative lock times have the semantics of calculating
788 // the first block or time at which the transaction would be
789 // valid. When calculating the effective block time or height
790 // for the entire transaction, we switch to using the
791 // semantics of nLockTime which is the last invalid block
792 // time or height. Thus we subtract 1 from the calculated
793 // time or height.
795 // Time-based relative lock-times are measured from the
796 // smallest allowed timestamp of the block containing the
797 // txout being spent, which is the median time past of the
798 // block prior.
799 nMinTime = std::max(nMinTime, nCoinTime + (int64_t)((txin.nSequence & CTxIn::SEQUENCE_LOCKTIME_MASK) << CTxIn::SEQUENCE_LOCKTIME_GRANULARITY) - 1);
801 nMinHeight = std::max(nMinHeight, nCoinHeight + (int)(txin.nSequence & CTxIn::SEQUENCE_LOCKTIME_MASK) - 1);
802 }
803 }
806 }
809 {
816 }
818 bool SequenceLocks(const CTransaction &tx, int flags, std::vector<int>* prevHeights, const CBlockIndex& block)
819 {
821 }
824 {
827 // If there are relative lock times then the maxInputBlock will be set
828 // If there are no relative lock times, the LockPoints don't depend on the chain
830 // Check whether chainActive is an extension of the block at which the LockPoints
831 // calculation was valid. If not LockPoints are no longer valid
834 }
835 }
837 // LockPoints still valid
839 }
841 bool CheckSequenceLocks(const CTransaction &tx, int flags, LockPoints* lp, bool useExistingLockPoints)
842 {
847 CBlockIndex index;
849 // CheckSequenceLocks() uses chainActive.Height()+1 to evaluate
850 // height based locks because when SequenceLocks() is called within
851 // ConnectBlock(), the height of the block *being*
852 // evaluated is what is used.
853 // Thus if we want to know if a transaction can be part of the
854 // *next* block, we need to use one more than chainActive.Height()
862 }
864 // pcoinsTip contains the UTXO set for chainActive.Tip()
870 CCoins coins;
873 }
875 // Assume all mempool transaction confirm in the next block
879 }
880 }
885 // Also store the hash of the block with the highest height of
886 // all the blocks which have sequence locked prevouts.
887 // This hash needs to still be on the chain
888 // for these LockPoint calculations to be valid
889 // Note: It is impossible to correctly calculate a maxInputBlock
890 // if any of the sequence locked inputs depend on unconfirmed txs,
891 // except in the special case where the relative lock time/height
892 // is 0, which is equivalent to no sequence lock. Since we assume
893 // input height of tip+1 for mempool txs and test the resulting
894 // lockPair from CalculateSequenceLocks against tip+1. We know
895 // EvaluateSequenceLocks will fail if there was a non-zero sequence
896 // lock on a mempool input, so we can use the return value of
897 // CheckSequenceLocks to indicate the LockPoints validity
900 // Can ignore mempool inputs since we'll fail if they had non-zero locks
903 }
904 }
906 }
907 }
909 }
913 {
916 {
918 }
920 {
922 }
924 }
927 {
933 {
937 }
939 }
949 {
950 // Basic checks that don't depend on any context
955 // Size limits
959 // Check for negative or overflow output values
962 {
970 }
972 // Check for duplicate inputs
975 {
979 }
982 {
985 }
986 else
987 {
991 }
994 }
1005 }
1007 /** Convert CValidationState to a human-readable message for logging */
1009 {
1014 }
1016 bool AcceptToMemoryPoolWorker(CTxMemPool& pool, CValidationState& state, const CTransaction& tx, bool fLimitFree,
1019 {
1028 // Coinbase is only valid in a block, not as a loose transaction
1032 // Rather not work on nonstandard transactions (unless -testnet/-regtest)
1033 string reason;
1037 // Don't relay version 2 transactions until CSV is active, and we can be
1038 // sure that such transactions will be mined (unless we're on
1039 // -testnet/-regtest).
1041 if (fRequireStandard && tx.nVersion >= 2 && VersionBitsTipState(chainparams.GetConsensus(), Consensus::DEPLOYMENT_CSV) != THRESHOLD_ACTIVE) {
1043 }
1045 // Only accept nLockTime-using transactions that can be mined in the next
1046 // block; we don't want our mempool filled up with transactions that can't
1047 // be mined yet.
1051 // is it already in the memory pool?
1055 // Check for conflicts with in-memory transactions
1057 {
1060 {
1063 {
1066 {
1067 // Allow opt-out of transaction replacement by setting
1068 // nSequence >= maxint-1 on all inputs.
1069 //
1070 // maxint-1 is picked to still allow use of nLockTime by
1071 // non-replacable transactions. All inputs rather than just one
1072 // is for the sake of multi-party protocols, where we don't
1073 // want a single party to be able to disable replacement.
1074 //
1075 // The opt-out ignores descendants as anyone relying on
1076 // first-seen mempool behavior should be checking all
1077 // unconfirmed ancestors anyway; doing otherwise is hopelessly
1078 // insecure.
1081 {
1083 {
1085 {
1088 }
1089 }
1090 }
1095 }
1096 }
1097 }
1098 }
1100 {
1101 CCoinsView dummy;
1105 LockPoints lp;
1106 {
1111 // do we already have it?
1117 }
1119 // do all inputs exist?
1120 // Note that this does not check for the presence of actual outputs (see the next check for that),
1121 // and only helps with filling in pfMissingInputs (to determine missing vs spent).
1128 return false; // fMissingInputs and !state.IsInvalid() is used to detect this condition, don't set state.Invalid()
1129 }
1130 }
1132 // are the actual inputs available?
1136 // Bring the best block into scope
1141 // we have all inputs cached now, so switch back to dummy, so we don't need to keep lock on mempool
1144 // Only accept BIP68 sequence locked transactions that can be mined in the next
1145 // block; we don't want our mempool filled up with transactions that can't
1146 // be mined yet.
1147 // Must keep pool.cs for this unless we change CheckSequenceLocks to take a
1148 // CoinsViewCache instead of create its own
1151 }
1153 // Check for non-standard pay-to-script-hash in inputs
1162 // nModifiedFees includes any fee deltas from PrioritiseTransaction
1167 CAmount inChainInputValue;
1170 // Keep track of transactions that spend a coinbase, which we re-scan
1171 // during reorgs to ensure COINBASE_MATURITY is still met.
1178 }
1179 }
1181 CTxMemPoolEntry entry(tx, nFees, GetTime(), dPriority, chainActive.Height(), pool.HasNoInputsOf(tx), inChainInputValue, fSpendsCoinbase, nSigOps, lp);
1184 // Check that the transaction doesn't have an excessive number of
1185 // sigops, making it impossible to mine. Since the coinbase transaction
1186 // itself can contain sigops MAX_STANDARD_TX_SIGOPS is less than
1187 // MAX_BLOCK_SIGOPS; we still consider this an invalid rather than
1188 // merely non-standard transaction.
1189 if ((nSigOps > MAX_STANDARD_TX_SIGOPS) || (nBytesPerSigOp && nSigOps > nSize / nBytesPerSigOp))
1193 CAmount mempoolRejectFee = pool.GetMinFee(GetArg("-maxmempool", DEFAULT_MAX_MEMPOOL_SIZE) * 1000000).GetFee(nSize);
1195 return state.DoS(0, false, REJECT_INSUFFICIENTFEE, "mempool min fee not met", false, strprintf("%d < %d", nFees, mempoolRejectFee));
1196 } else if (GetBoolArg("-relaypriority", DEFAULT_RELAYPRIORITY) && nModifiedFees < ::minRelayTxFee.GetFee(nSize) && !AllowFree(entry.GetPriority(chainActive.Height() + 1))) {
1197 // Require that free transactions have sufficient priority to be mined in the next block.
1199 }
1201 // Continuously rate-limit free (really, very-low-fee) transactions
1202 // This mitigates 'penny-flooding' -- sending thousands of free transactions just to
1203 // be annoying or make others' transactions take longer to confirm.
1205 {
1213 // Use an exponentially decaying ~10-minute window:
1216 // -limitfreerelay unit is thousand-bytes-per-minute
1217 // At default rate it would take over a month to fill 1GB
1222 }
1229 // Calculate in-mempool ancestors, up to a limit.
1234 size_t nLimitDescendantSize = GetArg("-limitdescendantsize", DEFAULT_DESCENDANT_SIZE_LIMIT)*1000;
1236 if (!pool.CalculateMemPoolAncestors(entry, setAncestors, nLimitAncestors, nLimitAncestorSize, nLimitDescendants, nLimitDescendantSize, errString)) {
1238 }
1240 // A transaction that spends outputs that would be replaced by it is invalid. Now
1241 // that we have the set of all ancestors we can detect this
1242 // pathological case by making sure setConflicts and setAncestors don't
1243 // intersect.
1245 {
1248 {
1254 }
1255 }
1257 // Check if it's economically rational to mine this transaction rather
1258 // than the ones it replaces.
1264 // If we don't hold the lock allConflicting might be incomplete; the
1265 // subsequent RemoveStaged() and addUnchecked() calls don't guarantee
1266 // mempool consistency for us.
1269 {
1275 {
1280 // Save these to avoid repeated lookups
1283 // Don't allow the replacement to reduce the feerate of the
1284 // mempool.
1285 //
1286 // We usually don't want to accept replacements with lower
1287 // feerates than what they replaced as that would lower the
1288 // feerate of the next block. Requiring that the feerate always
1289 // be increased is also an easy-to-reason about way to prevent
1290 // DoS attacks via replacements.
1291 //
1292 // The mining code doesn't (currently) take children into
1293 // account (CPFP) so we only consider the feerates of
1294 // transactions being directly replaced, not their indirect
1295 // descendants. While that does mean high feerate children are
1296 // ignored when deciding whether or not to replace, we do
1297 // require the replacement to pay more overall fees too,
1298 // mitigating most cases.
1301 {
1308 }
1311 {
1313 }
1316 }
1317 // This potentially overestimates the number of actual descendants
1318 // but we just want to be conservative to avoid doing too much
1319 // work.
1321 // If not too many to replace, then calculate the set of
1322 // transactions that would have to be evicted
1325 }
1329 }
1335 nConflictingCount,
1336 maxDescendantsToVisit));
1337 }
1340 {
1341 // We don't want to accept replacements that require low
1342 // feerate junk to be mined first. Ideally we'd keep track of
1343 // the ancestor feerates and make the decision based on that,
1344 // but for now requiring all new inputs to be confirmed works.
1346 {
1347 // Rather than check the UTXO set - potentially expensive -
1348 // it's cheaper to just check if the new input refers to a
1349 // tx that's in the mempool.
1355 }
1356 }
1358 // The replacement must pay greater fees than the transactions it
1359 // replaces - if we did the bandwidth used by those conflicting
1360 // transactions would not be paid for.
1362 {
1367 }
1369 // Finally in addition to paying more fees than the conflicts the
1370 // new transaction must pay for its own bandwidth.
1373 {
1380 }
1381 }
1383 // Check against previous transactions
1384 // This is done last to help prevent CPU exhaustion denial-of-service attacks.
1388 // Check again against just the consensus-critical mandatory script
1389 // verification flags, in case of bugs in the standard flags that cause
1390 // transactions to pass as valid when they're actually invalid. For
1391 // instance the STRICTENC flag was incorrectly allowing certain
1392 // CHECKSIG NOT scripts to pass, even though they were invalid.
1393 //
1394 // There is a similar check in CreateNewBlock() to prevent creating
1395 // invalid blocks, however allowing such transactions into the mempool
1396 // can be exploited as a DoS attack.
1398 {
1399 return error("%s: BUG! PLEASE REPORT THIS! ConnectInputs failed against MANDATORY but not STANDARD flags %s, %s",
1401 }
1403 // Remove conflicting transactions from the mempool
1405 {
1411 }
1414 // Store transaction in memory
1417 // trim mempool and check if tx was trimmed
1419 LimitMempoolSize(pool, GetArg("-maxmempool", DEFAULT_MAX_MEMPOOL_SIZE) * 1000000, GetArg("-mempoolexpiry", DEFAULT_MEMPOOL_EXPIRY) * 60 * 60);
1422 }
1423 }
1428 }
1430 bool AcceptToMemoryPool(CTxMemPool& pool, CValidationState &state, const CTransaction &tx, bool fLimitFree,
1432 {
1434 bool res = AcceptToMemoryPoolWorker(pool, state, tx, fLimitFree, pfMissingInputs, fOverrideMempoolLimit, nAbsurdFee, vHashTxToUncache);
1438 }
1440 }
1442 /** Return transaction in tx, and if it was found inside a block, its hash is placed in hashBlock */
1443 bool GetTransaction(const uint256 &hash, CTransaction &txOut, const Consensus::Params& consensusParams, uint256 &hashBlock, bool fAllowSlow)
1444 {
1451 {
1454 }
1457 CDiskTxPos postx;
1462 CBlockHeader header;
1469 }
1474 }
1475 }
1479 {
1484 }
1487 }
1490 CBlock block;
1497 }
1498 }
1499 }
1500 }
1503 }
1510 //////////////////////////////////////////////////////////////////////////////
1511 //
1512 // CBlock and CBlockIndex
1513 //
1515 bool WriteBlockToDisk(const CBlock& block, CDiskBlockPos& pos, const CMessageHeader::MessageStartChars& messageStart)
1516 {
1517 // Open history file to append
1522 // Write index header
1526 // Write block
1534 }
1536 bool ReadBlockFromDisk(CBlock& block, const CDiskBlockPos& pos, const Consensus::Params& consensusParams)
1537 {
1540 // Open history file to read
1545 // Read block
1548 }
1551 }
1553 // Check the header
1558 }
1560 bool ReadBlockFromDisk(CBlock& block, const CBlockIndex* pindex, const Consensus::Params& consensusParams)
1561 {
1565 return error("ReadBlockFromDisk(CBlock&, CBlockIndex*): GetHash() doesn't match index for %s at %s",
1568 }
1571 {
1573 // Force block reward to zero when right shift is undefined.
1578 // Subsidy is cut in half every 210,000 blocks which will occur approximately every 4 years.
1581 }
1584 {
1587 // Once this function has returned false, it must remain false.
1589 // Optimization: pre-test latch before taking the lock.
1598 if (fCheckpointsEnabled && chainActive.Height() < Checkpoints::GetTotalBlocksEstimate(chainParams.Checkpoints()))
1601 std::max(chainActive.Tip()->GetBlockTime(), pindexBestHeader->GetBlockTime()) < GetTime() - nMaxTipAge);
1605 }
1612 {
1617 // Alert text should be plain ascii coming from a trusted source, but to
1618 // be safe we first strip anything not in safeChars, then add single quotes around
1619 // the whole string before passing it to the shell:
1626 }
1629 {
1631 // Before we get past initial download, we cannot reliably alert about forks
1632 // (we assume we don't get stuck on a fork before the last checkpoint)
1636 // If our best fork is no longer within 72 blocks (+/- 12 hours if no one mines it)
1637 // of our head, drop it
1641 if (pindexBestForkTip || (pindexBestInvalid && pindexBestInvalid->nChainWork > chainActive.Tip()->nChainWork + (GetBlockProof(*chainActive.Tip()) * 6)))
1642 {
1644 {
1645 std::string warning = std::string("'Warning: Large-work fork detected, forking after block ") +
1648 }
1650 {
1651 LogPrintf("%s: Warning: Large valid fork found\n forking the chain at height %d (%s)\n lasting to height %d (%s).\nChain state database corruption likely.\n", __func__,
1655 }
1656 else
1657 {
1658 LogPrintf("%s: Warning: Found invalid chain at least ~6 blocks longer than our best chain.\nChain state database corruption likely.\n", __func__);
1660 }
1661 }
1662 else
1663 {
1666 }
1667 }
1670 {
1672 // If we are on a fork that is sufficiently large, set a warning flag
1676 {
1682 }
1684 // We define a condition where we should warn the user about as a fork of at least 7 blocks
1685 // with a tip within 72 blocks (+/- 12 hours if no one mines it) of ours
1686 // We use 7 blocks rather arbitrarily as it represents just under 10% of sustained network
1687 // hash rate operating on the fork.
1688 // or a chain that is entirely longer than ours and invalid (note that this should be detected by both)
1689 // We define it this way because it allows us to only store the highest fork tip (+ base) which meets
1690 // the 7-block condition and from this always have the most-likely-to-cause-warning fork
1691 if (pfork && (!pindexBestForkTip || (pindexBestForkTip && pindexNewForkTip->nHeight > pindexBestForkTip->nHeight)) &&
1694 {
1697 }
1700 }
1702 // Requires cs_main.
1704 {
1715 {
1716 LogPrintf("%s: %s (%d -> %d) BAN THRESHOLD EXCEEDED\n", __func__, state->name, state->nMisbehavior-howmuch, state->nMisbehavior);
1719 LogPrintf("%s: %s (%d -> %d)\n", __func__, state->name, state->nMisbehavior-howmuch, state->nMisbehavior);
1720 }
1723 {
1734 tip->GetBlockHash().ToString(), chainActive.Height(), log(tip->nChainWork.getdouble())/log(2.0),
1737 }
1744 assert (state.GetRejectCode() < REJECT_INTERNAL); // Blocks are never rejected with internal reject codes
1745 CBlockReject reject = {(unsigned char)state.GetRejectCode(), state.GetRejectReason().substr(0, MAX_REJECT_MESSAGE_LENGTH), pindex->GetBlockHash()};
1749 }
1750 }
1756 }
1757 }
1759 void UpdateCoins(const CTransaction& tx, CCoinsViewCache& inputs, CTxUndo &txundo, int nHeight)
1760 {
1761 // mark inputs spent
1770 // mark an outpoint spent, and construct undo information
1778 }
1779 }
1780 }
1781 // add outputs
1783 }
1786 {
1787 CTxUndo txundo;
1789 }
1793 if (!VerifyScript(scriptSig, scriptPubKey, nFlags, CachingTransactionSignatureChecker(ptxTo, nIn, cacheStore), &error)) {
1795 }
1797 }
1800 {
1804 }
1807 bool CheckTxInputs(const CTransaction& tx, CValidationState& state, const CCoinsViewCache& inputs, int nSpendHeight)
1808 {
1809 // This doesn't trigger the DoS code on purpose; if it did, it would make it easier
1810 // for an attacker to attempt to split the network.
1817 {
1822 // If prev is coinbase, check that it's matured
1828 }
1830 // Check for negative or overflow input values
1835 }
1839 strprintf("value in (%s) < value out (%s)", FormatMoney(nValueIn), FormatMoney(tx.GetValueOut())));
1841 // Tally transaction fees
1849 }
1852 bool CheckInputs(const CTransaction& tx, CValidationState &state, const CCoinsViewCache &inputs, bool fScriptChecks, unsigned int flags, bool cacheStore, std::vector<CScriptCheck> *pvChecks)
1853 {
1855 {
1862 // The first loop above does all the inexpensive checks.
1863 // Only if ALL inputs pass do we perform expensive ECDSA signature checks.
1864 // Helps prevent CPU exhaustion attacks.
1866 // Skip ECDSA signature verification when connecting blocks before the
1867 // last block chain checkpoint. Assuming the checkpoints are valid this
1868 // is safe because block merkle hashes are still computed and checked,
1869 // and any change will be caught at the next checkpoint. Of course, if
1870 // the checkpoint is for a chain that's invalid due to false scriptSigs
1871 // this optimisation would allow an invalid chain to be accepted.
1878 // Verify signature
1885 // Check whether the failure was caused by a
1886 // non-mandatory script verification check, such as
1887 // non-standard DER encodings or non-null dummy
1888 // arguments; if so, don't trigger DoS protection to
1889 // avoid splitting the network between upgraded and
1890 // non-upgraded nodes.
1894 return state.Invalid(false, REJECT_NONSTANDARD, strprintf("non-mandatory-script-verify-flag (%s)", ScriptErrorString(check.GetScriptError())));
1895 }
1896 // Failures of other flags indicate a transaction that is
1897 // invalid in new blocks, e.g. a invalid P2SH. We DoS ban
1898 // such nodes as they are not following the protocol. That
1899 // said during an upgrade careful thought should be taken
1900 // as to the correct behavior - we may want to continue
1901 // peering with non-upgraded nodes even after soft-fork
1902 // super-majority signaling has occurred.
1903 return state.DoS(100,false, REJECT_INVALID, strprintf("mandatory-script-verify-flag-failed (%s)", ScriptErrorString(check.GetScriptError())));
1904 }
1905 }
1906 }
1907 }
1910 }
1914 bool UndoWriteToDisk(const CBlockUndo& blockundo, CDiskBlockPos& pos, const uint256& hashBlock, const CMessageHeader::MessageStartChars& messageStart)
1915 {
1916 // Open history file to append
1921 // Write index header
1925 // Write undo data
1932 // calculate & write checksum
1939 }
1941 bool UndoReadFromDisk(CBlockUndo& blockundo, const CDiskBlockPos& pos, const uint256& hashBlock)
1942 {
1943 // Open history file to read
1948 // Read block
1949 uint256 hashChecksum;
1953 }
1956 }
1958 // Verify checksum
1966 }
1968 /** Abort with a message */
1970 {
1974 userMessage.empty() ? _("Error: A fatal internal error occurred, see debug.log for details") : userMessage,
1978 }
1980 bool AbortNode(CValidationState& state, const std::string& strMessage, const std::string& userMessage="")
1981 {
1984 }
1988 /**
1989 * Apply the undo operation of a CTxInUndo to the given chain state.
1990 * @param undo The undo object.
1991 * @param view The coins view to which to apply the changes.
1992 * @param out The out point that corresponds to the tx input.
1993 * @return True on success.
1994 */
1996 {
2001 // undo data contains height: this is the last output of the prevout tx being spent
2011 }
2019 }
2021 bool DisconnectBlock(const CBlock& block, CValidationState& state, const CBlockIndex* pindex, CCoinsViewCache& view, bool* pfClean)
2022 {
2030 CBlockUndo blockUndo;
2040 // undo transactions in reverse order
2045 // Check that all outputs are available and match the outputs in the block itself
2046 // exactly.
2047 {
2052 // The CCoins serialization does not serialize negative numbers.
2053 // No network rules currently depend on the version here, so an inconsistency is harmless
2054 // but it must be corrected before txout nversion ever influences a network rule.
2060 // remove outputs
2062 }
2064 // restore inputs
2074 }
2075 }
2076 }
2078 // move best block pointer to prevout block
2084 }
2087 }
2090 {
2101 }
2109 }
2110 }
2112 bool FindUndoPos(CValidationState &state, int nFile, CDiskBlockPos &pos, unsigned int nAddSize);
2119 }
2121 //
2122 // Called periodically asynchronously; alerts if it smells like
2123 // we're being fed a bad chain (blocks being generated much
2124 // too slowly or too quickly).
2125 //
2126 void PartitionCheck(bool (*initialDownloadCheck)(), CCriticalSection& cs, const CBlockIndex *const &bestHeader,
2128 {
2151 }
2153 // How likely is it to find that many by chance?
2156 LogPrint("partitioncheck", "%s: Found %d blocks in the last %d hours\n", __func__, nBlocks, SPAN_HOURS);
2159 // Aim for one false-positive about every fifty years of normal running:
2164 {
2165 // Many fewer blocks than expected: alert!
2166 strWarning = strprintf(_("WARNING: check your network connection, %d blocks received in the last %d hours (%d expected)"),
2168 }
2170 {
2171 // Many more blocks than expected: alert!
2172 strWarning = strprintf(_("WARNING: abnormally high number of blocks generated, %d blocks received in the last %d hours (%d expected)"),
2174 }
2176 {
2180 }
2181 }
2183 // Protected by cs_main
2184 VersionBitsCache versionbitscache;
2187 {
2192 ThresholdState state = VersionBitsState(pindexPrev, params, (Consensus::DeploymentPos)i, versionbitscache);
2195 }
2196 }
2199 }
2201 /**
2202 * Threshold condition checker that triggers when unknown versionbits are seen on the network.
2203 */
2205 {
2213 int64_t EndTime(const Consensus::Params& params) const { return std::numeric_limits<int64_t>::max(); }
2215 int Threshold(const Consensus::Params& params) const { return params.nRuleChangeActivationThreshold; }
2218 {
2222 }
2223 };
2225 // Protected by cs_main
2238 {
2243 // Check it again in case a previous version let a bad block in
2244 if (!CheckBlock(block, state, chainparams.GetConsensus(), GetAdjustedTime(), !fJustCheck, !fJustCheck))
2247 // verify that the view's current state corresponds to the previous block
2251 // Special case for the genesis block, skipping connection of its transactions
2252 // (its coinbase is unspendable)
2257 }
2263 // This block is an ancestor of a checkpoint: disable script checks
2265 }
2266 }
2269 LogPrint("bench", " - Sanity checks: %.2fms [%.2fs]\n", 0.001 * (nTime1 - nTimeStart), nTimeCheck * 0.000001);
2271 // Do not allow blocks that contain transactions which 'overwrite' older transactions,
2272 // unless those are already completely spent.
2273 // If such overwrites are allowed, coinbases and transactions depending upon those
2274 // can be duplicated to remove the ability to spend the first instance -- even after
2275 // being sent to another address.
2276 // See BIP30 and http://r6.ca/blog/20120206T005236Z.html for more information.
2277 // This logic is not necessary for memory pool transactions, as AcceptToMemoryPool
2278 // already refuses previously-known transaction ids entirely.
2279 // This rule was originally applied to all blocks with a timestamp after March 15, 2012, 0:00 UTC.
2280 // Now that the whole chain is irreversibly beyond that time it is applied to all blocks except the
2281 // two in the chain that violate it. This prevents exploiting the issue against nodes during their
2282 // initial block download.
2283 bool fEnforceBIP30 = (!pindex->phashBlock) || // Enforce on CreateNewBlock invocations which don't have a hash.
2284 !((pindex->nHeight==91842 && pindex->GetBlockHash() == uint256S("0x00000000000a4d0a398161ffc163c503763b1f4360639393e0e4c8e300e0caec")) ||
2285 (pindex->nHeight==91880 && pindex->GetBlockHash() == uint256S("0x00000000000743f190a18c5577a3c2d2a1f610ae9601ac046a38084ccb7cd721")));
2287 // Once BIP34 activated it was not possible to create new duplicate coinbases and thus other than starting
2288 // with the 2 existing duplicate coinbase pairs, not possible to create overwriting txs. But by the
2289 // time BIP34 activated, in each of the existing pairs the duplicate coinbase had overwritten the first
2290 // before the first had been spent. Since those coinbases are sufficiently buried its no longer possible to create further
2291 // duplicate transactions descending from the known pairs either.
2292 // If we're on the known chain at height greater than where BIP34 activated, we can save the db accesses needed for the BIP30 check.
2293 CBlockIndex *pindexBIP34height = pindex->pprev->GetAncestor(chainparams.GetConsensus().BIP34Height);
2294 //Only continue to enforce if we're below BIP34 activation height or the block hash at that height doesn't correspond.
2295 fEnforceBIP30 = fEnforceBIP30 && (!pindexBIP34height || !(pindexBIP34height->GetBlockHash() == chainparams.GetConsensus().BIP34Hash));
2303 }
2304 }
2306 // BIP16 didn't become active until Apr 1 2012
2312 // Start enforcing the DERSIG (BIP66) rules, for block.nVersion=3 blocks,
2313 // when 75% of the network has upgraded:
2314 if (block.nVersion >= 3 && IsSuperMajority(3, pindex->pprev, chainparams.GetConsensus().nMajorityEnforceBlockUpgrade, chainparams.GetConsensus())) {
2316 }
2318 // Start enforcing CHECKLOCKTIMEVERIFY, (BIP65) for block.nVersion=4
2319 // blocks, when 75% of the network has upgraded:
2320 if (block.nVersion >= 4 && IsSuperMajority(4, pindex->pprev, chainparams.GetConsensus().nMajorityEnforceBlockUpgrade, chainparams.GetConsensus())) {
2322 }
2324 // Start enforcing BIP68 (sequence locks) and BIP112 (CHECKSEQUENCEVERIFY) using versionbits logic.
2326 if (VersionBitsState(pindex->pprev, chainparams.GetConsensus(), Consensus::DEPLOYMENT_CSV, versionbitscache) == THRESHOLD_ACTIVE) {
2329 }
2332 LogPrint("bench", " - Fork checks: %.2fms [%.2fs]\n", 0.001 * (nTime2 - nTime1), nTimeForks * 0.000001);
2334 CBlockUndo blockundo;
2336 CCheckQueueControl<CScriptCheck> control(fScriptChecks && nScriptCheckThreads ? &scriptcheckqueue : NULL);
2347 {
2357 {
2362 // Check that transaction is BIP68 final
2363 // BIP68 lock checks (as opposed to nLockTime checks) must
2364 // be in ConnectBlock because they require the UTXO set
2368 }
2373 }
2376 {
2377 // Add in sigops done by pay-to-script-hash inputs;
2378 // this is to prevent a "rogue miner" from creating
2379 // an incredibly-expensive-to-validate block.
2384 }
2389 bool fCacheResults = fJustCheck; /* Don't cache results if we're actually connecting blocks (still consult the cache, though) */
2390 if (!CheckInputs(tx, state, view, fScriptChecks, flags, fCacheResults, nScriptCheckThreads ? &vChecks : NULL))
2394 }
2396 CTxUndo undoDummy;
2399 }
2404 }
2406 LogPrint("bench", " - Connect %u transactions: %.2fms (%.3fms/tx, %.3fms/txin) [%.2fs]\n", (unsigned)block.vtx.size(), 0.001 * (nTime3 - nTime2), 0.001 * (nTime3 - nTime2) / block.vtx.size(), nInputs <= 1 ? 0 : 0.001 * (nTime3 - nTime2) / (nInputs-1), nTimeConnect * 0.000001);
2418 LogPrint("bench", " - Verify %u txins: %.2fms (%.3fms/txin) [%.2fs]\n", nInputs - 1, 0.001 * (nTime4 - nTime2), nInputs <= 1 ? 0 : 0.001 * (nTime4 - nTime2) / (nInputs-1), nTimeVerify * 0.000001);
2423 // Write undo information to disk
2425 {
2427 CDiskBlockPos pos;
2428 if (!FindUndoPos(state, pindex->nFile, pos, ::GetSerializeSize(blockundo, SER_DISK, CLIENT_VERSION) + 40))
2430 if (!UndoWriteToDisk(blockundo, pos, pindex->pprev->GetBlockHash(), chainparams.MessageStart()))
2433 // update nUndoPos in block index
2436 }
2440 }
2446 // add this block to the view's block chain
2450 LogPrint("bench", " - Index writing: %.2fms [%.2fs]\n", 0.001 * (nTime5 - nTime4), nTimeIndex * 0.000001);
2452 // Watch for changes to the previous coinbase transaction.
2458 LogPrint("bench", " - Callbacks: %.2fms [%.2fs]\n", 0.001 * (nTime6 - nTime5), nTimeCallbacks * 0.000001);
2461 }
2464 FLUSH_STATE_NONE,
2465 FLUSH_STATE_IF_NEEDED,
2466 FLUSH_STATE_PERIODIC,
2467 FLUSH_STATE_ALWAYS
2468 };
2470 /**
2471 * Update the on-disk chain state.
2472 * The caches and indexes are flushed depending on the mode we're called with
2473 * if they're too large, if it's been a while since the last write,
2474 * or always and in all cases if we're in prune mode and are deleting files.
2475 */
2493 }
2494 }
2495 }
2497 // Avoid writing/flushing immediately after startup.
2500 }
2503 }
2506 }
2508 // The cache is large and close to the limit, but we have time now (not in the middle of a block processing).
2510 // The cache is over the limit, we have to write now.
2512 // It's been a while since we wrote the block index to disk. Do this frequently, so we don't need to redownload after a crash.
2513 bool fPeriodicWrite = mode == FLUSH_STATE_PERIODIC && nNow > nLastWrite + (int64_t)DATABASE_WRITE_INTERVAL * 1000000;
2514 // It's been very long since we flushed the cache. Do this infrequently, to optimize cache usage.
2515 bool fPeriodicFlush = mode == FLUSH_STATE_PERIODIC && nNow > nLastFlush + (int64_t)DATABASE_FLUSH_INTERVAL * 1000000;
2516 // Combine all conditions that result in a full cache flush.
2517 bool fDoFullFlush = (mode == FLUSH_STATE_ALWAYS) || fCacheLarge || fCacheCritical || fPeriodicFlush || fFlushForPrune;
2518 // Write blocks and block index to disk.
2520 // Depend on nMinDiskSpace to ensure we can write block index
2523 // First make sure all block and undo data is flushed to disk.
2525 // Then update all block file information (which may refer to block and undo files).
2526 {
2532 }
2535 for (set<CBlockIndex*>::iterator it = setDirtyBlockIndex.begin(); it != setDirtyBlockIndex.end(); ) {
2538 }
2541 }
2542 }
2543 // Finally remove any pruned files
2547 }
2548 // Flush best chain related state. This can only be done if the blocks / block index write was also done.
2550 // Typical CCoins structures on disk are around 128 bytes in size.
2551 // Pushing a new one to the database can cause it to be written
2552 // twice (once in the log, and once in the tables). This is already
2553 // an overestimation, as most will delete an existing entry or
2554 // overwrite one. Still, use a conservative safety factor of 2.
2557 // Flush the chainstate (which may refer to block index entries).
2561 }
2562 if (fDoFullFlush || ((mode == FLUSH_STATE_ALWAYS || mode == FLUSH_STATE_PERIODIC) && nNow > nLastSetChain + (int64_t)DATABASE_WRITE_INTERVAL * 1000000)) {
2563 // Update best block in wallet (so we can detect restored wallets).
2566 }
2569 }
2571 }
2574 CValidationState state;
2576 }
2579 CValidationState state;
2582 }
2584 /** Update chainActive and related internal data structures. */
2588 // New best block
2597 {
2602 ThresholdState state = checker.GetStateFor(pindex, chainParams.GetConsensus(), warningcache[bit]);
2609 }
2611 warningMessages.push_back(strprintf("unknown new rules are about to activate (versionbit %i)", bit));
2612 }
2613 }
2614 }
2615 // Check the version of the last 100 blocks to see if we need to upgrade:
2617 {
2619 if (pindex->nVersion > VERSIONBITS_LAST_OLD_BLOCK_VERSION && (pindex->nVersion & ~nExpectedVersion) != 0)
2622 }
2624 warningMessages.push_back(strprintf("%d of last 100 blocks have unexpected version", nUpgraded));
2626 {
2627 // strMiscWarning is read by GetWarnings(), called by Qt and the JSON-RPC code to warn the user:
2628 strMiscWarning = _("Warning: Unknown block versions being mined! It's possible unknown rules are in effect");
2632 }
2633 }
2634 }
2635 LogPrintf("%s: new best=%s height=%d version=0x%08x log2_work=%.8g tx=%lu date='%s' progress=%f cache=%.1fMiB(%utx)", __func__,
2636 chainActive.Tip()->GetBlockHash().ToString(), chainActive.Height(), chainActive.Tip()->nVersion,
2637 log(chainActive.Tip()->nChainWork.getdouble())/log(2.0), (unsigned long)chainActive.Tip()->nChainTx,
2639 Checkpoints::GuessVerificationProgress(chainParams.Checkpoints(), chainActive.Tip()), pcoinsTip->DynamicMemoryUsage() * (1.0 / (1<<20)), pcoinsTip->GetCacheSize());
2644 }
2646 /** Disconnect chainActive's tip. You probably want to call mempool.removeForReorg and manually re-limit mempool size after this, with cs_main held. */
2648 {
2651 // Read block from disk.
2652 CBlock block;
2655 // Apply the block atomically to the chain state.
2657 {
2660 return error("DisconnectTip(): DisconnectBlock %s failed", pindexDelete->GetBlockHash().ToString());
2662 }
2664 // Write the chain state to disk, if necessary.
2667 // Resurrect mempool transactions from the disconnected block.
2670 // ignore validation errors in resurrected transactions
2672 CValidationState stateDummy;
2677 }
2678 }
2679 // AcceptToMemoryPool/addUnchecked all assume that new mempool entries have
2680 // no in-mempool children, which is generally not true when adding
2681 // previously-confirmed transactions back to the mempool.
2682 // UpdateTransactionsFromBlock finds descendants of any transactions in this
2683 // block that were added back and cleans up the mempool state.
2685 // Update chainActive and related variables.
2687 // Let wallets know transactions went from 1-confirmed to
2688 // 0-confirmed or conflicted:
2691 }
2693 }
2701 /**
2702 * Connect a new block to chainActive. pblock is either NULL or a pointer to a CBlock
2703 * corresponding to pindexNew, to bypass loading it again from disk.
2704 */
2705 bool static ConnectTip(CValidationState& state, const CChainParams& chainparams, CBlockIndex* pindexNew, const CBlock* pblock)
2706 {
2708 // Read block from disk.
2710 CBlock block;
2715 }
2716 // Apply the block atomically to the chain state.
2719 LogPrint("bench", " - Load block from disk: %.2fms [%.2fs]\n", (nTime2 - nTime1) * 0.001, nTimeReadFromDisk * 0.000001);
2720 {
2728 }
2731 LogPrint("bench", " - Connect total: %.2fms [%.2fs]\n", (nTime3 - nTime2) * 0.001, nTimeConnectTotal * 0.000001);
2733 }
2735 LogPrint("bench", " - Flush: %.2fms [%.2fs]\n", (nTime4 - nTime3) * 0.001, nTimeFlush * 0.000001);
2736 // Write the chain state to disk, if necessary.
2740 LogPrint("bench", " - Writing chainstate: %.2fms [%.2fs]\n", (nTime5 - nTime4) * 0.001, nTimeChainState * 0.000001);
2741 // Remove conflicting transactions from the mempool.
2743 mempool.removeForBlock(pblock->vtx, pindexNew->nHeight, txConflicted, !IsInitialBlockDownload());
2744 // Update chainActive & related variables.
2746 // Tell wallet about transactions that went from mempool
2747 // to conflicted:
2750 }
2751 // ... and about transactions that got confirmed:
2754 }
2756 int64_t nTime6 = GetTimeMicros(); nTimePostConnect += nTime6 - nTime5; nTimeTotal += nTime6 - nTime1;
2757 LogPrint("bench", " - Connect postprocess: %.2fms [%.2fs]\n", (nTime6 - nTime5) * 0.001, nTimePostConnect * 0.000001);
2758 LogPrint("bench", "- Connect block: %.2fms [%.2fs]\n", (nTime6 - nTime1) * 0.001, nTimeTotal * 0.000001);
2760 }
2762 /**
2763 * Return the tip of the chain with the most work in it, that isn't
2764 * known to be invalid (it's however far from certain to be valid).
2765 */
2770 // Find the best candidate header.
2771 {
2772 std::set<CBlockIndex*, CBlockIndexWorkComparator>::reverse_iterator it = setBlockIndexCandidates.rbegin();
2776 }
2778 // Check whether all blocks on the path between the currently active chain and the candidate are valid.
2779 // Just going until the active chain is an optimization, as we know all blocks in it are valid already.
2785 // Pruned nodes may have entries in setBlockIndexCandidates for
2786 // which block files have been deleted. Remove those as candidates
2787 // for the most work chain if we come across them; we can't switch
2788 // to a chain unless we have all the non-active-chain parent blocks.
2792 // Candidate chain is not usable (either invalid or missing data)
2793 if (fFailedChain && (pindexBestInvalid == NULL || pindexNew->nChainWork > pindexBestInvalid->nChainWork))
2796 // Remove the entire chain from the set.
2801 // If we're missing data, then add back to mapBlocksUnlinked,
2802 // so that if the block arrives in the future we can try adding
2803 // to setBlockIndexCandidates again.
2805 }
2808 }
2812 }
2814 }
2818 }
2820 /** Delete all entries in setBlockIndexCandidates that are worse than the current tip. */
2822 // Note that we can't delete the current block itself, as we may need to return to it later in case a
2823 // reorganization to a better block fails.
2824 std::set<CBlockIndex*, CBlockIndexWorkComparator>::iterator it = setBlockIndexCandidates.begin();
2825 while (it != setBlockIndexCandidates.end() && setBlockIndexCandidates.value_comp()(*it, chainActive.Tip())) {
2827 }
2828 // Either the current tip or a successor of it we're working towards is left in setBlockIndexCandidates.
2830 }
2832 /**
2833 * Try to make some progress towards making pindexMostWork the active block.
2834 * pblock is either NULL or a pointer to a CBlock corresponding to pindexMostWork.
2835 */
2836 static bool ActivateBestChainStep(CValidationState& state, const CChainParams& chainparams, CBlockIndex* pindexMostWork, const CBlock* pblock, bool& fInvalidFound)
2837 {
2842 // Disconnect active blocks which are no longer in the best chain.
2848 }
2850 // Build list of new blocks to connect.
2855 // Don't iterate the entire list of potential improvements toward the best tip, as we likely only need
2856 // a few blocks along the way.
2864 }
2867 // Connect new blocks.
2869 if (!ConnectTip(state, chainparams, pindexConnect, pindexConnect == pindexMostWork ? pblock : NULL)) {
2871 // The block violates a consensus rule.
2879 // A system error occurred (disk space, database error, ...).
2881 }
2885 // We're in a better position than we were. Return temporarily to release the lock.
2888 }
2889 }
2890 }
2891 }
2894 mempool.removeForReorg(pcoinsTip, chainActive.Tip()->nHeight + 1, STANDARD_LOCKTIME_VERIFY_FLAGS);
2895 LimitMempoolSize(mempool, GetArg("-maxmempool", DEFAULT_MAX_MEMPOOL_SIZE) * 1000000, GetArg("-mempoolexpiry", DEFAULT_MEMPOOL_EXPIRY) * 60 * 60);
2896 }
2899 // Callbacks/notifications for a new best chain.
2902 else
2906 }
2913 {
2917 }
2922 }
2923 }
2924 // Send block tip changed notifications without cs_main
2927 }
2928 }
2930 /**
2931 * Make the best chain active, in multiple steps. The result is either failure
2932 * or an activated best chain. pblock is either NULL or a pointer to a block
2933 * that is already loaded (to avoid loading it again from disk).
2934 */
2935 bool ActivateBestChain(CValidationState &state, const CChainParams& chainparams, const CBlock *pblock) {
2946 {
2951 }
2953 // Whether we have anything to do at all.
2958 if (!ActivateBestChainStep(state, chainparams, pindexMostWork, pblock && pblock->GetHash() == pindexMostWork->GetBlockHash() ? pblock : NULL, fInvalidFound))
2962 // Wipe cache, we may need another branch now.
2964 }
2969 }
2970 // When we reach this point, we switched to a new tip (stored in pindexNewTip).
2972 // Notifications/callbacks that can run without cs_main
2973 // Always notify the UI if a new block tip was connected
2978 // Find the hashes of all blocks that weren't previously in the best chain.
2985 // Limit announcements in case of a huge reorganization.
2986 // Rely on the peer's synchronization mechanism in that case.
2988 }
2989 }
2990 // Relay inventory, but don't relay old inventory during initial block download.
2994 {
2997 if (nNewHeight > (pnode->nStartingHeight != -1 ? pnode->nStartingHeight - 2000 : nBlockEstimate)) {
3000 }
3001 }
3002 }
3003 }
3004 // Notify external listeners about the new tip.
3007 }
3008 }
3009 }
3013 // Write changes periodically to disk, after relay.
3016 }
3019 }
3021 bool InvalidateBlock(CValidationState& state, const CChainParams& chainparams, CBlockIndex *pindex)
3022 {
3025 // Mark the block itself as invalid.
3035 // ActivateBestChain considers blocks already in chainActive
3036 // unconditionally valid already, so force disconnect away from it.
3038 mempool.removeForReorg(pcoinsTip, chainActive.Tip()->nHeight + 1, STANDARD_LOCKTIME_VERIFY_FLAGS);
3040 }
3041 }
3043 LimitMempoolSize(mempool, GetArg("-maxmempool", DEFAULT_MAX_MEMPOOL_SIZE) * 1000000, GetArg("-mempoolexpiry", DEFAULT_MEMPOOL_EXPIRY) * 60 * 60);
3045 // The resulting new best tip may not be in setBlockIndexCandidates anymore, so
3046 // add it again.
3049 if (it->second->IsValid(BLOCK_VALID_TRANSACTIONS) && it->second->nChainTx && !setBlockIndexCandidates.value_comp()(it->second, chainActive.Tip())) {
3051 }
3052 it++;
3053 }
3056 mempool.removeForReorg(pcoinsTip, chainActive.Tip()->nHeight + 1, STANDARD_LOCKTIME_VERIFY_FLAGS);
3058 }
3065 // Remove the invalidity flag from this block and all its descendants.
3071 if (it->second->IsValid(BLOCK_VALID_TRANSACTIONS) && it->second->nChainTx && setBlockIndexCandidates.value_comp()(chainActive.Tip(), it->second)) {
3073 }
3075 // Reset invalid block marker if it was pointing to one of those.
3077 }
3078 }
3079 it++;
3080 }
3082 // Remove the invalidity flag from all ancestors too.
3087 }
3089 }
3091 }
3094 {
3095 // Check for duplicate
3101 // Construct new block index object
3104 // We assign the sequence id to blocks only when the full data is available,
3105 // to avoid miners withholding blocks but broadcasting headers, to get a
3106 // competitive advantage.
3112 {
3116 }
3117 pindexNew->nChainWork = (pindexNew->pprev ? pindexNew->pprev->nChainWork : 0) + GetBlockProof(*pindexNew);
3125 }
3127 /** Mark a block as having its data received and checked (up to BLOCK_VALID_TRANSACTIONS). */
3128 bool ReceivedBlockTransactions(const CBlock &block, CValidationState& state, CBlockIndex *pindexNew, const CDiskBlockPos& pos)
3129 {
3140 // If pindexNew is the genesis block or all parents are BLOCK_VALID_TRANSACTIONS.
3144 // Recursively process any descendant blocks that now may be eligible to be connected.
3149 {
3152 }
3153 if (chainActive.Tip() == NULL || !setBlockIndexCandidates.value_comp()(pindex, chainActive.Tip())) {
3155 }
3156 std::pair<std::multimap<CBlockIndex*, CBlockIndex*>::iterator, std::multimap<CBlockIndex*, CBlockIndex*>::iterator> range = mapBlocksUnlinked.equal_range(pindex);
3162 }
3163 }
3167 }
3168 }
3171 }
3173 bool FindBlockPos(CValidationState &state, CDiskBlockPos &pos, unsigned int nAddSize, unsigned int nHeight, uint64_t nTime, bool fKnown = false)
3174 {
3180 }
3184 nFile++;
3187 }
3188 }
3191 }
3195 LogPrintf("Leaving block file %i: %s\n", nLastBlockFile, vinfoBlockFile[nLastBlockFile].ToString());
3196 }
3199 }
3204 else
3209 unsigned int nNewChunks = (vinfoBlockFile[nFile].nSize + BLOCKFILE_CHUNK_SIZE - 1) / BLOCKFILE_CHUNK_SIZE;
3216 LogPrintf("Pre-allocating up to position 0x%x in blk%05u.dat\n", nNewChunks * BLOCKFILE_CHUNK_SIZE, pos.nFile);
3219 }
3220 }
3221 else
3223 }
3224 }
3228 }
3230 bool FindUndoPos(CValidationState &state, int nFile, CDiskBlockPos &pos, unsigned int nAddSize)
3231 {
3249 LogPrintf("Pre-allocating up to position 0x%x in rev%05u.dat\n", nNewChunks * UNDOFILE_CHUNK_SIZE, pos.nFile);
3252 }
3253 }
3254 else
3256 }
3259 }
3261 bool CheckBlockHeader(const CBlockHeader& block, CValidationState& state, const Consensus::Params& consensusParams, int64_t nAdjustedTime, bool fCheckPOW)
3262 {
3263 // Check proof of work matches claimed amount
3267 // Check timestamp
3269 return state.Invalid(false, REJECT_INVALID, "time-too-new", "block timestamp too far in the future");
3272 }
3274 bool CheckBlock(const CBlock& block, CValidationState& state, const Consensus::Params& consensusParams, int64_t nAdjustedTime, bool fCheckPOW, bool fCheckMerkleRoot)
3275 {
3276 // These are checks that are independent of context.
3281 // Check that the header is valid (particularly PoW). This is mostly
3282 // redundant with the call in AcceptBlockHeader.
3286 // Check the merkle root.
3291 return state.DoS(100, false, REJECT_INVALID, "bad-txnmrklroot", true, "hashMerkleRoot mismatch");
3293 // Check for merkle tree malleability (CVE-2012-2459): repeating sequences
3294 // of transactions in a block without affecting the merkle root of a block,
3295 // while still invalidating it.
3297 return state.DoS(100, false, REJECT_INVALID, "bad-txns-duplicate", true, "duplicate transaction");
3298 }
3300 // All potential-corruption validation must be done before we do any
3301 // transaction validation, as otherwise we may mark the header as invalid
3302 // because we receive the wrong transactions for it.
3304 // Size limits
3305 if (block.vtx.empty() || block.vtx.size() > MAX_BLOCK_SIZE || ::GetSerializeSize(block, SER_NETWORK, PROTOCOL_VERSION) > MAX_BLOCK_SIZE)
3308 // First transaction must be coinbase, the rest must not be
3310 return state.DoS(100, false, REJECT_INVALID, "bad-cb-missing", false, "first tx is not coinbase");
3313 return state.DoS(100, false, REJECT_INVALID, "bad-cb-multiple", false, "more than one coinbase");
3315 // Check transactions
3319 strprintf("Transaction check failed (tx hash %s) %s", tx.GetHash().ToString(), state.GetDebugMessage()));
3323 {
3325 }
3327 return state.DoS(100, false, REJECT_INVALID, "bad-blk-sigops", false, "out-of-bounds SigOpCount");
3333 }
3335 static bool CheckIndexAgainstCheckpoint(const CBlockIndex* pindexPrev, CValidationState& state, const CChainParams& chainparams, const uint256& hash)
3336 {
3341 // Don't accept any forks from the main chain prior to last checkpoint
3344 return state.DoS(100, error("%s: forked chain older than last checkpoint (height %d)", __func__, nHeight));
3347 }
3349 bool ContextualCheckBlockHeader(const CBlockHeader& block, CValidationState& state, const Consensus::Params& consensusParams, CBlockIndex * const pindexPrev)
3350 {
3351 // Check proof of work
3353 return state.DoS(100, false, REJECT_INVALID, "bad-diffbits", false, "incorrect proof of work");
3355 // Check timestamp against prev
3359 // Reject outdated version blocks when 95% (75% on testnet) of the network has upgraded:
3361 if (block.nVersion < version && IsSuperMajority(version, pindexPrev, consensusParams.nMajorityRejectBlockOutdated, consensusParams))
3366 }
3368 bool ContextualCheckBlock(const CBlock& block, CValidationState& state, CBlockIndex * const pindexPrev)
3369 {
3373 // Start enforcing BIP113 (Median Time Past) using versionbits logic.
3375 if (VersionBitsState(pindexPrev, consensusParams, Consensus::DEPLOYMENT_CSV, versionbitscache) == THRESHOLD_ACTIVE) {
3377 }
3383 // Check that all transactions are finalized
3386 return state.DoS(10, false, REJECT_INVALID, "bad-txns-nonfinal", false, "non-final transaction");
3387 }
3388 }
3390 // Enforce block.nVersion=2 rule that the coinbase starts with serialized block height
3391 // if 750 of the last 1,000 blocks are version 2 or greater (51/100 if testnet):
3392 if (block.nVersion >= 2 && IsSuperMajority(2, pindexPrev, consensusParams.nMajorityEnforceBlockUpgrade, consensusParams))
3393 {
3397 return state.DoS(100, false, REJECT_INVALID, "bad-cb-height", false, "block height mismatch in coinbase");
3398 }
3399 }
3402 }
3404 static bool AcceptBlockHeader(const CBlockHeader& block, CValidationState& state, const CChainParams& chainparams, CBlockIndex** ppindex=NULL)
3405 {
3407 // Check for duplicate
3414 // Block header is already known.
3419 return state.Invalid(error("%s: block %s is marked invalid", __func__, hash.ToString()), 0, "duplicate");
3421 }
3424 return error("%s: Consensus::CheckBlockHeader: %s, %s", __func__, hash.ToString(), FormatStateMessage(state));
3426 // Get prev block index
3433 return state.DoS(100, error("%s: prev block invalid", __func__), REJECT_INVALID, "bad-prevblk");
3437 return error("%s: CheckIndexAgainstCheckpoint(): %s", __func__, state.GetRejectReason().c_str());
3440 return error("%s: Consensus::ContextualCheckBlockHeader: %s, %s", __func__, hash.ToString(), FormatStateMessage(state));
3441 }
3449 }
3451 /** Store block on disk. If dbp is non-NULL, the file is known to already reside on disk */
3452 static bool AcceptBlock(const CBlock& block, CValidationState& state, const CChainParams& chainparams, CBlockIndex** ppindex, bool fRequested, const CDiskBlockPos* dbp)
3453 {
3462 // Try to process all requested blocks that we don't have, but only
3463 // process an unrequested block if it's new and has enough work to
3464 // advance our tip, and isn't too many blocks ahead.
3466 bool fHasMoreWork = (chainActive.Tip() ? pindex->nChainWork > chainActive.Tip()->nChainWork : true);
3467 // Blocks that are too out-of-order needlessly limit the effectiveness of
3468 // pruning, because pruning will not delete block files that contain any
3469 // blocks which are too close in height to the tip. Apply this test
3470 // regardless of whether pruning is enabled; it should generally be safe to
3471 // not process unrequested blocks.
3474 // TODO: deal better with return value and error conditions for duplicate
3475 // and unrequested blocks.
3481 }
3483 if ((!CheckBlock(block, state, chainparams.GetConsensus(), GetAdjustedTime())) || !ContextualCheckBlock(block, state, pindex->pprev)) {
3487 }
3489 }
3493 // Write block to history file
3496 CDiskBlockPos blockPos;
3508 }
3511 FlushStateToDisk(state, FLUSH_STATE_NONE); // we just allocated more disk space for block files
3514 }
3516 static bool IsSuperMajority(int minVersion, const CBlockIndex* pstart, unsigned nRequired, const Consensus::Params& consensusParams)
3517 {
3519 for (int i = 0; i < consensusParams.nMajorityWindow && nFound < nRequired && pstart != NULL; i++)
3520 {
3524 }
3526 }
3529 bool ProcessNewBlock(CValidationState& state, const CChainParams& chainparams, const CNode* pfrom, const CBlock* pblock, bool fForceProcessing, const CDiskBlockPos* dbp)
3530 {
3531 {
3536 // Store to disk
3541 }
3545 }
3553 }
3555 bool TestBlockValidity(CValidationState& state, const CChainParams& chainparams, const CBlock& block, CBlockIndex* pindexPrev, bool fCheckPOW, bool fCheckMerkleRoot)
3556 {
3559 if (fCheckpointsEnabled && !CheckIndexAgainstCheckpoint(pindexPrev, state, chainparams, block.GetHash()))
3560 return error("%s: CheckIndexAgainstCheckpoint(): %s", __func__, state.GetRejectReason().c_str());
3567 // NOTE: CheckBlockHeader is called by CheckBlock
3569 return error("%s: Consensus::ContextualCheckBlockHeader: %s", __func__, FormatStateMessage(state));
3570 if (!CheckBlock(block, state, chainparams.GetConsensus(), GetAdjustedTime(), fCheckPOW, fCheckMerkleRoot))
3579 }
3581 /**
3582 * BLOCK PRUNING CODE
3583 */
3585 /* Calculate the amount of disk space the block & undo files currently use */
3587 {
3591 }
3593 }
3595 /* Prune a block file (modify associated database entries)*/
3597 {
3608 // Prune from mapBlocksUnlinked -- any block we prune would have
3609 // to be downloaded again in order to consider its chain, at which
3610 // point it would be considered as a candidate for
3611 // mapBlocksUnlinked or setBlockIndexCandidates.
3612 std::pair<std::multimap<CBlockIndex*, CBlockIndex*>::iterator, std::multimap<CBlockIndex*, CBlockIndex*>::iterator> range = mapBlocksUnlinked.equal_range(pindex->pprev);
3618 }
3619 }
3620 }
3621 }
3625 }
3629 {
3635 }
3636 }
3638 /* Calculate the block/rev files that should be deleted to remain under target*/
3640 {
3644 }
3647 }
3651 // We don't check to prune until after we've allocated new space for files
3652 // So we should leave a buffer under our target to account for another allocation
3653 // before the next pruning.
3668 // don't prune files that could have a block within MIN_BLOCKS_TO_KEEP of the main chain's tip but keep scanning
3673 // Queue up the files for removal
3676 count++;
3677 }
3678 }
3680 LogPrint("prune", "Prune: target=%dMiB actual=%dMiB diff=%dMiB max_prune_height=%d removed %d blk/rev pairs\n",
3684 }
3687 {
3690 // Check for nMinDiskSpace bytes (currently 50MB)
3695 }
3698 {
3709 }
3715 }
3716 }
3718 }
3722 }
3726 }
3729 {
3731 }
3734 {
3738 // Return existing
3743 // Create new
3751 }
3754 {
3761 // Calculate nChainWork
3765 {
3768 }
3771 {
3774 // We can link the chain of blocks for which we've received transactions at some point.
3775 // Pruned nodes may have deleted the block.
3783 }
3786 }
3787 }
3790 if (pindex->nStatus & BLOCK_FAILED_MASK && (!pindexBestInvalid || pindex->nChainWork > pindexBestInvalid->nChainWork))
3794 if (pindex->IsValid(BLOCK_VALID_TREE) && (pindexBestHeader == NULL || CBlockIndexWorkComparator()(pindexBestHeader, pindex)))
3796 }
3798 // Load block file info
3804 }
3805 LogPrintf("%s: last block file info: %s\n", __func__, vinfoBlockFile[nLastBlockFile].ToString());
3807 CBlockFileInfo info;
3812 }
3813 }
3815 // Check presence of blk files
3819 {
3823 }
3824 }
3826 {
3830 }
3831 }
3833 // Check whether we have ever pruned block & undo files
3838 // Check whether we need to continue reindexing
3843 // Check whether we have a transaction index
3847 // Load pointer to end of best chain
3861 }
3864 {
3866 }
3869 {
3871 }
3873 bool CVerifyDB::VerifyDB(const CChainParams& chainparams, CCoinsView *coinsview, int nCheckLevel, int nCheckDepth)
3874 {
3879 // Verify blocks in the best chain
3890 CValidationState state;
3894 {
3896 int percentageDone = std::max(1, std::min(99, (int)(((double)(chainActive.Height() - pindex->nHeight)) / (double)nCheckDepth * (nCheckLevel >= 4 ? 50 : 100))));
3898 // report every 10% step
3901 }
3906 // If pruning, only go back as far as we have data.
3907 LogPrintf("VerifyDB(): block verification stopping at height %d (pruning, no data)\n", pindex->nHeight);
3909 }
3910 CBlock block;
3911 // check level 0: read from disk
3913 return error("VerifyDB(): *** ReadBlockFromDisk failed at %d, hash=%s", pindex->nHeight, pindex->GetBlockHash().ToString());
3914 // check level 1: verify block validity
3915 if (nCheckLevel >= 1 && !CheckBlock(block, state, chainparams.GetConsensus(), GetAdjustedTime()))
3918 // check level 2: verify undo validity
3920 CBlockUndo undo;
3924 return error("VerifyDB(): *** found bad undo data at %d, hash=%s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
3925 }
3926 }
3927 // check level 3: check for inconsistencies during memory-only disconnect of tip blocks
3928 if (nCheckLevel >= 3 && pindex == pindexState && (coins.DynamicMemoryUsage() + pcoinsTip->DynamicMemoryUsage()) <= nCoinCacheUsage) {
3931 return error("VerifyDB(): *** irrecoverable inconsistency in block data at %d, hash=%s", pindex->nHeight, pindex->GetBlockHash().ToString());
3938 }
3941 }
3943 return error("VerifyDB(): *** coin database inconsistencies found (last %i blocks, %i good transactions before that)\n", chainActive.Height() - pindexFailure->nHeight + 1, nGoodTransactions);
3945 // check level 4: try reconnecting blocks
3950 uiInterface.ShowProgress(_("Verifying blocks..."), std::max(1, std::min(99, 100 - (int)(((double)(chainActive.Height() - pindex->nHeight)) / (double)nCheckDepth * 50))));
3952 CBlock block;
3954 return error("VerifyDB(): *** ReadBlockFromDisk failed at %d, hash=%s", pindex->nHeight, pindex->GetBlockHash().ToString());
3956 return error("VerifyDB(): *** found unconnectable block at %d, hash=%s", pindex->nHeight, pindex->GetBlockHash().ToString());
3957 }
3958 }
3961 LogPrintf("No coin database inconsistencies in last %i blocks (%i transactions)\n", chainActive.Height() - pindexState->nHeight, nGoodTransactions);
3964 }
3967 {
3991 }
3995 }
3998 }
4001 {
4002 // Load block index from databases
4006 }
4009 {
4012 // Initialize global variables that cannot be constructed at startup.
4015 // Check whether we're already initialized
4019 // Use the provided setting for -txindex in the new database
4024 // Only add the genesis block if not reindexing (in which case we reuse the one already on disk)
4028 // Start new block file
4030 CDiskBlockPos blockPos;
4031 CValidationState state;
4041 // Force a chainstate write so that when we VerifyDB in a moment, it doesn't check stale data
4045 }
4046 }
4049 }
4052 {
4053 // Map of disk positions for blocks with unknown parent (only used for reindex)
4059 // This takes over fileIn and calls fclose() on it in the CBufferedFile destructor
4070 // locate a header
4077 // read size
4082 // no valid block header found; don't complain
4084 }
4086 // read block
4092 CBlock block;
4096 // detect out of order blocks, and store them for later
4098 if (hash != chainparams.GetConsensus().hashGenesisBlock && mapBlockIndex.find(block.hashPrevBlock) == mapBlockIndex.end()) {
4099 LogPrint("reindex", "%s: Out of order block %s, parent %s not known\n", __func__, hash.ToString(),
4104 }
4106 // process in case the block isn't known yet
4109 CValidationState state;
4111 nLoaded++;
4114 } else if (hash != chainparams.GetConsensus().hashGenesisBlock && mapBlockIndex[hash]->nHeight % 1000 == 0) {
4115 LogPrint("reindex", "Block Import: already had block %s at height %d\n", hash.ToString(), mapBlockIndex[hash]->nHeight);
4116 }
4118 // Activate the genesis block so normal node progress can continue
4120 CValidationState state;
4123 }
4124 }
4128 // Recursively process earlier encountered successors of this block
4134 std::pair<std::multimap<uint256, CDiskBlockPos>::iterator, std::multimap<uint256, CDiskBlockPos>::iterator> range = mapBlocksUnknownParent.equal_range(head);
4138 {
4139 LogPrint("reindex", "%s: Processing out of order child %s of %s\n", __func__, block.GetHash().ToString(),
4142 CValidationState dummy;
4144 {
4145 nLoaded++;
4147 }
4148 }
4152 }
4153 }
4156 }
4157 }
4160 }
4164 }
4167 {
4170 }
4174 // During a reindex, we read the genesis block and call CheckBlockIndex before ActivateBestChain,
4175 // so we have the genesis block in mapBlockIndex but no active chain. (A few of the tests when
4176 // iterating the block tree require that chainActive has been initialized.)
4180 }
4182 // Build forward-pointing map of the entire block tree.
4186 }
4190 std::pair<std::multimap<CBlockIndex*,CBlockIndex*>::iterator,std::multimap<CBlockIndex*,CBlockIndex*>::iterator> rangeGenesis = forward.equal_range(NULL);
4193 assert(rangeGenesis.first == rangeGenesis.second); // There is only one index entry with parent NULL.
4195 // Iterate over the entire block tree, using depth-first search.
4196 // Along the way, remember whether there are blocks on the path from genesis
4197 // block being explored which are the first to have certain properties.
4201 CBlockIndex* pindexFirstMissing = NULL; // Oldest ancestor of pindex which does not have BLOCK_HAVE_DATA.
4202 CBlockIndex* pindexFirstNeverProcessed = NULL; // Oldest ancestor of pindex for which nTx == 0.
4203 CBlockIndex* pindexFirstNotTreeValid = NULL; // Oldest ancestor of pindex which does not have BLOCK_VALID_TREE (regardless of being valid or not).
4204 CBlockIndex* pindexFirstNotTransactionsValid = NULL; // Oldest ancestor of pindex which does not have BLOCK_VALID_TRANSACTIONS (regardless of being valid or not).
4205 CBlockIndex* pindexFirstNotChainValid = NULL; // Oldest ancestor of pindex which does not have BLOCK_VALID_CHAIN (regardless of being valid or not).
4206 CBlockIndex* pindexFirstNotScriptsValid = NULL; // Oldest ancestor of pindex which does not have BLOCK_VALID_SCRIPTS (regardless of being valid or not).
4208 nNodes++;
4209 if (pindexFirstInvalid == NULL && pindex->nStatus & BLOCK_FAILED_VALID) pindexFirstInvalid = pindex;
4210 if (pindexFirstMissing == NULL && !(pindex->nStatus & BLOCK_HAVE_DATA)) pindexFirstMissing = pindex;
4212 if (pindex->pprev != NULL && pindexFirstNotTreeValid == NULL && (pindex->nStatus & BLOCK_VALID_MASK) < BLOCK_VALID_TREE) pindexFirstNotTreeValid = pindex;
4213 if (pindex->pprev != NULL && pindexFirstNotTransactionsValid == NULL && (pindex->nStatus & BLOCK_VALID_MASK) < BLOCK_VALID_TRANSACTIONS) pindexFirstNotTransactionsValid = pindex;
4214 if (pindex->pprev != NULL && pindexFirstNotChainValid == NULL && (pindex->nStatus & BLOCK_VALID_MASK) < BLOCK_VALID_CHAIN) pindexFirstNotChainValid = pindex;
4215 if (pindex->pprev != NULL && pindexFirstNotScriptsValid == NULL && (pindex->nStatus & BLOCK_VALID_MASK) < BLOCK_VALID_SCRIPTS) pindexFirstNotScriptsValid = pindex;
4217 // Begin: actual consistency checks.
4219 // Genesis block checks.
4220 assert(pindex->GetBlockHash() == consensusParams.hashGenesisBlock); // Genesis block's hash must match.
4221 assert(pindex == chainActive.Genesis()); // The current active chain's genesis block must be this block.
4222 }
4223 if (pindex->nChainTx == 0) assert(pindex->nSequenceId == 0); // nSequenceId can't be set for blocks that aren't linked
4224 // VALID_TRANSACTIONS is equivalent to nTx > 0 for all nodes (whether or not pruning has occurred).
4225 // HAVE_DATA is only equivalent to nTx > 0 (or VALID_TRANSACTIONS) if no pruning has occurred.
4227 // If we've never pruned, then HAVE_DATA should be equivalent to nTx > 0
4231 // If we have pruned, then we can only say that HAVE_DATA implies nTx > 0
4233 }
4235 assert(((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_TRANSACTIONS) == (pindex->nTx > 0)); // This is pruning-independent.
4236 // All parents having had data (at some point) is equivalent to all parents being VALID_TRANSACTIONS, which is equivalent to nChainTx being set.
4237 assert((pindexFirstNeverProcessed != NULL) == (pindex->nChainTx == 0)); // nChainTx != 0 is used to signal that all parent blocks have been processed (but may have been pruned).
4240 assert(pindex->pprev == NULL || pindex->nChainWork >= pindex->pprev->nChainWork); // For every block except the genesis block, the chainwork must be larger than the parent's.
4241 assert(nHeight < 2 || (pindex->pskip && (pindex->pskip->nHeight < nHeight))); // The pskip pointer must point back for all but the first 2 blocks.
4242 assert(pindexFirstNotTreeValid == NULL); // All mapBlockIndex entries must at least be TREE valid
4243 if ((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_TREE) assert(pindexFirstNotTreeValid == NULL); // TREE valid implies all parents are TREE valid
4244 if ((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_CHAIN) assert(pindexFirstNotChainValid == NULL); // CHAIN valid implies all parents are CHAIN valid
4245 if ((pindex->nStatus & BLOCK_VALID_MASK) >= BLOCK_VALID_SCRIPTS) assert(pindexFirstNotScriptsValid == NULL); // SCRIPTS valid implies all parents are SCRIPTS valid
4247 // Checks for not-invalid blocks.
4248 assert((pindex->nStatus & BLOCK_FAILED_MASK) == 0); // The failed mask cannot be set for blocks without invalid parents.
4249 }
4250 if (!CBlockIndexWorkComparator()(pindex, chainActive.Tip()) && pindexFirstNeverProcessed == NULL) {
4252 // If this block sorts at least as good as the current tip and
4253 // is valid and we have all data for its parents, it must be in
4254 // setBlockIndexCandidates. chainActive.Tip() must also be there
4255 // even if some data has been pruned.
4258 }
4259 // If some parent is missing, then it could be that this block was in
4260 // setBlockIndexCandidates but had to be removed because of the missing data.
4261 // In this case it must be in mapBlocksUnlinked -- see test below.
4262 }
4263 } else { // If this block sorts worse than the current tip or some ancestor's block has never been seen, it cannot be in setBlockIndexCandidates.
4265 }
4266 // Check whether this block is in mapBlocksUnlinked.
4267 std::pair<std::multimap<CBlockIndex*,CBlockIndex*>::iterator,std::multimap<CBlockIndex*,CBlockIndex*>::iterator> rangeUnlinked = mapBlocksUnlinked.equal_range(pindex->pprev);
4274 }
4276 }
4277 if (pindex->pprev && (pindex->nStatus & BLOCK_HAVE_DATA) && pindexFirstNeverProcessed != NULL && pindexFirstInvalid == NULL) {
4278 // If this block has block data available, some parent was never received, and has no invalid parents, it must be in mapBlocksUnlinked.
4280 }
4281 if (!(pindex->nStatus & BLOCK_HAVE_DATA)) assert(!foundInUnlinked); // Can't be in mapBlocksUnlinked if we don't HAVE_DATA
4282 if (pindexFirstMissing == NULL) assert(!foundInUnlinked); // We aren't missing data for any parent -- cannot be in mapBlocksUnlinked.
4283 if (pindex->pprev && (pindex->nStatus & BLOCK_HAVE_DATA) && pindexFirstNeverProcessed == NULL && pindexFirstMissing != NULL) {
4284 // We HAVE_DATA for this block, have received data for all parents at some point, but we're currently missing data for some parent.
4286 // This block may have entered mapBlocksUnlinked if:
4287 // - it has a descendant that at some point had more work than the
4288 // tip, and
4289 // - we tried switching to that descendant but were missing
4290 // data for some intermediate block between chainActive and the
4291 // tip.
4292 // So if this block is itself better than chainActive.Tip() and it wasn't in
4293 // setBlockIndexCandidates, then it must be in mapBlocksUnlinked.
4294 if (!CBlockIndexWorkComparator()(pindex, chainActive.Tip()) && setBlockIndexCandidates.count(pindex) == 0) {
4297 }
4298 }
4299 }
4300 // assert(pindex->GetBlockHash() == pindex->GetBlockHeader().GetHash()); // Perhaps too slow
4301 // End: actual consistency checks.
4303 // Try descending into the first subnode.
4304 std::pair<std::multimap<CBlockIndex*,CBlockIndex*>::iterator,std::multimap<CBlockIndex*,CBlockIndex*>::iterator> range = forward.equal_range(pindex);
4306 // A subnode was found.
4308 nHeight++;
4310 }
4311 // This is a leaf node.
4312 // Move upwards until we reach a node of which we have not yet visited the last child.
4314 // We are going to either move to a parent or a sibling of pindex.
4315 // If pindex was the first with a certain property, unset the corresponding variable.
4323 // Find our parent.
4325 // Find which child we just visited.
4326 std::pair<std::multimap<CBlockIndex*,CBlockIndex*>::iterator,std::multimap<CBlockIndex*,CBlockIndex*>::iterator> rangePar = forward.equal_range(pindexPar);
4328 assert(rangePar.first != rangePar.second); // Our parent must have at least the node we're coming from as child.
4330 }
4331 // Proceed to the next one.
4334 // Move to the sibling.
4338 // Move up further.
4340 nHeight--;
4342 }
4343 }
4344 }
4346 // Check that we actually traversed the entire map.
4348 }
4351 {
4352 string strStatusBar;
4353 string strRPC;
4354 string strGUI;
4357 strStatusBar = "This is a pre-release test build - use at your own risk - do not use for mining or merchant applications";
4358 strGUI = _("This is a pre-release test build - use at your own risk - do not use for mining or merchant applications");
4359 }
4364 // Misc warnings like out of disk space and clock is wrong
4366 {
4368 }
4371 {
4372 strStatusBar = strRPC = "Warning: The network does not appear to fully agree! Some miners appear to be experiencing issues.";
4373 strGUI = _("Warning: The network does not appear to fully agree! Some miners appear to be experiencing issues.");
4374 }
4376 {
4377 strStatusBar = strRPC = "Warning: We do not appear to fully agree with our peers! You may need to upgrade, or other nodes may need to upgrade.";
4378 strGUI = _("Warning: We do not appear to fully agree with our peers! You may need to upgrade, or other nodes may need to upgrade.");
4379 }
4389 }
4398 //////////////////////////////////////////////////////////////////////////////
4399 //
4400 // Messages
4401 //
4405 {
4407 {
4409 {
4412 {
4413 // If the chain tip has changed previously rejected transactions
4414 // might be now valid, e.g. due to a nLockTime'd tx becoming valid,
4415 // or a double-spend. Reset the rejects filter and give those
4416 // txs a second chance.
4419 }
4421 // Use pcoinsTip->HaveCoinsInCache as a quick approximation to exclude
4422 // requesting or processing some txs which have already been included in a block
4427 }
4430 }
4431 // Don't know what it is, just say we already got one
4433 }
4436 {
4444 // Don't bother if send buffer is too full to respond anyway
4449 {
4451 it++;
4454 {
4458 {
4463 // To prevent fingerprinting attacks, only send blocks outside of the active
4464 // chain if they are valid, and no more than a month older (both in time, and in
4465 // best equivalent proof of work) than the best header chain we know about.
4468 (GetBlockProofEquivalentTime(*pindexBestHeader, *mi->second, *pindexBestHeader, consensusParams) < nOneMonth);
4470 LogPrintf("%s: ignoring request from peer=%i for old block that isn't in the main chain\n", __func__, pfrom->GetId());
4471 }
4472 }
4473 }
4474 // disconnect node in case we have reached the outbound limit for serving historical blocks
4475 // never disconnect whitelisted nodes
4477 if (send && CNode::OutboundTargetReached(true) && ( ((pindexBestHeader != NULL) && (pindexBestHeader->GetBlockTime() - mi->second->GetBlockTime() > nOneWeek)) || inv.type == MSG_FILTERED_BLOCK) && !pfrom->fWhitelisted)
4478 {
4479 LogPrint("net", "historical block serving limit reached, disconnect peer=%d\n", pfrom->GetId());
4481 //disconnect node
4484 }
4485 // Pruned nodes may have deleted the block, so check whether
4486 // it's available before trying to send.
4488 {
4489 // Send block from disk
4490 CBlock block;
4496 {
4499 {
4502 // CMerkleBlock just contains hashes, so also push any transactions in the block the client did not see
4503 // This avoids hurting performance by pointlessly requiring a round-trip
4504 // Note that there is currently no way for a node to request any single transactions we didn't send here -
4505 // they must either disconnect and retry or request the full block.
4506 // Thus, the protocol spec specified allows for us to provide duplicate txn here,
4507 // however we MUST always provide at least what the remote peer needs
4511 }
4512 // else
4513 // no response
4514 }
4516 // Trigger the peer node to send a getblocks request for the next batch of inventory
4518 {
4519 // Bypass PushInventory, this must send even if redundant,
4520 // and we want it right after the last block so they don't
4521 // wait for other stuff first.
4526 }
4527 }
4528 }
4530 {
4531 // Send stream from relay memory
4539 // To protect privacy, do not answer getdata using the mempool when
4540 // that TX couldn't have been INVed in reply to a MEMPOOL request.
4544 }
4545 }
4548 }
4549 }
4551 // Track requests for our stuff.
4556 }
4557 }
4562 // Let the peer know that we didn't find what it asked for, so it doesn't
4563 // have to wait around forever. Currently only SPV clients actually care
4564 // about this message: it's needed when they are recursively walking the
4565 // dependencies of relevant unconfirmed transactions. SPV clients want to
4566 // do that because they want to know about (and store and rebroadcast and
4567 // risk analyze) the dependencies of transactions relevant to them, without
4568 // having to download the entire memory pool.
4570 }
4571 }
4573 bool static ProcessMessage(CNode* pfrom, string strCommand, CDataStream& vRecv, int64_t nTimeReceived, const CChainParams& chainparams)
4574 {
4575 LogPrint("net", "received: %s (%u bytes) peer=%d\n", SanitizeString(strCommand), vRecv.size(), pfrom->id);
4577 {
4580 }
4587 {
4595 }
4596 }
4600 {
4601 // Each connection can only send one version message
4603 {
4604 pfrom->PushMessage(NetMsgType::REJECT, strCommand, REJECT_DUPLICATE, string("Duplicate version message"));
4608 }
4611 CAddress addrMe;
4612 CAddress addrFrom;
4618 {
4620 }
4622 {
4623 LogPrint("net", "peer=%d does not offer the expected services (%08x offered, %08x expected); disconnecting\n", pfrom->id, pfrom->nServices, pfrom->nServicesExpected);
4628 }
4631 {
4632 // disconnect from peers older than this proto version
4638 }
4647 }
4650 }
4651 {
4655 else
4657 }
4659 // Disconnect if we connected to ourself
4661 {
4665 }
4669 {
4671 }
4673 // Be shy and don't send version until we hear
4679 // Potentially mark this peer as a preferred download peer.
4680 {
4683 }
4685 // Change version
4690 {
4691 // Advertise our address
4693 {
4696 {
4703 }
4704 }
4706 // Get recent addresses
4708 {
4711 }
4715 {
4718 }
4719 }
4723 string remoteAddr;
4730 remoteAddr);
4735 }
4739 {
4740 // Must have a version message before anything else
4744 }
4748 {
4751 // Mark this node as currently connected, so we update its timestamp later.
4755 }
4758 // Tell our peer we prefer to receive headers rather than inv's
4759 // We send this to non-NODE NETWORK peers as well, because even
4760 // non-NODE NETWORK peers can announce blocks (such as pruning
4761 // nodes)
4763 }
4764 }
4768 {
4772 // Don't want addr from older versions unless seeding
4776 {
4780 }
4782 // Store the new addresses
4787 {
4798 {
4799 // Relay to a limited number of other nodes
4800 {
4802 // Use deterministic randomness to send to the same nodes for 24 hours
4803 // at a time so the addrKnowns of the chosen nodes prevent repeats
4808 const CSipHasher hasher = CSipHasher(salt0, salt1).Write(hashAddr << 32).Write((GetTime() + hashAddr) / (24*60*60));
4810 {
4815 }
4817 for (multimap<uint64_t, CNode*>::iterator mi = mapMix.begin(); mi != mapMix.end() && nRelayNodes-- > 0; ++mi)
4819 }
4820 }
4821 // Do not store addresses outside our network
4824 }
4830 }
4833 {
4836 }
4840 {
4844 {
4848 }
4852 // Allow whitelisted peers to send data other than blocks in blocks only mode if whitelistrelay is true
4861 {
4867 LogPrint("net", "got inv: %s %s peer=%d\n", inv.ToString(), fAlreadyHave ? "have" : "new", pfrom->id);
4872 // First request the headers preceding the announced block. In the normal fully-synced
4873 // case where a new block is announced that succeeds the current tip (no reorganization),
4874 // there are no such headers.
4875 // Secondly, and only when we are close to being synced, we request the announced block directly,
4876 // to avoid an extra round-trip. Note that we must *first* ask for the headers, so by the
4877 // time the block arrives, the header chain leading up to it is already validated. Not
4878 // doing this will result in the received block being rejected as an orphan in case it is
4879 // not a direct successor.
4880 pfrom->PushMessage(NetMsgType::GETHEADERS, chainActive.GetLocator(pindexBestHeader), inv.hash);
4885 // Mark block as in flight already, even though the actual "getdata" message only goes out
4886 // later (within the same cs_main lock, though).
4888 }
4889 LogPrint("net", "getheaders (%d) %s to peer=%d\n", pindexBestHeader->nHeight, inv.hash.ToString(), pfrom->id);
4890 }
4891 }
4892 else
4893 {
4896 LogPrint("net", "transaction (%s) inv sent in violation of protocol peer=%d\n", inv.hash.ToString(), pfrom->id);
4899 }
4901 // Track requests for our stuff
4907 }
4908 }
4912 }
4916 {
4920 {
4924 }
4934 }
4938 {
4939 CBlockLocator locator;
4940 uint256 hashStop;
4945 // Find the last block the caller has in the main chain
4948 // Send the rest of the chain
4952 LogPrint("net", "getblocks %d to %s limit %d from peer=%d\n", (pindex ? pindex->nHeight : -1), hashStop.IsNull() ? "end" : hashStop.ToString(), nLimit, pfrom->id);
4954 {
4956 {
4957 LogPrint("net", " getblocks stopping at %d %s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
4959 }
4960 // If pruning, don't inv blocks unless we have on disk and are likely to still have
4961 // for some reasonable time window (1 hour) that block relay might require.
4962 const int nPrunedBlocksLikelyToHave = MIN_BLOCKS_TO_KEEP - 3600 / chainparams.GetConsensus().nPowTargetSpacing;
4963 if (fPruneMode && (!(pindex->nStatus & BLOCK_HAVE_DATA) || pindex->nHeight <= chainActive.Tip()->nHeight - nPrunedBlocksLikelyToHave))
4964 {
4965 LogPrint("net", " getblocks stopping, pruned or too old block at %d %s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
4967 }
4970 {
4971 // When this block is requested, we'll send an inv that'll
4972 // trigger the peer to getblocks the next batch of inventory.
4973 LogPrint("net", " getblocks stopping at limit %d %s\n", pindex->nHeight, pindex->GetBlockHash().ToString());
4976 }
4977 }
4978 }
4982 {
4983 CBlockLocator locator;
4984 uint256 hashStop;
4989 LogPrint("net", "Ignoring getheaders from peer=%d because node is in initial block download\n", pfrom->id);
4991 }
4996 {
4997 // If locator is null, return the hashStop block
5002 }
5003 else
5004 {
5005 // Find the last block the caller has in the main chain
5009 }
5011 // we must use CBlocks, as CBlockHeaders won't include the 0x00 nTx count at the end
5014 LogPrint("net", "getheaders %d to %s from peer=%d\n", (pindex ? pindex->nHeight : -1), hashStop.ToString(), pfrom->id);
5016 {
5020 }
5021 // pindex can be NULL either if we sent chainActive.Tip() OR
5022 // if our peer has chainActive.Tip() (and thus we are sending an empty
5023 // headers message). In both cases it's safe to update
5024 // pindexBestHeaderSent to be our tip.
5027 }
5031 {
5032 // Stop processing the transaction early if
5033 // We are in blocks only mode and peer is either not whitelisted or whitelistrelay is off
5034 if (!fRelayTxes && (!pfrom->fWhitelisted || !GetBoolArg("-whitelistrelay", DEFAULT_WHITELISTRELAY)))
5035 {
5038 }
5042 CTransaction tx;
5051 CValidationState state;
5066 // Recursively process any orphan transactions that depended on this one
5069 {
5070 map<uint256, set<uint256> >::iterator itByPrev = mapOrphanTransactionsByPrev.find(vWorkQueue[i]);
5076 {
5081 // Use a dummy CValidationState so someone can't setup nodes to counter-DoS based on orphan
5082 // resolution (that is, feeding people an invalid transaction based on LegitTxX in order to get
5083 // anyone relaying LegitTxX banned)
5084 CValidationState stateDummy;
5094 }
5096 {
5099 {
5100 // Punish peer that gave us an invalid orphan tx
5104 }
5105 // Has inputs but not accepted to mempool
5106 // Probably non-standard or insufficient fee/priority
5111 }
5113 }
5114 }
5118 }
5120 {
5123 // DoS prevention: do not allow mapOrphanTransactions to grow unbounded
5124 unsigned int nMaxOrphanTx = (unsigned int)std::max((int64_t)0, GetArg("-maxorphantx", DEFAULT_MAX_ORPHAN_TRANSACTIONS));
5133 // Always relay transactions received from whitelisted peers, even
5134 // if they were already in the mempool or rejected from it due
5135 // to policy, allowing the node to function as a gateway for
5136 // nodes hidden behind it.
5137 //
5138 // Never relay transactions that we would assign a non-zero DoS
5139 // score for, as we expect peers to do the same with us in that
5140 // case.
5143 LogPrintf("Force relaying tx %s from whitelisted peer=%d\n", tx.GetHash().ToString(), pfrom->id);
5146 LogPrintf("Not relaying invalid transaction %s from whitelisted peer=%d (%s)\n", tx.GetHash().ToString(), pfrom->id, FormatStateMessage(state));
5147 }
5148 }
5149 }
5152 {
5156 if (state.GetRejectCode() < REJECT_INTERNAL) // Never send AcceptToMemoryPool's internal codes over P2P
5161 }
5163 }
5166 else if (strCommand == NetMsgType::HEADERS && !fImporting && !fReindex) // Ignore headers received while importing
5167 {
5170 // Bypass the normal CBlock deserialization, as we don't want to risk deserializing 2000 full blocks.
5176 }
5181 }
5183 {
5187 // Nothing interesting. Stop asking this peers for more headers.
5189 }
5191 // If we already know the last header in the message, then it contains
5192 // no new information for us. In this case, we do not request
5193 // more headers later. This prevents multiple chains of redundant
5194 // getheader requests from running in parallel if triggered by incoming
5195 // blocks while the node is still in initial headers sync.
5200 CValidationState state;
5204 }
5211 }
5212 }
5213 }
5219 // Headers message had its maximum size; the peer may have more headers.
5220 // TODO: optimize: if pindexLast is an ancestor of chainActive.Tip or pindexBestHeader, continue
5221 // from there instead.
5222 LogPrint("net", "more getheaders (%d) to end to peer=%d (startheight:%d)\n", pindexLast->nHeight, pfrom->id, pfrom->nStartingHeight);
5224 }
5228 // If this set of headers is valid and ends in a block with at least as
5229 // much work as our tip, download as much as possible.
5230 if (fCanDirectFetch && pindexLast->IsValid(BLOCK_VALID_TREE) && chainActive.Tip()->nChainWork <= pindexLast->nChainWork) {
5233 // Calculate all the blocks we'd need to switch to pindexLast, up to a limit.
5234 while (pindexWalk && !chainActive.Contains(pindexWalk) && vToFetch.size() <= MAX_BLOCKS_IN_TRANSIT_PER_PEER) {
5237 // We don't have this block, and it's not yet in flight.
5239 }
5241 }
5242 // If pindexWalk still isn't on our main chain, we're looking at a
5243 // very large reorg at a time we think we're close to caught up to
5244 // the main chain -- this shouldn't really happen. Bail out on the
5245 // direct fetch and rely on parallel download instead.
5252 // Download as much as possible, from earliest to latest.
5255 // Can't download any more from this peer
5257 }
5259 MarkBlockAsInFlight(pfrom->GetId(), pindex->GetBlockHash(), chainparams.GetConsensus(), pindex);
5262 }
5266 }
5269 }
5270 }
5271 }
5274 }
5277 }
5279 else if (strCommand == NetMsgType::BLOCK && !fImporting && !fReindex) // Ignore blocks received while importing
5280 {
5281 CBlock block;
5286 CValidationState state;
5287 // Process all blocks from whitelisted peers, even if not requested,
5288 // unless we're still syncing with the network.
5289 // Such an unrequested block may still be processed, subject to the
5290 // conditions in AcceptBlock().
5295 assert (state.GetRejectCode() < REJECT_INTERNAL); // Blocks are never rejected with internal reject codes
5301 }
5302 }
5304 }
5308 {
5309 // This asymmetric behavior for inbound and outbound connections was introduced
5310 // to prevent a fingerprinting attack: an attacker can send specific fake addresses
5311 // to users' AddrMan and later request them by sending getaddr messages.
5312 // Making nodes which are behind NAT and can only make outgoing connections ignore
5313 // the getaddr message mitigates the attack.
5317 }
5319 // Only send one GetAddr response per connection to reduce resource waste
5320 // and discourage addr stamping of INV announcements.
5324 }
5331 }
5335 {
5337 {
5338 LogPrint("net", "mempool request with bloom filters disabled, disconnect peer=%d\n", pfrom->GetId());
5341 }
5344 {
5345 LogPrint("net", "mempool request with bandwidth limit reached, disconnect peer=%d\n", pfrom->GetId());
5348 }
5352 }
5356 {
5358 {
5361 // Echo the message back with the nonce. This allows for two useful features:
5362 //
5363 // 1) A remote node can quickly check if the connection is operational
5364 // 2) Remote nodes can measure the latency of the network thread. If this node
5365 // is overloaded it won't respond to pings quickly and the remote node can
5366 // avoid sending us more work, like chain download requests.
5367 //
5368 // The nonce stops the remote getting confused between different pings: without
5369 // it, if the remote node sends a ping once per second and this node takes 5
5370 // seconds to respond to each, the 5th ping the remote sends would appear to
5371 // return very quickly.
5373 }
5374 }
5378 {
5388 // Only process pong message if there is an outstanding ping (old ping without nonce should never pong)
5391 // Matching pong received, this ping is no longer outstanding
5395 // Successful ping time measurement, replace previous
5399 // This should never happen
5401 }
5403 // Nonce mismatches are normal when pings are overlapping
5406 // This is most likely a bug in another implementation somewhere; cancel this ping
5409 }
5410 }
5413 }
5415 // This is most likely a bug in another implementation somewhere; cancel this ping
5418 }
5423 sProblem,
5425 nonce,
5426 nAvail);
5427 }
5430 }
5431 }
5435 {
5436 CBloomFilter filter;
5442 {
5443 // There is no excuse for sending a too-large filter
5446 }
5447 else
5448 {
5452 }
5454 }
5458 {
5462 // Nodes must NEVER send a data item > 520 bytes (the max size for a script data object,
5463 // and thus, the maximum size any matched object can have) in a filteradd message
5465 {
5472 else
5473 {
5476 }
5477 }
5478 }
5482 {
5487 }
5491 {
5495 vRecv >> LIMITED_STRING(strMsg, CMessageHeader::COMMAND_SIZE) >> ccode >> LIMITED_STRING(strReason, MAX_REJECT_MESSAGE_LENGTH);
5497 ostringstream ss;
5501 {
5502 uint256 hash;
5505 }
5508 // Avoid feedback loops by preventing reject messages from triggering a new reject message.
5510 }
5511 }
5512 }
5518 {
5521 }
5522 LogPrint("net", "received: feefilter of %s from peer=%d\n", CFeeRate(newFeeFilter).ToString(), pfrom->id);
5523 }
5524 }
5527 // Ignore unknown commands for extensibility
5528 LogPrint("net", "Unknown command \"%s\" from peer=%d\n", SanitizeString(strCommand), pfrom->id);
5529 }
5534 }
5536 // requires LOCK(cs_vRecvMsg)
5538 {
5540 //if (fDebug)
5541 // LogPrintf("%s(%u messages)\n", __func__, pfrom->vRecvMsg.size());
5543 //
5544 // Message format
5545 // (4) message start
5546 // (12) command
5547 // (4) size
5548 // (4) checksum
5549 // (x) data
5550 //
5556 // this maintains the order of responses
5561 // Don't bother if send buffer is too full to respond anyway
5565 // get next message
5568 //if (fDebug)
5569 // LogPrintf("%s(message %u msgsz, %u bytes, complete:%s)\n", __func__,
5570 // msg.hdr.nMessageSize, msg.vRecv.size(),
5571 // msg.complete() ? "Y" : "N");
5573 // end, if an incomplete message is found
5577 // at this point, any failure means we can delete the current message
5578 it++;
5580 // Scan for message start
5582 LogPrintf("PROCESSMESSAGE: INVALID MESSAGESTART %s peer=%d\n", SanitizeString(msg.hdr.GetCommand()), pfrom->id);
5585 }
5587 // Read header
5590 {
5591 LogPrintf("PROCESSMESSAGE: ERRORS IN HEADER %s peer=%d\n", SanitizeString(hdr.GetCommand()), pfrom->id);
5593 }
5596 // Message size
5599 // Checksum
5604 {
5608 }
5610 // Process message
5612 try
5613 {
5616 }
5618 {
5619 pfrom->PushMessage(NetMsgType::REJECT, strCommand, REJECT_MALFORMED, string("error parsing message"));
5621 {
5622 // Allow exceptions from under-length message on vRecv
5623 LogPrintf("%s(%s, %u bytes): Exception '%s' caught, normally caused by a message being shorter than its stated length\n", __func__, SanitizeString(strCommand), nMessageSize, e.what());
5624 }
5626 {
5627 // Allow exceptions from over-long size
5628 LogPrintf("%s(%s, %u bytes): Exception '%s' caught\n", __func__, SanitizeString(strCommand), nMessageSize, e.what());
5629 }
5631 {
5632 // Allow exceptions from non-canonical encoding
5633 LogPrintf("%s(%s, %u bytes): Exception '%s' caught\n", __func__, SanitizeString(strCommand), nMessageSize, e.what());
5634 }
5635 else
5636 {
5638 }
5639 }
5642 }
5647 }
5650 LogPrintf("%s(%s, %u bytes) FAILED peer=%d\n", __func__, SanitizeString(strCommand), nMessageSize, pfrom->id);
5653 }
5655 // In case the connection got shut down, its receive buffer was wiped
5660 }
5662 class CompareInvMempoolOrder
5663 {
5667 {
5669 }
5672 {
5673 /* As std::make_heap produces a max-heap, we want the entries with the
5674 * fewest ancestors/highest fee to sort later. */
5676 }
5677 };
5680 {
5682 {
5683 // Don't send anything until we get its version message
5687 //
5688 // Message: ping
5689 //
5692 // RPC ping request by user
5694 }
5695 if (pto->nPingNonceSent == 0 && pto->nPingUsecStart + PING_INTERVAL * 1000000 < GetTimeMicros()) {
5696 // Ping automatically sent as a latency probe & keepalive.
5698 }
5703 }
5710 // Peer is too old to support ping command with nonce, pong will never arrive.
5713 }
5714 }
5720 // Address refresh broadcast
5725 }
5727 //
5728 // Message: addr
5729 //
5735 {
5737 {
5740 // receiver rejects addr messages larger than 1000
5742 {
5745 }
5746 }
5747 }
5751 // we only send the big addr message once
5754 }
5764 else
5765 {
5767 }
5768 }
5770 }
5773 pto->PushMessage(NetMsgType::REJECT, (string)NetMsgType::BLOCK, reject.chRejectCode, reject.strRejectReason, reject.hashBlock);
5776 // Start block sync
5779 bool fFetch = state.fPreferredDownload || (nPreferredDownload == 0 && !pto->fClient && !pto->fOneShot); // Download if this is a nice peer, or we have no nice peers and this one might do.
5781 // Only actively request headers from a single peer, unless we're close to today.
5782 if ((nSyncStarted == 0 && fFetch) || pindexBestHeader->GetBlockTime() > GetAdjustedTime() - 24 * 60 * 60) {
5784 nSyncStarted++;
5786 /* If possible, start at the block preceding the currently
5787 best known header. This ensures that we always get a
5788 non-empty list of headers back as long as the peer
5789 is up-to-date. With a non-empty response, we can initialise
5790 the peer's known best block. This wouldn't be possible
5791 if we requested starting at pindexBestHeader and
5792 got back an empty response. */
5795 LogPrint("net", "initial getheaders (%d) to peer=%d (startheight:%d)\n", pindexStart->nHeight, pto->id, pto->nStartingHeight);
5797 }
5798 }
5800 // Resend wallet transactions that haven't gotten in a block yet
5801 // Except during reindex, importing and IBD, when old wallet
5802 // transactions become unconfirmed and spams other nodes.
5804 {
5806 }
5808 //
5809 // Try sending block announcements via headers
5810 //
5811 {
5812 // If we have less than MAX_BLOCKS_TO_ANNOUNCE in our
5813 // list of block hashes we're relaying, and our peer wants
5814 // headers announcements, then find the first header
5815 // not yet known to our peer but would connect, and send.
5816 // If no header would connect, or if we have too many
5817 // blocks, or if the peer doesn't want headers, just
5818 // add all to the inv queue.
5821 bool fRevertToInv = (!state.fPreferHeaders || pto->vBlockHashesToAnnounce.size() > MAX_BLOCKS_TO_ANNOUNCE);
5827 // Try to find first header that our peer doesn't have, and
5828 // then send all headers past that one. If we come across any
5829 // headers that aren't on chainActive, give up.
5835 // Bail out if we reorged away from this block
5838 }
5840 // This means that the list of blocks to announce don't
5841 // connect to each other.
5842 // This shouldn't really be possible to hit during
5843 // regular operation (because reorgs should take us to
5844 // a chain that has some block not on the prior chain,
5845 // which should be caught by the prior check), but one
5846 // way this could happen is by using invalidateblock /
5847 // reconsiderblock repeatedly on the tip, causing it to
5848 // be added multiple times to vBlockHashesToAnnounce.
5849 // Robustly deal with this rare situation by reverting
5850 // to an inv.
5853 }
5856 // add this to the headers message
5861 // Peer doesn't have this header but they do have the prior one.
5862 // Start sending headers.
5866 // Peer doesn't have this header or the prior one -- nothing will
5867 // connect, so bail out.
5870 }
5871 }
5872 }
5874 // If falling back to using an inv, just try to inv the tip.
5875 // The last entry in vBlockHashesToAnnounce was our tip at some point
5876 // in the past.
5883 // Warn if we're announcing a block that is not on the main chain.
5884 // This should be very rare and could be optimized out.
5885 // Just log for now.
5889 }
5891 // If the peer's chain has this block, don't inv it back.
5896 }
5897 }
5907 }
5910 }
5912 }
5914 //
5915 // Message: inventory
5916 //
5918 {
5922 // Add blocks
5928 }
5929 }
5932 // Check whether periodic sends should happen
5936 // Use half the delay for outbound peers, as there is less privacy concern for them.
5938 }
5940 // Time to send but the peer has requested we not relay transactions.
5944 }
5946 // Respond to BIP35 mempool requests
5951 {
5954 }
5965 }
5968 }
5974 }
5975 }
5977 }
5979 // Determine transactions to relay
5981 // Produce a vector with all candidates for sending
5984 for (std::set<uint256>::iterator it = pto->setInventoryTxToSend.begin(); it != pto->setInventoryTxToSend.end(); it++) {
5986 }
5988 {
5991 }
5992 // Topologically and fee-rate sort the inventory we send for privacy and priority reasons.
5993 // A heap is used so that not all items need sorting if only a few are being sent.
5996 // No reason to drain out at many times the network's capacity,
5997 // especially since we have many peers and some will draw much shorter delays.
6001 // Fetch the top element from the heap
6006 // Remove it from the to-be-sent set
6008 // Check if not in the filter already
6011 }
6012 // Not in the mempool anymore? don't bother sending it.
6016 }
6019 }
6021 // Send
6023 nRelayedTransactions++;
6024 {
6025 // Expire old relay messages
6027 {
6030 }
6035 }
6036 }
6040 }
6042 }
6043 }
6044 }
6048 // Detect whether we're stalling
6050 if (!pto->fDisconnect && state.nStallingSince && state.nStallingSince < nNow - 1000000 * BLOCK_STALLING_TIMEOUT) {
6051 // Stalling only triggers when the block download window cannot move. During normal steady state,
6052 // the download window should be much larger than the to-be-downloaded set of blocks, so disconnection
6053 // should only happen during initial block download.
6056 }
6057 // In case there is a block that has been in flight from this peer for 2 + 0.5 * N times the block interval
6058 // (with N the number of peers from which we're downloading validated blocks), disconnect due to timeout.
6059 // We compensate for other peers to prevent killing off peers due to our own downstream link
6060 // being saturated. We only count validated in-flight blocks so peers can't advertise non-existing block hashes
6061 // to unreasonably increase our timeout.
6064 int nOtherPeersWithValidatedDownloads = nPeersWithValidatedDownloads - (state.nBlocksInFlightValidHeaders > 0);
6065 if (nNow > state.nDownloadingSince + consensusParams.nPowTargetSpacing * (BLOCK_DOWNLOAD_TIMEOUT_BASE + BLOCK_DOWNLOAD_TIMEOUT_PER_PEER * nOtherPeersWithValidatedDownloads)) {
6066 LogPrintf("Timeout downloading block %s from peer=%d, disconnecting\n", queuedBlock.hash.ToString(), pto->id);
6068 }
6069 }
6071 //
6072 // Message: getdata (blocks)
6073 //
6075 if (!pto->fDisconnect && !pto->fClient && (fFetch || !IsInitialBlockDownload()) && state.nBlocksInFlight < MAX_BLOCKS_IN_TRANSIT_PER_PEER) {
6078 FindNextBlocksToDownload(pto->GetId(), MAX_BLOCKS_IN_TRANSIT_PER_PEER - state.nBlocksInFlight, vToDownload, staller);
6084 }
6089 }
6090 }
6091 }
6093 //
6094 // Message: getdata (non-blocks)
6095 //
6096 while (!pto->fDisconnect && !pto->mapAskFor.empty() && (*pto->mapAskFor.begin()).first <= nNow)
6097 {
6100 {
6105 {
6108 }
6110 //If we're not going to ask, don't expect a response.
6112 }
6114 }
6118 //
6119 // Message: feefilter
6120 //
6121 // We don't want white listed peers to filter txs to us if we have -whitelistforcerelay
6124 CAmount currentFilter = mempool.GetMinFee(GetArg("-maxmempool", DEFAULT_MAX_MEMPOOL_SIZE) * 1000000).GetFeePerK();
6131 }
6133 }
6134 // If the fee filter has changed substantially and it's still more than MAX_FEEFILTER_CHANGE_DELAY
6135 // until scheduled broadcast, then move the broadcast to within MAX_FEEFILTER_CHANGE_DELAY.
6137 (currentFilter < 3 * pto->lastSentFeeFilter / 4 || currentFilter > 4 * pto->lastSentFeeFilter / 3)) {
6138 pto->nextSendTimeFeeFilter = timeNow + (insecure_rand() % MAX_FEEFILTER_CHANGE_DELAY) * 1000000;
6139 }
6140 }
6141 }
6143 }
6146 return strprintf("CBlockFileInfo(blocks=%u, size=%u, heights=%u...%u, time=%s...%s)", nBlocks, nSize, nHeightFirst, nHeightLast, DateTimeStrFormat("%Y-%m-%d", nTimeFirst), DateTimeStrFormat("%Y-%m-%d", nTimeLast));
6147 }
6149 ThresholdState VersionBitsTipState(const Consensus::Params& params, Consensus::DeploymentPos pos)
6150 {
6153 }
6155 class CMainCleanup
6156 {
6160 // block headers
6166 // orphan transactions
6169 }