Cluster size 2 package rbf

[instagibbs]

Allows any 2 transaction package with no in-mempool ancestors to do package RBF when directly conflicting with other mempool clusters of size two or less.

Proposed validation steps:

1. If the transaction package is of size 1, legacy rbf rules apply.
2. Otherwise the transaction package consists of a (parent, child) pair with no other in-mempool ancestors (or descendants, obviously), so it is also going to create a cluster of size 2. If larger, fail.
3. The package rbf may not evict more than 100 transactions from the mempool(bip125 rule 5)
4. The package is a single chunk
5. Every directly conflicted mempool transaction is connected to at most 1 other in-mempool transaction (ie the cluster size of the conflict is at most 2).
6. Diagram check: We ensure that the replacement is strictly superior, improving the mempool
7. The total fee of the package, minus the total fee of what is being evicted, is at least the minrelayfee * size of the package (equivalent to bip125 rule 3 and 4)

Post-cluster mempool this will likely be expanded to general package rbf, but this is what we can safely support today.

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	glozow, ismaelsadeeq, theStack, murchandamus, achow101

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #30272 (doc: use TRUC instead of v3 and add release note by glozow)
• #29641 (scripted-diff: Use LogInfo/LogDebug over LogPrintf/LogPrint by maflcko)
• #28676 ([WIP] Cluster mempool implementation by sdaftuar)
• #27432 (contrib: add tool to convert compact-serialized UTXO set to SQLite database by theStack)
• #26593 (tracing: Only prepare tracepoint arguments when actually tracing by 0xB10C)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[glozow]

Added this to the tracking issue

[instagibbs]

this can't be hit yet; post-v3 it can. I can remove this, or leave a note, or both. It makes some package rbfs more useful

(edit: it's used in #29001 functional tests )

[sdaftuar]

So thinking conceptually about this, I'm most concerned by the new CheckMinerScores() criterion, where we only check the replacement package's feerate against the ancestor feerates of the indirect conflicts.

I think there are two issues with this approach:

1. If you look at GetModFeesWithAncestors()/GetSizeWithAncestors(), that can be greater than the transaction's individual feerate (ie if the parent of a transaction has a higher feerate than the child you're conflicting with). So this can cause the test to be too conservative and introduce some kind of weird pinning. Granted, this is a new replacement functionality so maybe not the end of the world if it is sometimes too conservative, but it seems like a bug.

2. Also if you look at the ancestor feerate of a transaction, that can underestimate its mining score, such as if some low feerate ancestor is being paid for by another transaction. So that can allow for replacements that are not incentive compatible (similar to how this is possible today with our current single-transaction RBF rules).

Even though the current RBF logic is broken already, I'd prefer to avoid adding on to that while rolling out the package RBF implementation, just so that users don't get used to some kinds of replacements working that really shouldn't be.

So I was wondering, can we deal with this by just restricting the topology of what we allow a package RBF to conflict with? Let's say we allow a replacement if the conflict set consists of either (1) a single transaction with no ancestors (and of course no descendants, since any descendants would be in the conflict set as well), or (2) two transactions that are in a parent-child topology, and that have no other in-mempool ancestors (or descendants, of course).

In those situations, the maximum miner score you would have to consider is either the individual feerate of the parent tx or the ancestor feerate of the child, so the new logic should work perfectly.

[instagibbs]

After offline discussion with @sdaftuar , I've worked on a set of prospective changes and pushed them to this branch as follow-on commits.

Key change is that we will now only allow package RBF when the conflicted transactions are all in "clusters" of up to size 2. This allows us to calculate mining scores for each conflicted transaction, which means that post-cluster mempool, if we did this right, IIUC, the behavior should match with more general package RBF.

[glozow]

ACK dd364f9. non-blocking nits that can go in a followup. Also needs a release note.

[instagibbs]

Added a release note

[theStack]

Spent most time reviewing the core commit 612847a so far, which looks correct to me (though I'm not super-familiar with the details of the feerate diagram checks that are used in this PR for the first time in production code). Still planning on looking deeper at the tests and do another full review round. Left some non-blocking nits on the way.

[instagibbs]

@theStack part of splitting out the diagram stuff to a prep PR is that you can just assume it means "economically rational to replace" 👍

[glozow]

reACK 94ed4fb via range-diff

[ismaelsadeeq]

re-ACK 94ed4fb

[theStack]

Code-review ACK 94ed4fb

[murchandamus]

utACK 94ed4fb

[murchandamus]

"result replaced" seems like the wrong tense to me, given that the transaction was not accepted. Should this perhaps be:

Suggested change

	// Each subpackage is allowed MAX_REPLACEMENT_CANDIDATES replacements (only checking individually here)
	if (atmp_result.m_replaced_transactions.size() > MAX_REPLACEMENT_CANDIDATES) {
	return strprintf("tx %s result replaced too many transactions",
	wtxid.ToString());
	}
	// Each subpackage is allowed MAX_REPLACEMENT_CANDIDATES replacements (only checking individually here)
	if (atmp_result.m_replaced_transactions.size() > MAX_REPLACEMENT_CANDIDATES) {
	return strprintf("tx %s would replace too many transactions",
	wtxid.ToString());
	}

[instagibbs]

done in follow-up

[glozow]

I don't agree with this suggestion - we are checking the result of a transaction that was accepted here. So "would replace" is incorrect and "replaced" is correct.

[murchandamus]

Maybe also add a success case in the end to prove that all the reasons for rejection were enumerated?

Suggested change

	self.generate(node, 1)
	self.log.info("Check non-heavy child with higher absolute fee will replace")
	package_hex3_1, package_txns3_1 = self.create_simple_package(coin, parent_fee=DEFAULT_FEE, child_fee=DEFAULT_CHILD_FEE + Decimal("0.00000001") )
	pkg_results3_1 = node.submitpackage(package_hex3_1)
	self.assert_mempool_contents(expected=package_txns3_1)
	self.generate(node, 1)

[instagibbs]

wrote a better boundary test in this vein in follow-up, thanks. You actually need incremental added, not 1 sat.

[murchandamus]

Suggested change

	self.generate(node, 1)
	package_hex5_1, package_txns5_1 = self.create_simple_package(coin, parent_fee=DEFAULT_CHILD_FEE, child_fee=DEFAULT_CHILD_FEE)
	pkg_results5_1 = node.submitpackage(package_hex5_1)
	self.assert_mempool_contents(expected=package_txns5_1)
	self.generate(node, 1)

[instagibbs]

took as inspiration to make an actual boundary-condition test in follow-up, thanks

[instagibbs]

opened followup at #30295

[achow101]

ACK 94ed4fb

[hebasto]

Ported to the CMake-based build system in hebasto#264.