Open
Description
The blockprod_generate_block RPC call allows the user to include an invalid transaction, creating an invalid block. The block will then be rejected when attempting to submit it to the chain. This is nowadays mostly used in a controlled testing environment so is not a big issue. However, the call is still exposed via the external node interface which means there's a chance users will end up take advantage of this.
A simple mitigation is to make it the user responsibility
Other options are:
- Validate the user-supplied transactions as well and report issues back to the user at block creation time.
- Remove the hex-based transaction submission from the public API, making it only available via test RPC functions.
Related:
- Allow generate_block() to accept Transaction IDs along with encoded signed transactions #756 (the original issue)
- Different treatment for locally submitted transactions in mempool #1214 (possible alternative to user-supplied hex transactions)