Closed GoogleCodeExporter closed 9 years ago
Ah, yes. The wallet should store risky transactions. We could change it so
there's a new pool for that, or accept them into the pending pool as normal and
just not select them (but they would still appear in the tx list and trigger
event listeners). I guess the question is, how much activity should take place
if a risky tx appears. Like if there's a onReceived callback and the balance
doesn't change even for ESTIMATED, then would that be confusing.
Original comment by mh.in.en...@gmail.com
on 17 Apr 2014 at 5:18
I don't understand why should it store risky transactions? And why do those
transactions not show up when they are confirmed by the blockchain? (They
should -- in this case they are not risky any more)
Original comment by andreas....@gmail.com
on 17 Apr 2014 at 10:32
Because of Bloom filtering. The remote peer sent us the tx data previously so
assumes we still have it. It won't send it again when a block turns up with it,
if we were previously connected for broadcast. So we have to keep them around
in case this happens. It's a design flaw in the risk analysis feature but one
nobody noticed. A workaround is to disable risk analysis until there's a fix.
Original comment by mh.in.en...@gmail.com
on 18 Apr 2014 at 8:40
That's bad news. I still get the spam transactions forwarded, so I assume the
majority of other users also get it.
Maybe we can just disable risk analysis based on "parents" for now? I think we
wanted to this anyway because of the stack overflow problems.
Original comment by andreas....@gmail.com
on 18 Apr 2014 at 8:43
Still I wonder if nodes don't forward transactions with the block if you
already got them how can an SPV wallet know it just got confirmed? Somehow you
need to know which (relevant) transactions are part of the block, right?
As for your questions in #1, I'd say risky transactions should not show up in
user visible lists, because that's the whole point of risk analysis. Also, we
wanted to get rid of spam. Maybe in future we could have multiple levels of
"riskyness", but for now I think we should aim at transactions that should not
be visible to users unless they are confirmed by the blockchain.
I don't care much about the invocation of callbacks as long as the framework
doesn't suddenly start to "hammer". Apps can always check if transactions they
got notified about are relevant/risky/whatever...
Original comment by andreas....@gmail.com
on 18 Apr 2014 at 9:01
BIP 70 explains how it works. The block is sent with (simplifying) a list of tx
hashes.
Yes we can disable dependency download but it doesn't fix the real problem
which is that risky transactions that confirm anyway will be missed.
Original comment by mh.in.en...@gmail.com
on 18 Apr 2014 at 9:04
I'm not sure if keeping risky transactions in the wallet -- separate pool or
not -- is the right way to do. After all, one reason for risk analysis is to
prevent DOS due to spam using up resources like heap. How would we clean up the
risky pool? Etc.
Can we instead just re-request transactions which we don't know?
Original comment by andreas....@gmail.com
on 18 Apr 2014 at 6:29
We don't try to be DoS resistant today anyway so I'm not worried about that.
It'd be easier to just make it remember all relevant transactions rather than
have complicated refetch logic.
Original comment by mh.in.en...@gmail.com
on 19 Apr 2014 at 7:55
Coming back to the question about callbacks again. I think I misunderstood the
question when I first read it.
onReceive should only be called if a transaction is allowed into pending or
confirmed pools. If it only goes into risky it should imho be treated as if it
was never received, means no callbacks called. Likewise the risky pool should
not count towards any of the balances. In future we might add a "risky balance"
but currently I don't see much use for that.
Maybe we should work towards a P2P protocol change that always sends all
filter-matching transactions with blocks, regardless of what happened before.
It's only a small overhead in traffic but I think it can make a big difference
in reliability. After all, if a node sends a pending transaction how can it be
sure that it has been received by the remote peer? Currently it just guesses
and includes the transaction with the block based on that guess, right?
Original comment by andreas....@gmail.com
on 22 Apr 2014 at 11:21
A P2P protocol change is really not worth it. The current protocol is fine. All
we have to do is not throw away data we're sent - hardly a big deal. The only
question is where to put it and how to treat it.
Not invoking callbacks is fine by me. That said I'm not keen on introducing yet
another pool (really - map of states). It might make more sense to just assume
risk analysis is fast and check when needed.
Original comment by mh.in.en...@gmail.com
on 22 Apr 2014 at 12:00
Resolved by
https://github.com/bitcoinj/bitcoinj/commit/467124a2b395030c6b29dcceeefaa4a81467
489d
Original comment by mh.in.en...@gmail.com
on 21 May 2014 at 5:27
Original issue reported on code.google.com by
andreas....@gmail.com
on 17 Apr 2014 at 4:05Attachments: