diff options
| author | Antoine Riard <dev@ariard.me> | 2021-05-13 12:35:33 -0400 |
|---|---|---|
| committer | Antoine Riard <dev@ariard.me> | 2021-05-14 14:27:30 -0400 |
| commit | 2eb0eeda39cab997f9a5f817f7c12e7fffeaf35a (patch) | |
| tree | f5afedca6de0c7643e6d8b3d63ca8c3d460637d3 /src/validation.cpp | |
| parent | 906b6d9da6a6b2e6a5f1d9046b3b9c2c7e490c99 (diff) | |
| download | bitcoin-2eb0eeda39cab997f9a5f817f7c12e7fffeaf35a.tar.xz | |
validation: document lack of inherited signaling in RBF policy
Diffstat (limited to 'src/validation.cpp')
| -rw-r--r-- | src/validation.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/validation.cpp b/src/validation.cpp index 4f9b8687b7..9826616cb2 100644 --- a/src/validation.cpp +++ b/src/validation.cpp @@ -625,10 +625,13 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws) // is for the sake of multi-party protocols, where we don't // want a single party to be able to disable replacement. // - // The opt-out ignores descendants as anyone relying on - // first-seen mempool behavior should be checking all - // unconfirmed ancestors anyway; doing otherwise is hopelessly - // insecure. + // Transactions that don't explicitly signal replaceability are + // *not* replaceable with the current logic, even if one of their + // unconfirmed ancestors signals replaceability. This diverges + // from BIP125's inherited signaling description (see CVE-2021-31876). + // Applications relying on first-seen mempool behavior should + // check all unconfirmed ancestors; otherwise an opt-in ancestor + // might be replaced, causing removal of this descendant. bool fReplacementOptOut = true; for (const CTxIn &_txin : ptxConflicting->vin) { |