instantsend: Implement Spork 2 Mempool Signing signalling #4024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: pasta <pasta@dashboost.org>
This spork tells masternodes to refuse to lock transactions in mempool. Only transactions included in a block should be retroactively signed. Signed-off-by: pasta <pasta@dashboost.org> add spork defenition Signed-off-by: pasta <pasta@dashboost.org>
…lmq/*` Signed-off-by: pasta <pasta@dashboost.org>
Signed-off-by: pasta <pasta@dashboost.org>
… usage Signed-off-by: pasta <pasta@dashboost.org>
Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com>
Signed-off-by: pasta <pasta@dashboost.org>
…a/dash into instantsend-signing-spork
PastaPastaPasta
changed the title
|
See latest |
Signed-off-by: pasta <pasta@dashboost.org>
xdustinface
suggested changes
Mar 5, 2021
| @@ -422,7 +439,7 @@ bool CInstantSendManager::ProcessTx(const CTransaction& tx, bool allowReSigning, | |||
| if (quorumSigningManager->GetVoteForId(llmqType, id, otherTxHash)) { | |||
| if (otherTxHash != tx.GetHash()) { | |||
| LogPrintf("CInstantSendManager::%s -- txid=%s: input %s is conflicting with previous vote for tx %s\n", __func__, | |||
| tx.GetHash().ToString(), in.prevout.ToStringShort(), otherTxHash.ToString()); | |||
| tx.GetHash().ToString(), in.prevout.ToStringShort(), otherTxHash.ToString()); | |||
There was a problem hiding this comment.
are this one and the other two whitespace changes below intentionally?
xdustinface
suggested changes
Mar 5, 2021
Co-authored-by: dustinface <35775977+xdustinface@users.noreply.github.com>
Co-authored-by: dustinface <35775977+xdustinface@users.noreply.github.com>
UdjinM6
approved these changes
Mar 7, 2021
xdustinface
approved these changes
Mar 7, 2021
UdjinM6
changed the title
gades
pushed a commit
to cosanta/cosanta-core
that referenced
this pull request
Mar 13, 2022
* instantsend: refactor input locking into it's own method Signed-off-by: pasta <pasta@dashboost.org> * instantsend: introduce spork 24 `SPORK_24_INSTANTSEND_SIGNING_ENABLED` This spork tells masternodes to refuse to lock transactions in mempool. Only transactions included in a block should be retroactively signed. Signed-off-by: pasta <pasta@dashboost.org> add spork defenition Signed-off-by: pasta <pasta@dashboost.org> * instantsend: refactor `sed -i 's/allowReSigning/fRetroactive/g' src/llmq/*` Signed-off-by: pasta <pasta@dashboost.org> * instantsend: adjust comments Signed-off-by: pasta <pasta@dashboost.org> * instantsend/tests: implement Spork 24 support in tests, and test it's usage Signed-off-by: pasta <pasta@dashboost.org> * fix feature_llmq_is_retroactive.py Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com> * drop Spork 24 and use Spork 2 value 1 as being no mempool signing Signed-off-by: pasta <pasta@dashboost.org> * fix spork check Signed-off-by: pasta <pasta@dashboost.org> * Fix tests Co-authored-by: dustinface <35775977+xdustinface@users.noreply.github.com> * Change comment Co-authored-by: dustinface <35775977+xdustinface@users.noreply.github.com> * IsInstantSendSigningEnabled -> IsInstantSendMempoolSigningEnabled Co-authored-by: dustinface <35775977+xdustinface@users.noreply.github.com> Co-authored-by: UdjinM6 <UdjinM6@users.noreply.github.com> Co-authored-by: dustinface <35775977+xdustinface@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements a new Spork,
SPORK_24_INSTANTSEND_SIGNING_ENABLEDPreviously, the Dash network has seen InstantSend fail under extremely high load. These IS failures have resulted in diminished or non-operational chainlocks. We have worked to heavily optimize IS creation and propagation with the implementation of Concentrated Recovery as well as just pure optimization, however even with that, so much CPU can only do so much. It is likely that in order to massively scale InstantSend masternodes will need to upgrade their hardware. However, with current average usage, it makes almost no sense for masternodes to upgrade, as current hardware easily handles average load.
To mitigate these InstantSend failures further, there are a number of improvements we should investigate.
There are also some future optimizations to look into (I haven't thought TOO much about these options so 🤷 )
4. Implementation of Input Lock batch creation & / or InstantSend Lock batch creation
5. Implementation of Input Lock batch propagation
I propose that even in the case that IS becomes overloaded, potentially in a sustained attack lasting a week or more, ChainLocks should remain operational. In order to achieve this, I propose that InstantSend be disabled in the case of InstantSend failures resulting in diminished or non-operational ChainLocks.
We could achieve this currently by simply disabling Spork 2, however I think that this has a couple of problems. After we disable spork 2, transactions that had previously been locked will no longer retain the protections of instantsend. Additionally, normal miners will no longer only include "safe" transactions. By introducing this Spork24, we can first disable spork24, at this point MNs will stop creating new input locks or instantsend locks for transactions only in mempool (however we keep creating islocks for transactions included in a block such that that block can be CLed ASAP). Once no transactions on the network are ISlocked, then Spork 2 can safely be disabled. At this point, miners can include any valid transactions (not just "safe" txes), and those blocks will be CLed.
LMK if you think of a better way to achieve this, it may be possible to just modify the behavior of Spork2, but I think this approach may be safer.
EDIT: Changed to using spork2 value 1 instead of spork 24 as indicating no mempool signing