Update policy - Add maximum witness size (in bytes) #979
Comments
|
I think this can be a constant. |
|
I think the same |
|
What would be the impact if we have to change this? Are you guys sure this won't change in the future? I think it would be a good practice to have this in the policy |
|
I don't think it will be modified often. This is a relatively stable limit value. |
|
In fact, there is a limit now neo/neo/Network/P2P/Payloads/Witness.cs Lines 31 to 32 in 53f7d02 We should reduce it to 512 or 1024? |
|
I agree @shargon. Regarding value, we need to define max usage reasonable to offer for free. We are still discussing fee system I think, to avoid failed verifications to consume time from p2p edge. We can follow "neo segwit" and do not store lon term witnesses, so max size is also pointless. What is "reasonable" here? How many CN Neo3 expects to have validating blocks? Seven? So we max it to multisig 7/7 (to allow storing all sigs if wanted), in both invocation and verification. If CN increases, this increases automatically. This size will cover 99.9% of all existing applications, the rest can just be deployed. |
|
I understand that this value is not changed often, but what is the impact if we need this to change? Isn't this going to cause a "large mess"? |
lock9
added
Design
|
I think that 14/14 (or lower) won't need to be changed in the future, as igor said, the rest can be deployed |
lock9
added
Ready-to-Implement
|
@lock9 this won't affect future stuff, because it only checks during verification. Once it's on block, don't need to reverify (so we can shorten or increase this). |
|
but is deserialized with the block, so it will affect if we decrease this value in the future |
|
But we don't need to revalidate old tx, do we? Best thing is put this together with other network policies... so we definitely avoid this problem (it can increase/reduce, basis on storage). |
|
@igormcoelho so we should add this to the network policy? If we add this to the policy, we can see what was the value in a particular date and time, making it easier to change later. |
|
I mean the PolicyContract (native one)... it will have the whole decisions recorded on chain itself, regarding network policy over time. |
|
not in TX igor, but if you receive a block, you will deserialize it and you could obtain a FormatException if you decrease the value, if you increase it, there are no problem |
|
But we have a lot of values with the same behavior, max entries for arrays (attributes, cosigners, etc..) |
|
But really, the only reason to change this, is noticing huge spam attacks on border... 14/14 on invocation and verfication, allow for approximately: If some devil soul tries to use expensive stuff, and fault, this is an opportunity for: each checksig takes few microseconds, but 300 may take 0,1ms or more (we need to calculate this). If this "good" soul repeats several tx like this, with difference nonce, it may take considerable amount of time from network edge... with only solution by blacklisting the ip (in my opinion). If we also count-limit the expensive stuff on verification, let's say, by |
|
Yes, it's a lot of |
|
We can decrease it to 10/10, it will be safe if we want to increase it in the future |
|
10/10 may give us around 1000 bytes, I think so. Still 200 checksig, but much better. Expensive op counting may help too, but this is only important on borders. "Inside network", we can be very strict, if someone routes bad tx via p2p it should be blacklisted immediately (at least temporarily). |
|
@igormcoelho feel free to change my PR with your desired values |
|
is there a PR? Found it: #1020 |
|
@shargon we should definitely adopt a Neo SegWit design now: #1029 We only need to deny access for VerificationScript on interops.. (invocation is already denied on neo2 due to non-deterministic/maleable nature). So, after a few thousand blocks, we can provide shorter blocks and tx, completely without witnesses. In this sense, this size here is just an instantaneous protection against p2p network edge. |
This is needed for #840. It limits the size of the witness that can be used in the verification script.
The text was updated successfully, but these errors were encountered: