[net processing] Assume that TxRelay::m_tx_inventory_to_send is empty pre-verack

This commit documents our assumption about TxRelay::m_tx_inventory_to_send being empty prior to version handshake completion. The added Assume acts as testing oracle for our fuzzing tests to potentially detect if the assumption is violated.
2024-11-20 02:25:40 +01:00 · 2022-11-28 16:37:24 +00:00 · 2022-11-28 16:37:24 +00:00 · ce63fca13e
commit ce63fca13e
parent 845e3a34c4
1 changed files with 14 additions and 0 deletions
--- a/src/net_processing.cpp
+++ b/src/net_processing.cpp
@ -3435,6 +3435,20 @@ void PeerManagerImpl::ProcessMessage(CNode& pfrom, const std::string& msg_type,
            }
        }

+        if (auto tx_relay = peer->GetTxRelay()) {
+            // `TxRelay::m_tx_inventory_to_send` must be empty before the
+            // version handshake is completed as
+            // `TxRelay::m_next_inv_send_time` is first initialised in
+            // `SendMessages` after the verack is received. Any transactions
+            // received during the version handshake would otherwise
+            // immediately be advertised without random delay, potentially
+            // leaking the time of arrival to a spy.
+            Assume(WITH_LOCK(
+                tx_relay->m_tx_inventory_mutex,
+                return tx_relay->m_tx_inventory_to_send.empty() &&
+                       tx_relay->m_next_inv_send_time == 0s));
+        }
+
        pfrom.fSuccessfullyConnected = true;
        return;
    }