mempool: expand PolicyEnforcer interface for complete validation

In this commit, we expand the PolicyEnforcer interface to include methods
for validating standardness, signature costs, and SegWit deployment. This
makes PolicyEnforcer a complete abstraction for all policy-level validation,
complementing the TxValidator's consensus-level checks.

We add four new methods to the PolicyEnforcer interface:

ValidateStandardness checks transaction standardness requirements including
version, finalization, size limits, script types, and dust outputs. This
delegates to the existing CheckTransactionStandard and checkInputsStandard
helper functions.

ValidateSigCost validates that signature operation cost doesn't exceed
relay limits, using the CheckTransactionSigCost helper function we
extracted earlier.

ValidateSegWitDeployment ensures SegWit transactions are only accepted
when SegWit is active, using CheckSegWitDeployment.

ValidateRelayFee signature is updated to accept utxoView and
nextBlockHeight, enabling priority calculation for low-fee transactions.
The implementation now calls CheckRelayFee for the core validation, then
applies rate limiting separately.

The PolicyConfig structure is expanded to include MaxTxVersion,
MaxSigOpCostPerTx, IsDeploymentActive, ChainParams, and BestHeight. These
fields enable the policy enforcer to perform validation without requiring
external context from the mempool. DefaultPolicyConfig provides sensible
defaults for all new fields, assuming SegWit is active and using mainnet
parameters.

StandardPolicyEnforcer implements all new methods by delegating to the
standalone helper functions in policy.go. This keeps the implementation
thin while maintaining full test coverage through the existing helper
function tests.

The ValidateRelayFee tests are updated to pass the new parameters. We fix
a test case that was incorrectly expecting non-new transactions with
low fees to be rejected - per the CheckRelayFee implementation, non-new
transactions (from reorgs) are exempted from priority checks for
transactions under the size threshold. We add a new test case showing
that large non-new transactions are still correctly rejected if their
fees are insufficient.

This expanded interface allows TxMempoolV2's validation pipeline to use
PolicyEnforcer for all policy checks, creating a clean separation between
consensus validation (TxValidator) and policy validation (PolicyEnforcer).

Author: Roasbeef

mempool/policy_enforcer.go

@@ -11,7 +11,9 @@ import (
 	"sync"
 	"time"
 
+	"github.com/btcsuite/btcd/blockchain"
 	"github.com/btcsuite/btcd/btcutil"
+	"github.com/btcsuite/btcd/chaincfg"
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/mempool/txgraph"
 )
@@ -54,22 +56,24 @@ type PolicyGraph interface {
 	// GetNode retrieves a transaction node from the graph.
 	GetNode(hash chainhash.Hash) (*txgraph.TxGraphNode, bool)
 
-	// GetAncestors returns all ancestor transactions up to maxDepth.
-	// A negative maxDepth returns all ancestors.
-	GetAncestors(hash chainhash.Hash, maxDepth int) map[chainhash.Hash]*txgraph.TxGraphNode
+	// GetAncestors returns all ancestor transactions up to maxDepth. A
+	// negative maxDepth returns all ancestors.
+	GetAncestors(hash chainhash.Hash,
+		maxDepth int) map[chainhash.Hash]*txgraph.TxGraphNode
 
-	// GetDescendants returns all descendant transactions up to maxDepth.
-	// A negative maxDepth returns all descendants.
-	GetDescendants(hash chainhash.Hash, maxDepth int) map[chainhash.Hash]*txgraph.TxGraphNode
+	// GetDescendants returns all descendant transactions up to maxDepth. A
+	// negative maxDepth returns all descendants.
+	GetDescendants(hash chainhash.Hash,
+		maxDepth int) map[chainhash.Hash]*txgraph.TxGraphNode
 }
 
 // PolicyEnforcer defines the interface for mempool policy enforcement. This
 // separates policy decisions from graph data structure operations, enabling
 // easier testing and different policy configurations.
 type PolicyEnforcer interface {
-	// SignalsReplacement determines if a transaction signals that it can be
-	// replaced using the Replace-By-Fee (RBF) policy. This includes both
-	// explicit signaling (sequence number) and inherited signaling
+	// SignalsReplacement determines if a transaction signals that it can
+	// be replaced using the Replace-By-Fee (RBF) policy. This includes
+	// both explicit signaling (sequence number) and inherited signaling
 	// (unconfirmed ancestors that signal RBF).
 	SignalsReplacement(graph PolicyGraph, tx *btcutil.Tx) bool
 
@@ -87,9 +91,26 @@ type PolicyEnforcer interface {
 	ValidateDescendantLimits(graph PolicyGraph, hash chainhash.Hash) error
 
 	// ValidateRelayFee checks that a transaction meets the minimum relay
-	// fee requirements, including rate limiting for free transactions.
+	// fee requirements, including priority checks and rate limiting for
+	// free/low-fee transactions.
 	ValidateRelayFee(tx *btcutil.Tx, fee int64, size int64,
+		utxoView *blockchain.UtxoViewpoint, nextBlockHeight int32,
 		isNew bool) error
+
+	// ValidateStandardness checks that a transaction meets standardness
+	// requirements for relay (version, size, scripts, dust outputs).
+	ValidateStandardness(tx *btcutil.Tx, height int32,
+		medianTimePast time.Time, utxoView *blockchain.UtxoViewpoint,
+	) error
+
+	// ValidateSigCost checks that a transaction's signature operation cost
+	// does not exceed the maximum allowed for relay.
+	ValidateSigCost(tx *btcutil.Tx,
+		utxoView *blockchain.UtxoViewpoint) error
+
+	// ValidateSegWitDeployment checks that if a transaction contains
+	// witness data, the SegWit soft fork must be active.
+	ValidateSegWitDeployment(tx *btcutil.Tx) error
 }
 
 // PolicyConfig defines mempool policy parameters. These settings control
@@ -136,6 +157,25 @@ type PolicyConfig struct {
 	// DisableRelayPriority, if true, disables relaying of low-fee
 	// transactions based on priority.
 	DisableRelayPriority bool
+
+	// MaxTxVersion is the maximum transaction version to accept.
+	// Transactions with versions above this are rejected as non-standard.
+	MaxTxVersion int32
+
+	// MaxSigOpCostPerTx is the cumulative maximum cost of all signature
+	// operations in a single transaction that will be relayed or mined.
+	MaxSigOpCostPerTx int
+
+	// IsDeploymentActive checks if a consensus deployment is active.
+	// This is used for validating SegWit transactions.
+	IsDeploymentActive func(deploymentID uint32) (bool, error)
+
+	// ChainParams identifies the blockchain network (mainnet, testnet,
+	// etc). Used for network-specific validation rules.
+	ChainParams *chaincfg.Params
+
+	// BestHeight returns the current best block height.
+	BestHeight func() int32
 }
 
 // DefaultPolicyConfig returns a PolicyConfig with default values matching
@@ -157,6 +197,23 @@ func DefaultPolicyConfig() PolicyConfig {
 		MinRelayTxFee:        DefaultMinRelayTxFee,
 		FreeTxRelayLimit:     15.0,
 		DisableRelayPriority: false,
+
+		// Transaction version and signature operation limits.
+		MaxTxVersion:      2,     // Standard transaction version
+		MaxSigOpCostPerTx: 80000, // 1/5 of max block sigop cost
+
+		// Default deployment check (assume SegWit is active for testing).
+		IsDeploymentActive: func(deploymentID uint32) (bool, error) {
+			return true, nil
+		},
+
+		// Default to mainnet params.
+		ChainParams: &chaincfg.MainNetParams,
+
+		// Default height (reasonable for testing).
+		BestHeight: func() int32 {
+			return 700000
+		},
 	}
 }
 
@@ -390,9 +447,7 @@ func (p *StandardPolicyEnforcer) ValidateAncestorLimits(
 // size to prevent unbounded chain growth in the mempool. This implementation
 // matches that behavior.
 func (p *StandardPolicyEnforcer) ValidateDescendantLimits(
-	graph PolicyGraph,
-	hash chainhash.Hash,
-) error {
+	graph PolicyGraph, hash chainhash.Hash) error {
 
 	// Get all descendants for this transaction.
 	descendants := graph.GetDescendants(hash, -1)
@@ -421,29 +476,34 @@ func (p *StandardPolicyEnforcer) ValidateDescendantLimits(
 }
 
 // ValidateRelayFee checks that a transaction meets the minimum relay fee
-// requirements, including rate limiting for free/low-fee transactions.
-//
-// Transactions with fees below the minimum are rate-limited using an
-// exponentially decaying counter to prevent spam while allowing some free
+// requirements, including priority checks and rate limiting for free/low-fee
 // transactions.
+//
+// Transactions with fees below the minimum are checked for priority (if
+// enabled) and rate-limited using an exponentially decaying counter to prevent
+// spam while allowing some free transactions.
 func (p *StandardPolicyEnforcer) ValidateRelayFee(
-	tx *btcutil.Tx, fee int64, size int64, isNew bool) error {
+	tx *btcutil.Tx, fee int64, size int64, utxoView *blockchain.UtxoViewpoint,
+	nextBlockHeight int32, isNew bool) error {
+
+	// First check the minimum relay fee and priority requirements using
+	// the standalone CheckRelayFee function.
+	err := CheckRelayFee(
+		tx, fee, size, utxoView, nextBlockHeight,
+		p.cfg.MinRelayTxFee, p.cfg.DisableRelayPriority, isNew,
+	)
+	if err != nil {
+		return err
+	}
 
-	// Calculate minimum required fee for this transaction.
+	// Calculate minimum required fee to determine if rate limiting applies.
 	minFee := calcMinRequiredTxRelayFee(size, p.cfg.MinRelayTxFee)
 
-	// If the fee meets the minimum, accept it immediately.
+	// If the fee meets the minimum, no rate limiting needed.
 	if fee >= minFee {
 		return nil
 	}
 
-	// If this is not a new transaction or if relay priority is disabled,
-	// reject it for insufficient fee.
-	if !isNew || p.cfg.DisableRelayPriority {
-		return fmt.Errorf("transaction %v has insufficient fee: %d < %d",
-			tx.Hash(), fee, minFee)
-	}
-
 	// Apply rate limiting for free/low-fee transactions.
 	p.mu.Lock()
 	defer p.mu.Unlock()
@@ -469,5 +529,46 @@ func (p *StandardPolicyEnforcer) ValidateRelayFee(
 	return nil
 }
 
+// ValidateStandardness checks that a transaction meets standardness
+// requirements for relay. This includes version checks, finalization, size
+// limits, script checks, and dust checks.
+func (p *StandardPolicyEnforcer) ValidateStandardness(
+	tx *btcutil.Tx, height int32, medianTimePast time.Time,
+	utxoView *blockchain.UtxoViewpoint) error {
+
+	// Use the existing CheckTransactionStandard function which handles
+	// version, finalization, size, and output script checks.
+	err := CheckTransactionStandard(
+		tx, height, medianTimePast,
+		p.cfg.MinRelayTxFee, p.cfg.MaxTxVersion,
+	)
+	if err != nil {
+		return err
+	}
+
+	// Also check input standardness (signature scripts, etc).
+	return checkInputsStandard(tx, utxoView)
+}
+
+// ValidateSigCost checks that a transaction's signature operation cost does
+// not exceed the maximum allowed for relay.
+func (p *StandardPolicyEnforcer) ValidateSigCost(
+	tx *btcutil.Tx, utxoView *blockchain.UtxoViewpoint) error {
+
+	// Use the standalone CheckTransactionSigCost function to validate.
+	return CheckTransactionSigCost(tx, utxoView, p.cfg.MaxSigOpCostPerTx)
+}
+
+// ValidateSegWitDeployment checks that if a transaction contains witness data,
+// the SegWit soft fork must be active.
+func (p *StandardPolicyEnforcer) ValidateSegWitDeployment(tx *btcutil.Tx) error {
+
+	// Use the standalone CheckSegWitDeployment function to validate.
+	return CheckSegWitDeployment(
+		tx, p.cfg.IsDeploymentActive, p.cfg.ChainParams,
+		p.cfg.BestHeight(),
+	)
+}
+
 // Ensure StandardPolicyEnforcer implements PolicyEnforcer interface.
 var _ PolicyEnforcer = (*StandardPolicyEnforcer)(nil)

mempool/policy_enforcer_test.go

@@ -591,16 +591,29 @@ func TestValidateRelayFee(t *testing.T) {
 	minFee := calcMinRequiredTxRelayFee(size, cfg.MinRelayTxFee)
 
 	// Test with sufficient fee.
-	err := p.ValidateRelayFee(tx, minFee, size, true)
+	err := p.ValidateRelayFee(tx, minFee, size, nil, 0, true)
 	require.NoError(t, err, "should accept transaction with sufficient fee")
 
 	// Test with insufficient fee (should be rate limited for new tx).
-	err = p.ValidateRelayFee(tx, minFee-1, size, true)
+	err = p.ValidateRelayFee(tx, minFee-1, size, nil, 0, true)
 	require.NoError(t, err, "should accept new low-fee tx (rate limited)")
 
-	// Test with insufficient fee for non-new tx.
-	err = p.ValidateRelayFee(tx, minFee-1, size, false)
-	require.Error(t, err, "should reject non-new low-fee tx")
+	// Test with insufficient fee for non-new tx (reorg scenario).
+	// Non-new transactions are exempted from priority checks per the
+	// CheckRelayFee implementation (line 469-472 in policy.go), so they
+	// should be allowed even with low fees as long as they're under the
+	// size threshold (DefaultBlockPrioritySize - 1000 = 49000 bytes).
+	err = p.ValidateRelayFee(tx, minFee-1, size, nil, 0, false)
+	require.NoError(t, err, "should accept non-new low-fee tx (reorg exemption)")
+
+	// Test with a large transaction that exceeds the free transaction
+	// size threshold. Even non-new transactions should be rejected if
+	// they're too large and have insufficient fees.
+	largeSize := int64(DefaultBlockPrioritySize - 500) // 49500 bytes
+	largeTxMinFee := calcMinRequiredTxRelayFee(largeSize, cfg.MinRelayTxFee)
+	err = p.ValidateRelayFee(tx, largeTxMinFee-1, largeSize, nil, 0, false)
+	require.Error(t, err, "should reject large non-new tx with insufficient fee")
+	require.Contains(t, err.Error(), "under the required amount")
 }
 
 // TestRateLimiting tests that the rate limiter correctly limits free
@@ -616,11 +629,11 @@ func TestRateLimiting(t *testing.T) {
 	size := GetTxVirtualSize(tx)
 
 	// First free tx should be accepted.
-	err := p.ValidateRelayFee(tx, 0, size, true)
+	err := p.ValidateRelayFee(tx, 0, size, nil, 0, true)
 	require.NoError(t, err)
 
 	// Second free tx should be rejected (rate limited).
-	err = p.ValidateRelayFee(tx, 0, size, true)
+	err = p.ValidateRelayFee(tx, 0, size, nil, 0, true)
 	require.Error(t, err)
 	require.Contains(t, err.Error(), "rate limiter")
 }
@@ -638,7 +651,7 @@ func TestRateLimiterDecay(t *testing.T) {
 	size := int64(50)
 
 	// Accept first transaction.
-	err := p.ValidateRelayFee(tx, 0, size, true)
+	err := p.ValidateRelayFee(tx, 0, size, nil, 0, true)
 	require.NoError(t, err)
 
 	// Manually advance time to simulate decay.
@@ -650,7 +663,7 @@ func TestRateLimiterDecay(t *testing.T) {
 	p.mu.Unlock()
 
 	// Second transaction should be accepted after decay.
-	err = p.ValidateRelayFee(tx, 0, size, true)
+	err = p.ValidateRelayFee(tx, 0, size, nil, 0, true)
 	require.NoError(t, err)
 }
 
@@ -817,8 +830,8 @@ func TestPropertyFeeRateMonotonic(t *testing.T) {
 		tx := createTxWithSequence([]uint32{wire.MaxTxInSequenceNum})
 
 		// Higher fee should always be accepted if lower fee is accepted.
-		err1 := p.ValidateRelayFee(tx, fee1, size, false)
-		err2 := p.ValidateRelayFee(tx, fee2, size, false)
+		err1 := p.ValidateRelayFee(tx, fee1, size, nil, 0, false)
+		err2 := p.ValidateRelayFee(tx, fee2, size, nil, 0, false)
 
 		if err1 == nil && err2 != nil {
 			t.Fatalf("monotonicity violated: fee %d accepted but %d rejected",