downloader_test.go 21.4 KB
Newer Older
1 2 3 4 5 6 7 8 9
package downloader

import (
	"encoding/binary"
	"math/big"
	"testing"
	"time"

	"github.com/ethereum/go-ethereum/common"
10
	"github.com/ethereum/go-ethereum/core"
11
	"github.com/ethereum/go-ethereum/core/types"
O
obscuren 已提交
12
	"github.com/ethereum/go-ethereum/event"
13 14
)

15 16 17
var (
	knownHash   = common.Hash{1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
	unknownHash = common.Hash{9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9}
18
	bannedHash  = common.Hash{5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5}
19 20

	genesis = createBlock(1, common.Hash{}, knownHash)
21
)
22

23
func createHashes(start, amount int) (hashes []common.Hash) {
24 25 26 27
	hashes = make([]common.Hash, amount+1)
	hashes[len(hashes)-1] = knownHash

	for i := range hashes[:len(hashes)-1] {
28
		binary.BigEndian.PutUint64(hashes[i][:8], uint64(start+i+2))
29 30 31 32
	}
	return
}

33
func createBlock(i int, parent, hash common.Hash) *types.Block {
34 35 36
	header := &types.Header{Number: big.NewInt(int64(i))}
	block := types.NewBlockWithHeader(header)
	block.HeaderHash = hash
37
	block.ParentHeaderHash = parent
38 39 40
	return block
}

41 42
func createBlocksFromHashes(hashes []common.Hash) map[common.Hash]*types.Block {
	blocks := make(map[common.Hash]*types.Block)
43 44 45 46 47 48
	for i := 0; i < len(hashes); i++ {
		parent := knownHash
		if i < len(hashes)-1 {
			parent = hashes[i+1]
		}
		blocks[hashes[i]] = createBlock(len(hashes)-i, parent, hashes[i])
49 50 51 52 53
	}
	return blocks
}

type downloadTester struct {
54 55
	downloader *Downloader

56 57 58 59
	ownHashes  []common.Hash                           // Hash chain belonging to the tester
	ownBlocks  map[common.Hash]*types.Block            // Blocks belonging to the tester
	peerHashes map[string][]common.Hash                // Hash chain belonging to different test peers
	peerBlocks map[string]map[common.Hash]*types.Block // Blocks belonging to different test peers
60

61
	maxHashFetch int // Overrides the maximum number of retrieved hashes
62 63
}

64
func newTester() *downloadTester {
65
	tester := &downloadTester{
66 67 68 69
		ownHashes:  []common.Hash{knownHash},
		ownBlocks:  map[common.Hash]*types.Block{knownHash: genesis},
		peerHashes: make(map[string][]common.Hash),
		peerBlocks: make(map[string]map[common.Hash]*types.Block),
70
	}
O
obscuren 已提交
71
	var mux event.TypeMux
72
	downloader := New(&mux, tester.hasBlock, tester.getBlock, nil)
73 74 75 76 77
	tester.downloader = downloader

	return tester
}

78 79 80
// syncTake is starts synchronising with a remote peer, but concurrently it also
// starts fetching blocks that the downloader retrieved. IT blocks until both go
// routines terminate.
81
func (dl *downloadTester) syncTake(peerId string, head common.Hash) ([]*Block, error) {
82 83
	// Start a block collector to take blocks as they become available
	done := make(chan struct{})
84
	took := []*Block{}
85 86 87 88 89 90 91 92 93
	go func() {
		for running := true; running; {
			select {
			case <-done:
				running = false
			default:
				time.Sleep(time.Millisecond)
			}
			// Take a batch of blocks and accumulate
94 95 96 97 98 99
			blocks := dl.downloader.TakeBlocks()
			for _, block := range blocks {
				dl.ownHashes = append(dl.ownHashes, block.RawBlock.Hash())
				dl.ownBlocks[block.RawBlock.Hash()] = block.RawBlock
			}
			took = append(took, blocks...)
100 101 102 103
		}
		done <- struct{}{}
	}()
	// Start the downloading, sync the taker and return
104
	err := dl.downloader.synchronise(peerId, head)
105 106 107 108 109

	done <- struct{}{}
	<-done

	return took, err
O
obscuren 已提交
110 111
}

112
// hasBlock checks if a block is present in the testers canonical chain.
113
func (dl *downloadTester) hasBlock(hash common.Hash) bool {
114
	return dl.getBlock(hash) != nil
115 116
}

117
// getBlock retrieves a block from the testers canonical chain.
118
func (dl *downloadTester) getBlock(hash common.Hash) *types.Block {
119 120 121 122 123 124 125 126 127 128 129 130
	return dl.ownBlocks[hash]
}

// newPeer registers a new block download source into the downloader.
func (dl *downloadTester) newPeer(id string, hashes []common.Hash, blocks map[common.Hash]*types.Block) error {
	err := dl.downloader.RegisterPeer(id, hashes[0], dl.peerGetHashesFn(id), dl.peerGetBlocksFn(id))
	if err == nil {
		// Assign the owned hashes and blocks to the peer
		dl.peerHashes[id] = hashes
		dl.peerBlocks[id] = blocks
	}
	return err
131 132
}

133 134 135 136 137 138 139 140 141 142 143 144 145 146
// peerGetBlocksFn constructs a getHashes function associated with a particular
// peer in the download tester. The returned function can be used to retrieve
// batches of hashes from the particularly requested peer.
func (dl *downloadTester) peerGetHashesFn(id string) func(head common.Hash) error {
	return func(head common.Hash) error {
		limit := MaxHashFetch
		if dl.maxHashFetch > 0 {
			limit = dl.maxHashFetch
		}
		// Gather the next batch of hashes
		hashes := dl.peerHashes[id]
		result := make([]common.Hash, 0, limit)
		for i, hash := range hashes {
			if hash == head {
147
				i++
148 149 150 151 152
				for len(result) < cap(result) && i < len(hashes) {
					result = append(result, hashes[i])
					i++
				}
				break
153 154
			}
		}
155 156 157 158 159 160
		// Delay delivery a bit to allow attacks to unfold
		go func() {
			time.Sleep(time.Millisecond)
			dl.downloader.DeliverHashes(id, result)
		}()
		return nil
161
	}
162 163
}

164 165 166 167
// peerGetBlocksFn constructs a getBlocks function associated with a particular
// peer in the download tester. The returned function can be used to retrieve
// batches of blocks from the particularly requested peer.
func (dl *downloadTester) peerGetBlocksFn(id string) func([]common.Hash) error {
168
	return func(hashes []common.Hash) error {
169 170
		blocks := dl.peerBlocks[id]
		result := make([]*types.Block, 0, len(hashes))
171
		for _, hash := range hashes {
172 173
			if block, ok := blocks[hash]; ok {
				result = append(result, block)
174
			}
175
		}
176
		go dl.downloader.DeliverBlocks(id, result)
177 178 179 180 181

		return nil
	}
}

182 183 184 185
// Tests that simple synchronization, without throttling from a good peer works.
func TestSynchronisation(t *testing.T) {
	// Create a small enough block chain to download and the tester
	targetBlocks := blockCacheLimit - 15
186
	hashes := createHashes(0, targetBlocks)
187 188
	blocks := createBlocksFromHashes(hashes)

189 190
	tester := newTester()
	tester.newPeer("peer", hashes, blocks)
191

192
	// Synchronise with the peer and make sure all blocks were retrieved
193
	if err := tester.downloader.synchronise("peer", hashes[0]); err != nil {
194
		t.Fatalf("failed to synchronise blocks: %v", err)
195
	}
196
	if queued := len(tester.downloader.queue.blockPool); queued != targetBlocks {
197
		t.Fatalf("synchronised block mismatch: have %v, want %v", queued, targetBlocks)
198 199 200
	}
}

201 202 203 204
// Tests that the synchronized blocks can be correctly retrieved.
func TestBlockTaking(t *testing.T) {
	// Create a small enough block chain to download and the tester
	targetBlocks := blockCacheLimit - 15
205 206 207
	hashes := createHashes(0, targetBlocks)
	blocks := createBlocksFromHashes(hashes)

208 209
	tester := newTester()
	tester.newPeer("peer", hashes, blocks)
210

211
	// Synchronise with the peer and test block retrieval
212
	if err := tester.downloader.synchronise("peer", hashes[0]); err != nil {
213
		t.Fatalf("failed to synchronise blocks: %v", err)
214
	}
215 216
	if took := tester.downloader.TakeBlocks(); len(took) != targetBlocks {
		t.Fatalf("took block mismatch: have %v, want %v", len(took), targetBlocks)
217
	}
218
}
219

220
// Tests that an inactive downloader will not accept incoming hashes and blocks.
221
func TestInactiveDownloader(t *testing.T) {
222
	tester := newTester()
223

224
	// Check that neither hashes nor blocks are accepted
225
	if err := tester.downloader.DeliverHashes("bad peer", []common.Hash{}); err != errNoSyncActive {
226 227
		t.Errorf("error mismatch: have %v, want %v", err, errNoSyncActive)
	}
228
	if err := tester.downloader.DeliverBlocks("bad peer", []*types.Block{}); err != errNoSyncActive {
229
		t.Errorf("error mismatch: have %v, want %v", err, errNoSyncActive)
230 231 232
	}
}

233
// Tests that a canceled download wipes all previously accumulated state.
234
func TestCancel(t *testing.T) {
235 236
	// Create a small enough block chain to download and the tester
	targetBlocks := blockCacheLimit - 15
237 238 239
	hashes := createHashes(0, targetBlocks)
	blocks := createBlocksFromHashes(hashes)

240 241
	tester := newTester()
	tester.newPeer("peer", hashes, blocks)
242

243
	// Synchronise with the peer, but cancel afterwards
244
	if err := tester.downloader.synchronise("peer", hashes[0]); err != nil {
245
		t.Fatalf("failed to synchronise blocks: %v", err)
246 247
	}
	if !tester.downloader.Cancel() {
248
		t.Fatalf("cancel operation failed")
249
	}
250 251 252 253 254 255 256
	// Make sure the queue reports empty and no blocks can be taken
	hashCount, blockCount := tester.downloader.queue.Size()
	if hashCount > 0 || blockCount > 0 {
		t.Errorf("block or hash count mismatch: %d hashes, %d blocks, want 0", hashCount, blockCount)
	}
	if took := tester.downloader.TakeBlocks(); len(took) != 0 {
		t.Errorf("taken blocks mismatch: have %d, want %d", len(took), 0)
257 258 259
	}
}

260 261
// Tests that if a large batch of blocks are being downloaded, it is throttled
// until the cached blocks are retrieved.
262
func TestThrottling(t *testing.T) {
263 264
	// Create a long block chain to download and the tester
	targetBlocks := 8 * blockCacheLimit
265 266 267
	hashes := createHashes(0, targetBlocks)
	blocks := createBlocksFromHashes(hashes)

268 269
	tester := newTester()
	tester.newPeer("peer", hashes, blocks)
270

271 272 273
	// Start a synchronisation concurrently
	errc := make(chan error)
	go func() {
274
		errc <- tester.downloader.synchronise("peer", hashes[0])
275 276 277
	}()
	// Iteratively take some blocks, always checking the retrieval count
	for total := 0; total < targetBlocks; {
278 279 280 281 282 283 284
		// Wait a bit for sync to complete
		for start := time.Now(); time.Since(start) < 3*time.Second; {
			time.Sleep(25 * time.Millisecond)
			if len(tester.downloader.queue.blockPool) == blockCacheLimit {
				break
			}
		}
285 286 287 288 289 290 291 292 293
		// Fetch the next batch of blocks
		took := tester.downloader.TakeBlocks()
		if len(took) != blockCacheLimit {
			t.Fatalf("block count mismatch: have %v, want %v", len(took), blockCacheLimit)
		}
		total += len(took)
		if total > targetBlocks {
			t.Fatalf("target block count mismatch: have %v, want %v", total, targetBlocks)
		}
294
	}
295 296
	if err := <-errc; err != nil {
		t.Fatalf("block synchronization failed: %v", err)
297 298
	}
}
299 300 301 302 303 304 305 306 307 308 309 310

// Tests that if a peer returns an invalid chain with a block pointing to a non-
// existing parent, it is correctly detected and handled.
func TestNonExistingParentAttack(t *testing.T) {
	// Forge a single-link chain with a forged header
	hashes := createHashes(0, 1)
	blocks := createBlocksFromHashes(hashes)

	forged := blocks[hashes[0]]
	forged.ParentHeaderHash = unknownHash

	// Try and sync with the malicious node and check that it fails
311 312 313
	tester := newTester()
	tester.newPeer("attack", hashes, blocks)
	if err := tester.downloader.synchronise("attack", hashes[0]); err != nil {
314 315
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
316 317 318
	bs := tester.downloader.TakeBlocks()
	if len(bs) != 1 {
		t.Fatalf("retrieved block mismatch: have %v, want %v", len(bs), 1)
319
	}
320
	if tester.hasBlock(bs[0].RawBlock.ParentHash()) {
321
		t.Fatalf("tester knows about the unknown hash")
322 323 324 325 326
	}
	tester.downloader.Cancel()

	// Reconstruct a valid chain, and try to synchronize with it
	forged.ParentHeaderHash = knownHash
327 328
	tester.newPeer("valid", hashes, blocks)
	if err := tester.downloader.synchronise("valid", hashes[0]); err != nil {
329 330
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
331
	bs = tester.downloader.TakeBlocks()
332
	if len(bs) != 1 {
333
		t.Fatalf("retrieved block mismatch: have %v, want %v", len(bs), 1)
334
	}
335
	if !tester.hasBlock(bs[0].RawBlock.ParentHash()) {
336 337
		t.Fatalf("tester doesn't know about the origin hash")
	}
338
}
339 340 341 342 343

// Tests that if a malicious peers keeps sending us repeating hashes, we don't
// loop indefinitely.
func TestRepeatingHashAttack(t *testing.T) {
	// Create a valid chain, but drop the last link
344
	hashes := createHashes(0, blockCacheLimit)
345
	blocks := createBlocksFromHashes(hashes)
346
	forged := hashes[:len(hashes)-1]
347 348

	// Try and sync with the malicious node
349 350
	tester := newTester()
	tester.newPeer("attack", forged, blocks)
351 352 353

	errc := make(chan error)
	go func() {
354
		errc <- tester.downloader.synchronise("attack", hashes[0])
355 356 357 358
	}()

	// Make sure that syncing returns and does so with a failure
	select {
359
	case <-time.After(time.Second):
360 361 362 363 364 365
		t.Fatalf("synchronisation blocked")
	case err := <-errc:
		if err == nil {
			t.Fatalf("synchronisation succeeded")
		}
	}
366
	// Ensure that a valid chain can still pass sync
367 368
	tester.newPeer("valid", hashes, blocks)
	if err := tester.downloader.synchronise("valid", hashes[0]); err != nil {
369 370
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
371
}
372 373 374 375 376

// Tests that if a malicious peers returns a non-existent block hash, it should
// eventually time out and the sync reattempted.
func TestNonExistingBlockAttack(t *testing.T) {
	// Create a valid chain, but forge the last link
377
	hashes := createHashes(0, blockCacheLimit)
378
	blocks := createBlocksFromHashes(hashes)
379
	origin := hashes[len(hashes)/2]
380 381 382 383

	hashes[len(hashes)/2] = unknownHash

	// Try and sync with the malicious node and check that it fails
384 385 386
	tester := newTester()
	tester.newPeer("attack", hashes, blocks)
	if err := tester.downloader.synchronise("attack", hashes[0]); err != errPeersUnavailable {
387 388
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errPeersUnavailable)
	}
389 390
	// Ensure that a valid chain can still pass sync
	hashes[len(hashes)/2] = origin
391 392
	tester.newPeer("valid", hashes, blocks)
	if err := tester.downloader.synchronise("valid", hashes[0]); err != nil {
393 394
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
395
}
396 397 398 399 400 401 402 403

// Tests that if a malicious peer is returning hashes in a weird order, that the
// sync throttler doesn't choke on them waiting for the valid blocks.
func TestInvalidHashOrderAttack(t *testing.T) {
	// Create a valid long chain, but reverse some hashes within
	hashes := createHashes(0, 4*blockCacheLimit)
	blocks := createBlocksFromHashes(hashes)

404 405 406 407 408
	chunk1 := make([]common.Hash, blockCacheLimit)
	chunk2 := make([]common.Hash, blockCacheLimit)
	copy(chunk1, hashes[blockCacheLimit:2*blockCacheLimit])
	copy(chunk2, hashes[2*blockCacheLimit:3*blockCacheLimit])

409 410
	reverse := make([]common.Hash, len(hashes))
	copy(reverse, hashes)
411 412
	copy(reverse[2*blockCacheLimit:], chunk1)
	copy(reverse[blockCacheLimit:], chunk2)
413 414

	// Try and sync with the malicious node and check that it fails
415 416
	tester := newTester()
	tester.newPeer("attack", reverse, blocks)
417 418
	if _, err := tester.syncTake("attack", reverse[0]); err != errInvalidChain {
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errInvalidChain)
419 420
	}
	// Ensure that a valid chain can still pass sync
421
	tester.newPeer("valid", hashes, blocks)
422 423 424 425
	if _, err := tester.syncTake("valid", hashes[0]); err != nil {
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
}
426 427 428 429

// Tests that if a malicious peer makes up a random hash chain and tries to push
// indefinitely, it actually gets caught with it.
func TestMadeupHashChainAttack(t *testing.T) {
430
	blockSoftTTL = 100 * time.Millisecond
431 432 433 434 435 436
	crossCheckCycle = 25 * time.Millisecond

	// Create a long chain of hashes without backing blocks
	hashes := createHashes(0, 1024*blockCacheLimit)

	// Try and sync with the malicious node and check that it fails
437 438
	tester := newTester()
	tester.newPeer("attack", hashes, nil)
439 440
	if _, err := tester.syncTake("attack", hashes[0]); err != errCrossCheckFailed {
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errCrossCheckFailed)
441 442
	}
}
443

444 445 446 447 448 449 450
// Tests that if a malicious peer makes up a random hash chain, and tries to push
// indefinitely, one hash at a time, it actually gets caught with it. The reason
// this is separate from the classical made up chain attack is that sending hashes
// one by one prevents reliable block/parent verification.
func TestMadeupHashChainDrippingAttack(t *testing.T) {
	// Create a random chain of hashes to drip
	hashes := createHashes(0, 16*blockCacheLimit)
451
	tester := newTester()
452 453 454

	// Try and sync with the attacker, one hash at a time
	tester.maxHashFetch = 1
455
	tester.newPeer("attack", hashes, nil)
456 457
	if _, err := tester.syncTake("attack", hashes[0]); err != errStallingPeer {
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errStallingPeer)
458 459 460
	}
}

461 462 463
// Tests that if a malicious peer makes up a random block chain, and tried to
// push indefinitely, it actually gets caught with it.
func TestMadeupBlockChainAttack(t *testing.T) {
464
	defaultBlockTTL := blockSoftTTL
465 466
	defaultCrossCheckCycle := crossCheckCycle

467
	blockSoftTTL = 100 * time.Millisecond
468 469 470
	crossCheckCycle = 25 * time.Millisecond

	// Create a long chain of blocks and simulate an invalid chain by dropping every second
471
	hashes := createHashes(0, 16*blockCacheLimit)
472 473 474 475 476 477 478
	blocks := createBlocksFromHashes(hashes)

	gapped := make([]common.Hash, len(hashes)/2)
	for i := 0; i < len(gapped); i++ {
		gapped[i] = hashes[2*i]
	}
	// Try and sync with the malicious node and check that it fails
479 480
	tester := newTester()
	tester.newPeer("attack", gapped, blocks)
481 482
	if _, err := tester.syncTake("attack", gapped[0]); err != errCrossCheckFailed {
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errCrossCheckFailed)
483 484
	}
	// Ensure that a valid chain can still pass sync
485
	blockSoftTTL = defaultBlockTTL
486 487
	crossCheckCycle = defaultCrossCheckCycle

488
	tester.newPeer("valid", hashes, blocks)
489 490 491 492
	if _, err := tester.syncTake("valid", hashes[0]); err != nil {
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
}
493 494 495 496 497

// Advanced form of the above forged blockchain attack, where not only does the
// attacker make up a valid hashes for random blocks, but also forges the block
// parents to point to existing hashes.
func TestMadeupParentBlockChainAttack(t *testing.T) {
498
	defaultBlockTTL := blockSoftTTL
499 500
	defaultCrossCheckCycle := crossCheckCycle

501
	blockSoftTTL = 100 * time.Millisecond
502 503 504 505 506 507 508 509 510 511
	crossCheckCycle = 25 * time.Millisecond

	// Create a long chain of blocks and simulate an invalid chain by dropping every second
	hashes := createHashes(0, 16*blockCacheLimit)
	blocks := createBlocksFromHashes(hashes)
	forges := createBlocksFromHashes(hashes)
	for hash, block := range forges {
		block.ParentHeaderHash = hash // Simulate pointing to already known hash
	}
	// Try and sync with the malicious node and check that it fails
512 513
	tester := newTester()
	tester.newPeer("attack", hashes, forges)
514 515
	if _, err := tester.syncTake("attack", hashes[0]); err != errCrossCheckFailed {
		t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errCrossCheckFailed)
516 517
	}
	// Ensure that a valid chain can still pass sync
518
	blockSoftTTL = defaultBlockTTL
519 520
	crossCheckCycle = defaultCrossCheckCycle

521
	tester.newPeer("valid", hashes, blocks)
522 523 524 525
	if _, err := tester.syncTake("valid", hashes[0]); err != nil {
		t.Fatalf("failed to synchronise blocks: %v", err)
	}
}
526 527 528 529 530 531 532 533 534 535 536 537

// Tests that if one/multiple malicious peers try to feed a banned blockchain to
// the downloader, it will not keep refetching the same chain indefinitely, but
// gradually block pieces of it, until it's head is also blocked.
func TestBannedChainStarvationAttack(t *testing.T) {
	// Construct a valid chain, but ban one of the hashes in it
	hashes := createHashes(0, 8*blockCacheLimit)
	hashes[len(hashes)/2+23] = bannedHash // weird index to have non multiple of ban chunk size

	blocks := createBlocksFromHashes(hashes)

	// Create the tester and ban the selected hash
538
	tester := newTester()
539 540 541 542
	tester.downloader.banned.Add(bannedHash)

	// Iteratively try to sync, and verify that the banned hash list grows until
	// the head of the invalid chain is blocked too.
543
	tester.newPeer("attack", hashes, blocks)
544 545
	for banned := tester.downloader.banned.Size(); ; {
		// Try to sync with the attacker, check hash chain failure
546 547
		if _, err := tester.syncTake("attack", hashes[0]); err != errInvalidChain {
			t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errInvalidChain)
548 549 550 551 552 553 554 555 556 557 558
		}
		// Check that the ban list grew with at least 1 new item, or all banned
		bans := tester.downloader.banned.Size()
		if bans < banned+1 {
			if tester.downloader.banned.Has(hashes[0]) {
				break
			}
			t.Fatalf("ban count mismatch: have %v, want %v+", bans, banned+1)
		}
		banned = bans
	}
559
	// Check that after banning an entire chain, bad peers get dropped
560
	if err := tester.newPeer("new attacker", hashes, blocks); err != errBannedHead {
561 562 563 564 565
		t.Fatalf("peer registration mismatch: have %v, want %v", err, errBannedHead)
	}
	if peer := tester.downloader.peers.Peer("net attacker"); peer != nil {
		t.Fatalf("banned attacker registered: %v", peer)
	}
566
}
567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582

// Tests that if a peer sends excessively many/large invalid chains that are
// gradually banned, it will have an upper limit on the consumed memory and also
// the origin bad hashes will not be evacuated.
func TestBannedChainMemoryExhaustionAttack(t *testing.T) {
	// Reduce the test size a bit
	MaxBlockFetch = 4
	maxBannedHashes = 256

	// Construct a banned chain with more chunks than the ban limit
	hashes := createHashes(0, maxBannedHashes*MaxBlockFetch)
	hashes[len(hashes)-1] = bannedHash // weird index to have non multiple of ban chunk size

	blocks := createBlocksFromHashes(hashes)

	// Create the tester and ban the selected hash
583
	tester := newTester()
584 585 586 587
	tester.downloader.banned.Add(bannedHash)

	// Iteratively try to sync, and verify that the banned hash list grows until
	// the head of the invalid chain is blocked too.
588
	tester.newPeer("attack", hashes, blocks)
589 590
	for {
		// Try to sync with the attacker, check hash chain failure
591 592
		if _, err := tester.syncTake("attack", hashes[0]); err != errInvalidChain {
			t.Fatalf("synchronisation error mismatch: have %v, want %v", err, errInvalidChain)
593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608
		}
		// Short circuit if the entire chain was banned
		if tester.downloader.banned.Has(hashes[0]) {
			break
		}
		// Otherwise ensure we never exceed the memory allowance and the hard coded bans are untouched
		if bans := tester.downloader.banned.Size(); bans > maxBannedHashes {
			t.Fatalf("ban cap exceeded: have %v, want max %v", bans, maxBannedHashes)
		}
		for hash, _ := range core.BadHashes {
			if !tester.downloader.banned.Has(hash) {
				t.Fatalf("hard coded ban evacuated: %x", hash)
			}
		}
	}
}