NavCoin Core 4.7.3 - Header Spam Protection Improvements
This release only features one merged pull request, but it is an important security patch. It is recommended for all stakers and economic nodes to update immediately to ensure network stability. Everyone else running NavCoin Core is recommended to upgrade as soon as possible, even if you’re not staking.
Anti Header Spam v2
Introduces a new anti header spam system which improves the previous implementation and addresses the art-of-bug reports.
- Every time a header or block is received from another peer, its hash is added to a
pointslist associated with the peer.
- Peers are discerned by their ip address, this means peers sharing ip address will also share the same
pointslist. This can be changed with
- Before proceeding with the block or headers validation, the
pointslist will be cleared removing all the hashes of blocks whose scripts have already been correctly validated.
- The peer is banned if the size of the
pointslist is greater than
MAX_HEADERS_RESULTS*2once cleared of already validated blocks.
- The maximum allowed size of the
pointslist can be changed using the
- The log category
headerspamhas been added, which prints to the log the current size of a peers
-debug=benchis specified, execution time for the
updateStatefunction is logged.
The maximum size of the
pointslist by default is 4,000. With a block time of 30 seconds, NavCoin sees an average of 2,880 blocks per day. A maximum value of 4000 is roughly one and a half times more than the count of blocks a peer needs to be behind the chain tip to be in Initial Block Download mode. When on IBD, the header spam filter is turned off. This ensures that normal synchronisation is not affected by this filter.
An attacker would be able to exhaust 32 bytes from the hash inserted in the
pointslist + 181 bytes from the
mapBlockIndexfor every invalid header/block before being banned. The
pointslist is cleared when the attacker is banned, but those headers are not removed from
mapBlockIndexor the hard disk in the current implementation. The size of CBlockIndex has been measured with:
CBlockIndex* pindex = new CBlockIndex(); CDataStream ssPeers(SER_DISK, CLIENT_VERSION); ss << CDiskBlockIndex(pindex); std::vector<unsigned char>vch(ss.begin(), ss.end()); std::cout << to_string(vch.size()) << std::endl;
- The default maximum value means that a single malicious peer with a unique IP can exhaust at max
3,999*213=831 kilobyteswithout being banned or
4,000*181=707 kilobytesbeing banned.
For the full release notes please visit the Header Spam Protection Improvements release tag on GitHub.
To download the NavCoin Core 4.7.3 please visit the Wallet Downloads page.