zolfa
/
tendermint

# ADR 020: Limiting txs size inside a block

## Changelog

13-08-2018: Initial Draft15-08-2018: Second version after Dev's comments28-08-2018: Third version after Ethan's comments30-08-2018: AminoOverheadForBlock => MaxAminoOverheadForBlock31-08-2018: Bounding evidence and chain ID13-01-2019: Add section on MaxBytes vs MaxDataBytes
## Context

We currently use MaxTxs to reap txs from the mempool when proposing a block,but enforce MaxBytes when unmarshalling a block, so we could easily propose ablock thats too large to be valid.
We should just remove MaxTxs all together and stick with MaxBytes, and have a`mempool.ReapMaxBytes`.
But we can't just reap BlockSize.MaxBytes, since MaxBytes is for the entire block,not for the txs inside the block. There's extra amino overhead + the actualheaders on top of the actual transactions + evidence + last commit.We could also consider using a MaxDataBytes instead of or in addition to MaxBytes.
## MaxBytes vs MaxDataBytes

The [PR #3045](https://github.com/tendermint/tendermint/pull/3045) suggestedadditional clarity/justification was necessary here, wither respect to the useof MaxDataBytes in addition to, or instead of, MaxBytes.
MaxBytes provides a clear limit on the total size of a block that requires noadditional calculation if you want to use it to bound resource usage, and therehas been considerable discussions about optimizing tendermint around 1MB blocks.Regardless, we need some maximum on the size of a block so we can avoidunmarshalling blocks that are too big during the consensus, and it seems morestraightforward to provide a single fixed number for this rather than acomputation of "MaxDataBytes + everything else you need to make room for(signatures, evidence, header)". MaxBytes provides a simple bound so we canalways say "blocks are less than X MB".
Having both MaxBytes and MaxDataBytes feels like unnecessary complexity. It'snot particularly surprising for MaxBytes to imply the maximum size of theentire block (not just txs), one just has to know that a block includes header,txs, evidence, votes. For more fine grained control over the txs included in theblock, there is the MaxGas. In practice, the MaxGas may be expected to do most ofthe tx throttling, and the MaxBytes to just serve as an upper bound on the totalsize. Applications can use MaxGas as a MaxDataBytes by just taking the gas forevery tx to be its size in bytes.
## Proposed solution

Therefore, we should
1) Get rid of MaxTxs.2) Rename MaxTxsBytes to MaxBytes.
When we need to ReapMaxBytes from the mempool, we calculate the upper bound as follows:
```ExactLastCommitBytes = {number of validators currently enabled} * {MaxVoteBytes}MaxEvidenceBytesPerBlock = MaxBytes / 10ExactEvidenceBytes = cs.evpool.PendingEvidence(MaxEvidenceBytesPerBlock) * MaxEvidenceBytes
mempool.ReapMaxBytes(MaxBytes - MaxAminoOverheadForBlock - ExactLastCommitBytes - ExactEvidenceBytes - MaxHeaderBytes)```
where MaxVoteBytes, MaxEvidenceBytes, MaxHeaderBytes and MaxAminoOverheadForBlockare constants defined inside the `types` package:
- MaxVoteBytes - 170 bytes- MaxEvidenceBytes - 364 bytes- MaxHeaderBytes - 476 bytes (~276 bytes hashes + 200 bytes - 50 UTF-8 encoded  symbols of chain ID 4 bytes each in the worst case + amino overhead)- MaxAminoOverheadForBlock - 8 bytes (assuming MaxHeaderBytes includes amino  overhead for encoding header, MaxVoteBytes - for encoding vote, etc.)
ChainID needs to bound to 50 symbols max.
When reaping evidence, we use MaxBytes to calculate the upper bound (e.g. 1/10)to save some space for transactions.
NOTE while reaping the `max int` bytes in mempool, we should account that everytransaction will take `len(tx)+aminoOverhead`, where aminoOverhead=1-4 bytes.
We should write a test that fails if the underlying structs got changed, butMaxXXX stayed the same.
## Status

Accepted.
## Consequences

### Positive

* one way to limit the size of a block* less variables to configure
### Negative

* constants that need to be adjusted if the underlying structs got changed
### Neutral