doc: add comment explaining recentRejects-DoS behavior

When we receive invalid txs for the first time, we mark the sender as misbehaving. If we receive the same tx before a new block is seen, we *don't* punish the second sender (in the same way we do the original sender). It wasn't initially clear to me that this is intentional, so add a clarifying comment.
ElementsProject · Oct 16, 2018 · b191c7d · b191c7d
1 parent 4de0b5f
commit b191c7d
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/src/net_processing.cpp b/src/net_processing.cpp
@@ -2357,6 +2357,23 @@ bool static ProcessMessage(CNode* pfrom, const std::string& strCommand, CDataStr
         for (const CTransactionRef& removedTx : lRemovedTxn)
             AddToCompactExtraTransactions(removedTx);
 
+        // If a tx has been detected by recentRejects, we will have reached
+        // this point and the tx will have been ignored. Because we haven't run
+        // the tx through AcceptToMemoryPool, we won't have computed a DoS
+        // score for it or determined exactly why we consider it invalid.
+        //
+        // This means we won't penalize any peer subsequently relaying a DoSy
+        // tx (even if we penalized the first peer who gave it to us) because
+        // we have to account for recentRejects showing false positives. In
+        // other words, we shouldn't penalize a peer if we aren't *sure* they
+        // submitted a DoSy tx.
+        //
+        // Note that recentRejects doesn't just record DoSy or invalid
+        // transactions, but any tx not accepted by the mempool, which may be
+        // due to node policy (vs. consensus). So we can't blanket penalize a
+        // peer simply for relaying a tx that our recentRejects has caught,
+        // regardless of false positives.
+
         int nDoS = 0;
         if (state.IsInvalid(nDoS))
         {