Introduce missing-at/last-missing timestamps
#1811
Conversation
This may, if we introduce new fields to `TxUdpate`, they can be minor non-breaking updates.
evanlinjin
force-pushed
the
missing_marker
branch
from
287b146 to
fe09eab
Compare
evanlinjin
changed the title
MissingMarkermissing-at/last-missing timestamps
LagginTimes
force-pushed
the
missing_marker
branch
from
7f09b70 to
49a64ba
Compare
This is a set of txids missing from the mempool.
LagginTimes
force-pushed
the
missing_marker
branch
from
0f52ead to
2e31bc7
Compare
|
Looks like only breaking changes are on |
LagginTimes
force-pushed
the
missing_marker
branch
from
2c37d06 to
bbd6340
Compare
|
@notmandatory core breaking change is also a wallet crate breaking change unfortunately. It is a minor breaking change (some struct from core is changing that no one inspects directly in their code probably) but it technically is a breaking change so it would have to be in bdk_wallet v2. This is a pretty important improvement so I'd say it justifies a v2 release by itself when it's merged. |
| @@ -879,6 +881,23 @@ pub trait SyncRequestBuilderExt<K> { | |||
|
|
|||
| /// Add [`Script`](bitcoin::Script)s that are revealed by the `indexer` but currently unused. | |||
| fn unused_spks_from_indexer(self, indexer: &KeychainTxOutIndex<K>) -> Self; | |||
|
|
|||
There was a problem hiding this comment.
⛏️ I don't really see the attraction of a extension trait for this stuff. I think this should all be just member methods.
| fn check_for_missing_txs<A, C>( | ||
| self, | ||
| indexer: &KeychainTxOutIndex<K>, | ||
| canonical_iter: CanonicalIter<A, C>, |
There was a problem hiding this comment.
This seems extremely awkward. What about ChainOracles that are not infallible? Why does it need be an KeychainTxOutIndex -- it just calls inner in the implementation.
How about you just put this method on the tx graph. Like:
impl<I, D: AsRef<SpkTxOutIndex<I>>> IndexedTxGraph<D> {
fn sync_request_add_expected_unconfirmed_txs<O: ChainOracle>(&self, sync_request: &mut SyncRequestBuilder, chain_oracle: &O, range: impl RangeBounds<I>) -> Result<(), O::Error> { ... }
}
impl<K> IndexedTxGraph<KeychainTxOutIndex<K>> {
fn keychain_sync_request_add_expected_unconfirmed_txs<O: ChainOracle>(&self, sync_request: &mut SyncRequestBuilder, chain_oracle: &O, range: impl RangeBounds<K>) -> Result<(), O::Error> { ... }
}
There was a problem hiding this comment.
Building on this comment I put some ideas for a IndexedTxGraph method in evanlinjin#14
There was a problem hiding this comment.
Thanks @LLFourn, the infallible part was pure laziness.
I wanted to have the extension traits since bdk_core::spk_client types have a builder API. However, @ValuedMammal's has already provided a superior solution - I'm happy to go with that!
| @@ -334,4 +334,21 @@ impl<I: Clone + Ord + core::fmt::Debug> SpkTxOutIndex<I> { | |||
| .any(|output| self.spk_indices.contains_key(&output.script_pubkey)); | |||
| input_matches || output_matches | |||
| } | |||
|
|
|||
| /// Find relevant script pubkeys associated with a transaction. | |||
There was a problem hiding this comment.
⛏️ doesn't define relevant here.
|
|
||
| /// Find relevant script pubkeys associated with a transaction. | ||
| /// | ||
| /// The script pubkeys of the transaction's outputs and previous outputs as scanned. |
There was a problem hiding this comment.
unhelpful sentence. Why. What do I use this method for.
Also needs to explain that inputs would not be detected as relevant unless the parents have been scanned.
crates/chain/src/tx_graph.rs
Outdated
| @@ -715,6 +717,30 @@ impl<A: Anchor> TxGraph<A> { | |||
| changeset | |||
| } | |||
|
|
|||
| /// Inserts the given `missing_at` for `txid` | |||
There was a problem hiding this comment.
🔧 there is no explanation of missing_at.
crates/chain/src/tx_graph.rs
Outdated
| @@ -145,6 +145,7 @@ pub struct TxGraph<A = ConfirmationBlockTime> { | |||
| spends: BTreeMap<OutPoint, HashSet<Txid>>, | |||
| anchors: HashMap<Txid, BTreeSet<A>>, | |||
| last_seen: HashMap<Txid, u64>, | |||
| last_missing: HashMap<Txid, u64>, | |||
There was a problem hiding this comment.
I think it would be nice if we had a data structure like this and then last_seen would become HashMap<Txid, LastSeen>
#[derive(Debug, Clone, Copy, Default, PartialEq)]
struct LastSeen {
/// seen at
seen_at: u64,
/// evicted at
evicted_at: Option<u64>,
}There was a problem hiding this comment.
I quite like this idea since there has been talks about adding more timestamps.
I.e. first-seen timestamp, which will help with tx ordering when listing transactions.
struct MempoolTimestamps {
pub first_seen: u64,
pub last_seen: u64,
pub last_evicted: Option<u64>,
}I also like the term evicted as it's more descriptive than missing.
There was a problem hiding this comment.
I agree, and +1 on this idea, it makes it clear, and easy to "derive" its lifecycle and it's and can be useful info to expose to the users.
| .flat_map(|(txid, anchors)| anchors.into_iter().map(move |a| (a, txid))) | ||
| .collect(); | ||
| tx_update.seen_ats = graph.last_seen.into_iter().collect(); | ||
| tx_update |
There was a problem hiding this comment.
It seems like TxUpdate would need another field evicted_at in order to maintain roundtrip convertibility between TxUpdate and TxGraph.
There was a problem hiding this comment.
Do you think the convertibility between TxGraph and TxUpdate is important? I'm thinking maybe we should just get rid of it. One can just construct an empty TxGraph and apply an TxUpdate.
There was a problem hiding this comment.
It's probably ok to forego complete fungibility between graphs and updates, but at the same time I wonder how useful are the seen-ats without the corresponding evictions?
crates/chain/src/tx_graph.rs
Outdated
| @@ -145,6 +145,7 @@ pub struct TxGraph<A = ConfirmationBlockTime> { | |||
| spends: BTreeMap<OutPoint, HashSet<Txid>>, | |||
| anchors: HashMap<Txid, BTreeSet<A>>, | |||
| last_seen: HashMap<Txid, u64>, | |||
| last_missing: HashMap<Txid, u64>, | |||
There was a problem hiding this comment.
I quite like this idea since there has been talks about adding more timestamps.
I.e. first-seen timestamp, which will help with tx ordering when listing transactions.
struct MempoolTimestamps {
pub first_seen: u64,
pub last_seen: u64,
pub last_evicted: Option<u64>,
}I also like the term evicted as it's more descriptive than missing.
| .flat_map(|(txid, anchors)| anchors.into_iter().map(move |a| (a, txid))) | ||
| .collect(); | ||
| tx_update.seen_ats = graph.last_seen.into_iter().collect(); | ||
| tx_update |
There was a problem hiding this comment.
Do you think the convertibility between TxGraph and TxUpdate is important? I'm thinking maybe we should just get rid of it. One can just construct an empty TxGraph and apply an TxUpdate.
| fn check_for_missing_txs<A, C>( | ||
| self, | ||
| indexer: &KeychainTxOutIndex<K>, | ||
| canonical_iter: CanonicalIter<A, C>, |
There was a problem hiding this comment.
Thanks @LLFourn, the infallible part was pure laziness.
I wanted to have the extension traits since bdk_core::spk_client types have a builder API. However, @ValuedMammal's has already provided a superior solution - I'm happy to go with that!
The evicted-at and last-evicted timestamp informs the `TxGraph` when the transaction was last deemed as missing from the mempool. The canonicalization algorithm is changed to disregard transactions with a last-missing timestamp greater or equal to it's last-seen timestamp. The exception is when we have a canonical descendant due to rules of transitivity.
This is for conveniently adding associations of txid <-> spk. We expect that these txids exist in the spk history. Otherwise, it means the tx is evicted from the mempool and we need to update the `missing_at` value in the sync response.
This is a convenience method for adding unconfirmed txs alongside their associated spks the the sync request. This way, we will be able to detect evictions of these transactions from the mempool.
Rename `SyncRequestBuilderExt::check_unconfirmed_statuses` to `SyncRequestBuilderExt::check_for_missing_txs` and update docs.
LagginTimes
force-pushed
the
missing_marker
branch
from
bbd6340 to
8c0d5c3
Compare
| /// Transactions without last-seens are excluded. | ||
| pub fn txids_by_descending_last_seen(&self) -> impl ExactSizeIterator<Item = (u64, Txid)> + '_ { | ||
| self.txs_by_last_seen.iter().copied().rev() | ||
| /// Transactions without last-seens are excluded. Transactions with a last-missing timestamp |
There was a problem hiding this comment.
| /// Transactions without last-seens are excluded. Transactions with a last-missing timestamp | |
| /// Transactions without last-seens are excluded. Transactions with a last-evicted timestamp |
| @@ -1139,6 +1182,8 @@ pub struct ChangeSet<A = ()> { | |||
| pub anchors: BTreeSet<(A, Txid)>, | |||
| /// Added last-seen unix timestamps of transactions. | |||
| pub last_seen: BTreeMap<Txid, u64>, | |||
| /// Added timestamps of when a transaction is last missing from the mempool. | |||
There was a problem hiding this comment.
| /// Added timestamps of when a transaction is last missing from the mempool. | |
| /// Added timestamps of when a transaction is last evicted from the mempool. |
crates/chain/src/tx_graph.rs
Outdated
| @@ -145,6 +145,7 @@ pub struct TxGraph<A = ConfirmationBlockTime> { | |||
| spends: BTreeMap<OutPoint, HashSet<Txid>>, | |||
| anchors: HashMap<Txid, BTreeSet<A>>, | |||
| last_seen: HashMap<Txid, u64>, | |||
| last_missing: HashMap<Txid, u64>, | |||
There was a problem hiding this comment.
I agree, and +1 on this idea, it makes it clear, and easy to "derive" its lifecycle and it's and can be useful info to expose to the users.
| @@ -765,6 +791,14 @@ impl<A: Anchor> TxGraph<A> { | |||
| changeset.merge(self.insert_seen_at(txid, seen_at)); | |||
| } | |||
| } | |||
| for txid in update.missing { | |||
There was a problem hiding this comment.
I think it'd help to update apply_update_at documentation in order to mention the evicted_at too, in lines.
Fixes #1740.
Description
This PR replaces #1765. For context and the original discussion that led to this change, please refer to this comment.
This PR addresses a potential malicious double-spending issue by introducing improvements to unconfirmed transaction tracking. Key changes include the addition of
TxUpdate::missingthat tracks transactions that have been replaced and are no longer in the mempool, and the inclusion oflast_missingandmissing_attimestamps inTxGraphto track when a transaction was last deemed missing.SpkWithExpectedTxidsis introduced inSpkClientto track expectedTxids for eachspk. During a sync, if anyTxids fromSpkWithExpectedTxidsare not in the current history of anspkobtained from the chain source, thoseTxids are considered missing. Support forSpkWithExpectedTxidshas been added to bothbdk_electrumandbdk_esplorachain source crates.The canonicalization algorithm is updated to disregard transactions with a
last_missingtimestamp greater than or equal to theirlast_seentimestamp, except in cases where transitivity rules apply.Changelog notice
TxUpdate::missingtracks transactions that have been replaced and are no longer present in mempool.last_missingandmissing_attimestamps inTxGraphtrack when a transaction was last marked as missing from the mempool.last_missingtimestamp greater than or equal to it'slast_seentimestamp, except when a canonical descendant exists due to rules of transitivity.SpkWithExpectedTxidsinSpkClientkeeps track of expectedTxids for eachspk.SpkWithExpectedTxidssupport added forbdk_electrumandbdk_esplora.SyncRequestBuilder::expected_txids_of_spkadds an association betweenTxidandspk.SyncRequestExt::check_unconfirmed_statusesadds unconfirmed transactions alongside theirspks during sync.Checklists
All Submissions:
cargo fmtandcargo clippybefore committingNew Features:
Bugfixes: