It seems that for the SC support block by default we increased the nBlockPrioritySize value from 1Mb to 2Mb, so in case we will have the block with Txs only, it will be possible to create a full BlockTxPartition with free transactions only.

A possible option can be to have different policy for certs and txs in context of priority. For Txs we will allow as before 1 MB of txs partition at most. Considering the fact certs have 2Mb more "space" in the block without Txs, populate block with certs by fee only, but allow zero fee certs as well, for example.

For the time being I will set the default priority size value to half the value of the tx partition size, that would comply with the first consideration.

The second part of the comment will be discussed in the final code review.

We also must be careful when we are sorting cetificates based on fee: if we are run out of priority space (or the miner set it to 0) and a certificate has a feeRate < minFeeRate, the certificate would not be included in the block. Therefore we should also add a check when creating a certificate and broadcasting to the network.

After discussion, we don't need to use the maximum priority for certificates because they already have a mechanism to be prioritized over txs up to 2MB. After having reached that limit they will compete by fee with txs. Remove the specific implementation for certs of CCertificateMemPoolEntry::GetPriority and use the standard way for calculating the priority.

Priority block size will be kept at 1MB even if currently is almost useless (the current code base contains a bug because ComputePriority does not check if the tx contains joinsplits then nothing is prioritized if not specifically set by the miner through api).

is it correct to compare txs + certs number with block size in bytes: (block.vtx.size() + block.vcert.size()) > block_size_limit? Seems redundant.

We agreed that it might as well be removed, it is comparing different sizes (cardinality vs block size)

We may have 2 different loops: first one with nTxPartSize check only and if there are errors then do another one with CheckTransaction to prevent complex unnecessary verification:

if (block.nVersion == BLOCK_VERSION_SC_SUPPORT) {
  for(const CTransaction& tx: block.vtx) {
    nTxPartSize += tx.GetSerializeSize(SER_NETWORK, PROTOCOL_VERSION);
    if (nTxPartSize > BLOCK_TX_PARTITION_SIZE)
      return error(...);
  }
}
for(const CTransaction& tx: block.vtx) {
  if (!CheckTransaction(tx, state, verifier)) {
    return error("CheckBlock(): CheckTransaction failed");
  }
}

Agree, in case of attack the check in this approach is more efficient

agree

why a user can set it to an arbitrary value?

Ok, it is now applicable only in regtest

In this way we are serializing all txs twice. Is it possible to customize a method to perform both checks for whole block and txs?

Done, added a new CBlock method for getting block size and total tx size

After discussion, we don't need to use the maximum priority for certificates because they already have a mechanism to be prioritized over txs up to 2MB. After having reached that limit they will compete by fee with txs. Remove the specific implementation for certs of CCertificateMemPoolEntry::GetPriority and use the standard way for calculating the priority.

Priority block size will be kept at 1MB even if currently is almost useless (the current code base contains a bug because ComputePriority does not check if the tx contains joinsplits then nothing is prioritized if not specifically set by the miner through api).

Remove it. Useless if

Done