[net processing] Assume that TxRelay::m_tx_inventory_to_send is empty pre-verack

This commit documents our assumption about TxRelay::m_tx_inventory_to_send being empty prior to version handshake completion. The added Assume acts as testing oracle for our fuzzing tests to potentially detect if the assumption is violated. Github-Pull: #26569 Rebased-From: ce63fca13e
2025-04-29 14:59:39 -04:00 · 2022-11-28 16:37:24 +00:00 · 2022-11-28 16:37:24 +00:00 · c8426706de
commit c8426706de
parent e15b306017
1 changed files with 15 additions and 0 deletions
--- a/src/net_processing.cpp
+++ b/src/net_processing.cpp
@ -3403,6 +3403,21 @@ void PeerManagerImpl::ProcessMessage(CNode& pfrom, const std::string& msg_type,
            // they may wish to request compact blocks from us
            m_connman.PushMessage(&pfrom, msgMaker.Make(NetMsgType::SENDCMPCT, /*high_bandwidth=*/false, /*version=*/CMPCTBLOCKS_VERSION));
        }
+
+        if (auto tx_relay = peer->GetTxRelay()) {
+            // `TxRelay::m_tx_inventory_to_send` must be empty before the
+            // version handshake is completed as
+            // `TxRelay::m_next_inv_send_time` is first initialised in
+            // `SendMessages` after the verack is received. Any transactions
+            // received during the version handshake would otherwise
+            // immediately be advertised without random delay, potentially
+            // leaking the time of arrival to a spy.
+            Assume(WITH_LOCK(
+                tx_relay->m_tx_inventory_mutex,
+                return tx_relay->m_tx_inventory_to_send.empty() &&
+                       tx_relay->m_next_inv_send_time == 0s));
+        }
+
        pfrom.fSuccessfullyConnected = true;
        return;
    }