[doc] explain why CheckBlock() is called before AcceptBlock()

Co-authored-by: Suhas Daftuar <sdaftuar@gmail.com>
author: Sjors Provoost <sjors@sprovoost.nl> 2019-03-06 12:26:58 +0100
committer: Sjors Provoost <sjors@sprovoost.nl> 2021-06-03 19:09:28 +0200
commit: 3d552b0d788a7d3102396b32d0de08e57cbfd297 (patch)
tree: a96d28377499649379aad5d193d02fe958e4e347 /src
parent: 07ededa30c9473ac32fc3e12b399c0ba999a4c40 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/validation.cpp b/src/validation.cpp
index 4c861599fd..af5a7e98e3 100644
--- a/src/validation.cpp
+++ b/src/validation.cpp
@@ -3605,8 +3605,11 @@ bool ChainstateManager::ProcessNewBlock(const CChainParams& chainparams, const s
         // Therefore, the following critical section must include the CheckBlock() call as well.
         LOCK(cs_main);
 
-        // Ensure that CheckBlock() passes before calling AcceptBlock, as
-        // belt-and-suspenders.
+        // Skipping AcceptBlock() for CheckBlock() failures means that we will never mark a block as invalid if
+        // CheckBlock() fails.  This is protective against consensus failure if there are any unknown forms of block
+        // malleability that cause CheckBlock() to fail; see e.g. CVE-2012-2459 and
+        // https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html.  Because CheckBlock() is
+        // not very expensive, the anti-DoS benefits of caching failure (of a definitely-invalid block) are not substantial.
         bool ret = CheckBlock(*block, state, chainparams.GetConsensus());
         if (ret) {
             // Store to disk
author	Sjors Provoost <sjors@sprovoost.nl>	2019-03-06 12:26:58 +0100
committer	Sjors Provoost <sjors@sprovoost.nl>	2021-06-03 19:09:28 +0200
commit	3d552b0d788a7d3102396b32d0de08e57cbfd297 (patch)
tree	a96d28377499649379aad5d193d02fe958e4e347 /src
parent	07ededa30c9473ac32fc3e12b399c0ba999a4c40 (diff)