PoW Spam protection (TX V2) #440
Conversation
First draft of PoW spam protection - neo-project#414 (comment) - neo-project#408
|
I doubt if PoW is really useful. Because controlling thousands of devices for PoW attacks is an easy task. |
|
I agree with you, but reduce the attack surface is good for all |
|
In my opinion, although this reduces a little attack surface, it will have a relatively large impact on the average user. |
|
@shargon, sorry to say that, but I am strongly against PoW strategies here in the Neo Ecosystem. I still believe in several other ideas that takes use of current potential of our Computational Intelligence tools. 10 years ago (yesterday), they did not have the tools we have nowadays. We have tons of strategies for filtering spam in a transparent manner. |
|
I still think it's better to use this for sorting/prioritizing than to use this as a threshold. When we apply this strategy to prioritize transactions, then we don't need to waste CPU cycles when the network is running idle. When the network is congested, the user can choose to wait or to increase the difficulty. |
|
I want to implement all kind of solution for filter and drop spam. I do not care if it is this, or another solution, I just want to solve the problem. |
|
I understand you, @shargon, but, personally, I believe that this will not solve the problem and also has the potential to weaken the Ecosystem. Something more plausible to me would goes in this direction:
Each of them would have predefined boundaries of amount of transactions to be inserted in the block. There is also a problem nowadays, the 20 free txs are not respected if there are more than 500 fee based tx (https://github.com/neo-project/neo-plugins/blob/ada292dec3c93cd478a101937f99af84a36654b8/SimplePolicy/SimplePolicyPlugin.cs#L35). My suggestion is a limit of transactions (such as 500) but also limits for each class of transactions, for example (among these 500): 20 (free), 380 (fee), 50 (staked), 50 (Pow). We would need a system that respect the limits of each class of Transactions. With a proposal like this we could let space for different solutions and proposals to keep being implemented for each class of transactions. |
|
@vncoelho we need to stop negating basic economic principles. Things that consume resources should cost something to the beneficiary. PoW is a indirect fee that anyone can pay without going through the problem of acquiring some token, it lowers a lot the barrier of entry and can be easily embedded in a webapp to interact with NEO blockchain if needed, so if we keep our current sorting like @ThomasLobker suggest @shargon is there a easy way a wallet can see what is the current difficulty to send a transaction ? Because we can add to wallets so that they can display a message of the likes "there is currently congestion on the network, click continue to attach a proof-of-work to speedup the processing of this transaction". Sorry for non-technical comment regarding the PR on this thread |
|
@canesin, I agree with you and I like this sentence ("we need to stop negating basic economic principles"), but, for example, on the same line of reasoning, staking means a cost to the beneficiary. While I see this easy minor Proof-Of-Work applicable for normal users, we should consider that Exchanges are big participants of the Ecosystem in normal days operation. We should move in a way that previous concepts and future concepts can work in parallel. |
|
@canesin I agree, free tx must be paid somehow: rich pay with stake and poor pay with work (crazy blockchain world will look like crazy real world...). @vncoelho also agree with you, we should save space for 480 paid tx and 20 free, ordered by stake or work (priority for stake, in my opinion, to not interfere with exchanges). @shargon congratulations for the initiative, but your PR is too complex, lets simplify it a lot to get it done quickly. With few lines we can get PoW and PoS working simultaneously and smoothly. May I change yours or create a new one? |
|
I also suggest a title like: "Create new MemPool for PoW and PoS transactions". @igormcoelho, I see, brother, in this sense, you prefer keeping the same strategy of today and just order by stake and work instead of isolated mempool(dictionary) and "competitions" for each class? The problem is to decide who gonna be the first in this order, PoS or PoW or Higher Fees? It is a multi-criteria decision making problem. |
|
Forgive my ignorance but would the hybrid PoS/PoW model proposed have prevented the NNS airdrop congestion incident that occurred yesterday? Have a feeling their holdings may have bypassed that measure. Still think there is a lot of work for what could be fairly easily addressed by a mandatory 0.001 GAS fee on everything. Just my personal opinion. Easier said than done. |
|
@bpetridis I think PoS is necessary to save money from dex, the rest can easily pay any fixed value. Stil, PoW is important to regular users, imagine you have some assets, no Neo, and no Gas. How do you tranfer? you cannot claim, so you need to buy gas somewhere, just to move your funds... PoW is very useful on these scenarios. |
|
@igormcoelho thanks for the clarification, yes this makes sense. But how would we selectively paramaterise the code to differentiate between a DEX being the originator as opposed to a very large wallet such as NNS the other day? Guess that edge case may not be handled by this individual mod which I really agree with BTW, enforcing some level of work to private wallets to prevent malicious or accidental spamming makes complete sense to me as one of the collection of measures that have and are going in like #414 and some of the discussion items in #428 . God speed 😁😁 |
| @@ -15,6 +15,7 @@ internal class Settings | |||
| public IReadOnlyDictionary<TransactionType, Fixed8> SystemFee { get; private set; } | |||
| public Fixed8 LowPriorityThreshold { get; private set; } | |||
| public uint SecondsPerBlock { get; private set; } | |||
| public uint TransactionDifficult { get; private set; } | |||
There was a problem hiding this comment.
I think that we don't need to establish a difficulty, we just compare user transactions... the ones starting with more zeroes get priority.
| { | ||
| // Check PoW spam protection for drop TX | ||
|
|
||
| if (tx.Difficult > Settings.Default.TransactionDifficult) |
There was a problem hiding this comment.
I think that we don't need to establish a difficulty, we just compare user transactions... the ones starting with more zeroes get priority.
| if (Version >= 2) | ||
| { | ||
| writer.Write(CreationHeight); | ||
| writer.Write(Nonce); |
There was a problem hiding this comment.
User can select any CreationHeight? Even if it's very old? It could pre-compute all tx before, to prepare mass attacks. I don't think Nonce is necessary, if Remark fields are already being used to provide transaction randomization.
| do | ||
| { | ||
| _hash = null; | ||
| Nonce = (uint)rand.Next(); |
There was a problem hiding this comment.
Could we do this with a Remark field?
| @@ -97,6 +100,8 @@ public virtual Fixed8 NetworkFee | |||
|
|
|||
| public virtual Fixed8 SystemFee => Settings.Default.SystemFee.TryGetValue(Type, out Fixed8 fee) ? fee : Fixed8.Zero; | |||
|
|
|||
| public uint Difficult => (uint)BitConverter.ToInt32(Hash.ToArray().Take(4).Reverse().ToArray(), 0); | |||
There was a problem hiding this comment.
This is nice Shargon! But it's assuming a standard difficulty of 4 zeroes... perhaps we just leave users compete for difficulty? More zeroes, more chance to get free tx.
| @@ -8,8 +8,6 @@ namespace Neo.Network.P2P.Payloads | |||
| { | |||
| public class MinerTransaction : Transaction | |||
| { | |||
| public uint Nonce; | |||
There was a problem hiding this comment.
Isn't this useful here to provide randomization of Miners tx?
There was a problem hiding this comment.
now is on all TX, so is reused
| @@ -34,7 +34,8 @@ public ConsensusService(NeoSystem system, Wallet wallet) | |||
|
|
|||
| private bool AddTransaction(Transaction tx, bool verify) | |||
| { | |||
| if (context.Snapshot.ContainsTransaction(tx.Hash) || | |||
| if (tx.Version < 2 || // Don't accept TX without PoW spam protection | |||
There was a problem hiding this comment.
I think we can build this without needing a new tx version... perhaps just using Remark fields as Nonce, and leaving difficulty be the number of zeroes in tx hash itself.
|
As explained by @igormcoelho, Prof-of-Work is currently working here, @shargon: neo/neo.UnitTests/UT_MemoryPool.cs Line 299 in 54ff67d We can slightly improve that test to be a little bit more sure about that. |
First draft of PoW spam protection