mining: add cooldown to createNewBlock() immediately after IBD

[Sjors]

As reported in #33994, connected mining clients will receive a flood of new templates if the node is still going through IBD or catching up on the last 24 hours. This PR fixes that using an optional cooldown mechanism, only applied to createNewBlock().

First, cooldown waits for IBD. Then, as the tip keeps moving forward, it waits a few seconds to see if the tip updated. If so, it restarts the timer and waits again. The trade-offs for this mechanism are explained below.

Because this PR changes createNewBlock() from a method that returns quickly to one that can block for minutes, we rely on #34568 to fix a bug in our .capnp definition, adding the missing context to createNewBlock (and checkBlock).

The second commit then adds an interrupt() method so that clients can cleanly disconnect.

---

Rationale

The cooldown argument is optional, and not used by internal non-IPC code, for two reasons:

1. The mechanism wreaks havoc on the functional test suite, which would require very careful mock time handling to work around. But that's pointless, because only IPC clients need it.
2. It needs to be optional for IPC clients too, because in some situations, like a signet with only one miner, waiting for IBD can mean being stuck forever.

The reason it's only applied to createNewBlock() is that this is the first method called by clients; waitNext() is a method on the interface returned by createNewBlock(), at which point the cooldown is done.

After IBD, we wait N seconds if the header is N blocks ahead of the tip, with a minimum of 3 and a maximum of 20 seconds. The minimum waiting time is short enough that it shouldn't be annoying or confusing for someone manually starting up a client. While the maximum should be harmless if it happens spuriously (which it shouldn't).

If the minimum wait is too short, clients get a burst of templates, as observed in the original issue. We can't entirely rule this out without a lot of additional complexity (like scanning our own log file for heuristics). This PR should make it a lot less likely, and thanks to the IBD wait also limit it to one day worth of blocks (-maxtipage).

Some test runs on an M4 MacBook Pro, where I had a node catch up on the last few days worth of blocks:

As the chart shows, sometimes it takes longer than 3 seconds. But it turns out that in all those cases there were quite a few headers ahead of the tip. It also demonstrates that it's important to first wait for IBD, because it's less likely a random tip update takes longer than 20 seconds.

• modified sv2-apps: https://github.com/Sjors/sv2-apps/tree/2026/02/cooldown
• test script: https://gist.github.com/Sjors/feb6122c97acc2b9e6d66b168614609c#file-run_mainnet_pool_loop-zsh
• chart script: https://gist.github.com/Sjors/feb6122c97acc2b9e6d66b168614609c#file-tip_interval_charts-py

[DrahtBot]

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage & Benchmarks

For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/34184.

Reviews

See the guideline for information on the review process.

Type	Reviewers
ACK	ryanofsky, enirox001
Concept ACK	ismaelsadeeq
Stale ACK	bensig, w0xlt

If your review is incorrectly listed, please copy-paste <!--meta-tag:bot-skip--> into the comment that the bot should ignore.

Conflicts

Reviewers, this pull request conflicts with the following ones:

• #34644 (mining: add submitBlock to IPC Mining interface by w0xlt)
• #34020 (mining: add getTransactions(ByWitnessID) IPC methods by Sjors)
• #33966 (refactor: disentangle miner startup defaults from runtime options by Sjors)
• #33922 (mining: add getMemoryLoad() and track template non-mempool memory footprint by Sjors)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

LLM Linter (✨ experimental)

Possible typos and grammar issues:

• @RetVal std::nullptr if the node is shut down or interrupt() is called. -> @RetVal nullptr if the node is shut down or interrupt() is called. [std::nullptr is not a valid C++ token; the intended value is the keyword nullptr (or std::nullptr_t).]

Possible places where named args for integral literals may be used (e.g. func(x, /*named_arg=*/0) in C++, and func(x, named_arg=0) in Python):

• std::clamp(*remaining, 3, 20) in src/node/miner.cpp

Possible places where comparison-specific test macros should replace generic comparisons:

• test/functional/interface_ipc_mining.py: "template = await mining_create_block_template(mining, stack, ctx, self.default_block_create_options)\n assert template is not None" -> Use assert_not_equal(template, None) (or assert_equal) helper: assert_not_equal(template, None)

^{2026-02-20 15:51:38}

[Sjors]

Switched to avoid mock time for the cooldown mechanism (it's possible, but would require additional refactoring).

Added a constraint to ignore alternative header branches. This probably doesn't matter in real life, but it does in tests. E.g. the assume_utxo test "Check importing a snapshot where current chain-tip is not an ancestor of the snapshot block but has less work" creates an alternative chain of blocks despite having better headers (but not their blocks). In real life this implies a giant block witholding attack.

[bensig]

ACK e8b01c4

Tested on macOS - interface_ipc.py passes.

Code review:

• Using SteadyClock for the cooldown (independent of mocktime) is the right call
• BestHeaderAheadOfActiveTip() correctly uses ancestor check to ignore competing branches
• 1s timeout prevents DoS from header-only attacks while still allowing catch-up during final IBD

Nice fix for #33994

[Sjors]

Rebased.

[w0xlt]

Approach ACK

[w0xlt]

Runtime assertion for consistency with WaitAndCreateNewBlock pattern.

Suggested change

	const auto tip_block = kernel_notifications.TipBlock();
	AssertLockHeld(kernel_notifications.m_tip_block_mutex);
	const auto tip_block = kernel_notifications.TipBlock();

[Sjors]

There's other places where we don't bother with AssertLockHeld for an inline function. It seems a bit overkill.

[w0xlt]

ACK 9817657

[ryanofsky]

Code review ACK 9817657. This seems like probably the simplest change that can resolve #33994.

I guess I have two lingering concerns about it:

• This can cause the createNewBlock function to block for potentially a very long time when it didn't before and createNewBlock doesn't currently have any cancellation option other than shutting down the node. So it could make it hard for IPC clients to disconnect cleanly, and I suspect we may want to follow up here by adding some timeout or cancellation mechanism.

• I'm not very sure about effectiveness of the cooldown strategy, and wouldn't be surprised if there were cases where it didn't work well but it does seem like a good starting point, and pretty conservative.

[Sjors]

Rebased after #34568 landed, ready for review again.

Should be tagged for v31.

[ryanofsky]

Code review ACK 1e02888. Only changes since last review were switching cooldown default from false to true, rebasing, and adding release notes.

Might also be good to remove "Based on #34568" from the description to keep it simpler now the other PR is merged

[Sjors]

Updated PR description to remove reference to the merged #34568.

Adjusted interface_ipc_mining.py to reflect that the cooldown default is now False.

[ryanofsky]

Code review ACK fcaec25. Only changes since last review were removing two cooldown arguments from the mining IPC test to simplify it

[enirox001]

ACK fcaec25

Verified on Fedora 43 with a clean build. Functional tests pass including interface_ipc_mining.py

I have included a few suggestions and nits below

[enirox001]

In commit "mining: add cooldown argument to createNewBlock()" (a11297a)

The existing test verifies that createNewBlock() blocks while headers are ahead of the tip.

This proposed follow-up test the complementary property, that it wakes up promptly once submitblock advances the tip, rather than waiting for the cooldown timer to expire on its own.

index 5095583a0e..067e2d9217 100755
--- a/test/functional/interface_ipc_mining.py
+++ b/test/functional/interface_ipc_mining.py
@@ -171,6 +171,32 @@ class IPCMiningTest(BitcoinTestFramework):
                 # spurious failures.
                 assert_greater_than_or_equal(time.time() - start, 0.9)
 
+                self.log.debug("createNewBlock() should wake up immediately after sync")
+                results = {}
+
+                async def create_block_with_timing():
+                    bg_start = time.time()
+                    res = await mining.createNewBlock(ctx, self.default_block_create_options)
+                    results['duration'] = time.time() - bg_start
+                    results['success'] = res._has("result")
+
+                task = asyncio.create_task(create_block_with_timing())
+                await asyncio.sleep(0.5)
+                assert not task.done(), "createNewBlock() returned early — cooldown did not engage"
+                block_hex = self.nodes[1].getblock(node1_block_hash, False)
+                self.nodes[0].submitblock(block_hex)
+
+                try:
+                    await asyncio.wait_for(task, timeout=10.0)
+                except asyncio.TimeoutError:
+                    task.cancel()
+                    raise AssertionError("createNewBlock() did not wake up within 10s after submitblock")
+
+                assert_equal(results['success'], True)
+                assert_greater_than_or_equal(results['duration'], 0.5)
+

[Sjors]

@enirox001 would you like to open a PR with this test and the other documentation followup?

[enirox001]

Yes, I'll put that together.

As @ryanofsky suggested in #34422, I'm going to combine this test addition with a quick refactor of make_mining_ctx to keep the test suite clean and avoid duplication. I'll open the follow-up PR shortly

[enirox001]

In commit "mining: add interrupt()" (1e82fa4)

nano nit: The current naming is quite similar to interruptWait(). Explicitly documenting that this specifically targets the createNewBlock wait loop clarifies that these control two different internal primitives.

[ismaelsadeeq]

Instead of documenting, we should flip it the other way around.

interrupt, which is the generic function that toggles the boolean value.
Then interruptWait for waitNext, and interruptMining for Mining.

[ryanofsky]

Sounds reasonable. Ultimately though I'd like to drop all these separate interrupt methods and instead add interfaces::Interrupt C++ arguments to the waiting methods that would let them detect and handle cancellations done with cap'n proto's native cancellation mechanism

[ismaelsadeeq]

Post merge ACK fcaec25

[ismaelsadeeq]

In "mining: add cooldown argument to createNewBlock()" a11297a

IIUC, when a chainstate is loaded via loadtxoutset, the behaviour is that you keep connecting on top of the active loaded chainstate and cooldown based on it.

[ismaelsadeeq]

Instead of documenting, we should flip it the other way around.

interrupt, which is the generic function that toggles the boolean value.
Then interruptWait for waitNext, and interruptMining for Mining.

[ismaelsadeeq]

In fcaec25 "doc: release note for IPC cooldown and interrupt"

nit: No guarantee here, mention that it opportunistically waits for IBD to finish.