<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sat, Jul 4, 2015 at 4:30 AM, Peter Todd <span dir="ltr"><<a href="mailto:pete@petertodd.org" target="_blank">pete@petertodd.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
</span>As for what "SPV mining" is:<br>
<br>
While blocks are propagating throughout the network, frequently it's<br>
possible for miners to get the header of the block before they get and<br>
fully validate the block itself. This is just a few seconds to tens of<br>
seconds, but that's a big deal for profitability. So miners have been<br>
running custom patches that mine on top of the longest chain they know<br>
about, even if they haven't actually verified the blocks in it due to<br>
propagation delays.<br></blockquote><div><br></div><div>Is the invalid fork pretty much all empty blocks then?<br><br></div><div>SPV mining isn't inherently dangerous, if it is only for a short period of time. It can boost the total work for the block chain.<br><br></div><div>Inherently, invalid blocks are rare, so assuming a header is valid is the correct assumption.<br></div><div><br></div><div>For safety (for the miner), SPV miners should switch back to full mining after 20-30 seconds without fully validating the chain that they are on.<br><br></div><div>- header received<br></div><div>- header verified (they skipped this step)<br></div><div>- build on header with empty block<br></div><div>- receive full block<br></div><div>-- mark header as invalid if this step times out<br></div><div>- verify full block<br></div><div>-- mark header as invalid if verification fails<br></div><div>- build on full block with non-empty block<br><br></div><div>An easier rule is that you only build on a header if the header's parent (or even grandparent) has been fully verified. That rule would prevent the illegal fork from growing past 1-2 blocks. It would mean that SPV miners would start wasting hashing power once the invalid fork hit 2 blocks. They wouldn't even build on their own block.<br></div><div><br></div><div>I guess miners never added code of that kind? That is pretty shocking that a majority would SPV mine without that safeguard against the main vulnerability of SPV mining. <br><br></div><div>Even waiting a few minutes before switch back would protect against this.<br><br></div><div>Worse, in this case, is that it wasn't just an invalid block, it was an invalid header chain. They could have done the check with headers only.<br></div></div></div></div>