diff options
| author | MarcoFalke <falke.marco@gmail.com> | 2021-06-08 17:00:18 +0200 |
|---|---|---|
| committer | MarcoFalke <falke.marco@gmail.com> | 2021-06-08 17:00:28 +0200 |
| commit | 82bc7faec8079b50f248655a97950087948f065d (patch) | |
| tree | 89d1ae736005e41b21f372afe398af05636f6bc1 /src/validation.cpp | |
| parent | 45a8b01fad96d93113896b9332618e936aef77af (diff) | |
| parent | 2eb0eeda39cab997f9a5f817f7c12e7fffeaf35a (diff) | |
| download | bitcoin-82bc7faec8079b50f248655a97950087948f065d.tar.xz | |
Merge bitcoin/bitcoin#21946: Document and test lack of inherited signaling in RBF policy
2eb0eeda39cab997f9a5f817f7c12e7fffeaf35a validation: document lack of inherited signaling in RBF policy (Antoine Riard)
906b6d9da6a6b2e6a5f1d9046b3b9c2c7e490c99 test: Extend feature_rbf.py with no inherited signaling (Antoine Riard)
Pull request description:
Contrary to BIP125 or other full-node implementation (e.g btcd), Bitcoin Core's mempool policy doesn't implement inherited signaling.
This PR documents our mempool behavior on this and add a test demonstrating the case.
ACKs for top commit:
jonatack:
ACK 2eb0eeda39cab997f9a5f817f7c12e7fffeaf35a
benthecarman:
ACK 2eb0eeda39cab997f9a5f817f7c12e7fffeaf35a
Tree-SHA512: d41453d3b49bae3c1eb532a968f43bc047084913bd285929d4d9cba142777ff2be38163d912e28dfc635f4ecf446de68effad799c6e71be52f81e83410c712fb
Diffstat (limited to 'src/validation.cpp')
| -rw-r--r-- | src/validation.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/validation.cpp b/src/validation.cpp index e6e6aadb17..5e3d429c2e 100644 --- a/src/validation.cpp +++ b/src/validation.cpp @@ -629,10 +629,13 @@ bool MemPoolAccept::PreChecks(ATMPArgs& args, Workspace& ws) // is for the sake of multi-party protocols, where we don't // want a single party to be able to disable replacement. // - // The opt-out ignores descendants as anyone relying on - // first-seen mempool behavior should be checking all - // unconfirmed ancestors anyway; doing otherwise is hopelessly - // insecure. + // Transactions that don't explicitly signal replaceability are + // *not* replaceable with the current logic, even if one of their + // unconfirmed ancestors signals replaceability. This diverges + // from BIP125's inherited signaling description (see CVE-2021-31876). + // Applications relying on first-seen mempool behavior should + // check all unconfirmed ancestors; otherwise an opt-in ancestor + // might be replaced, causing removal of this descendant. bool fReplacementOptOut = true; for (const CTxIn &_txin : ptxConflicting->vin) { |