public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Antoine Riard <antoine.riard@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core
Date: Thu, 15 Aug 2024 21:45:16 -0700 (PDT)	[thread overview]
Message-ID: <04a22956-b722-4f6c-b8d5-0f8905359721n@googlegroups.com> (raw)
In-Reply-To: <ZqlBKVXBKKIurBPk@petertodd.org>


[-- Attachment #1.1: Type: text/plain, Size: 5602 bytes --]

Hi Peter,

> It is not.
> 
> I've actually *accidentally* exploited this type of pinning vector a few 
times
> in Lighting channels by simply force closing them at times when fee-rates 
were
> high. I've even twice managed to delay the force close of a channel by 
testing
> out justice transactions by broadcasting a low fee-rate, revoked 
commitment,
> which the counterparty node did not notice. Instead, the channel just 
stayed
> in limbo for a few days until the node finally got in a normal force-close
> using the non-revoked state after fees reduced. In both cases, both 
endpoints
> were LND using compact block filters (I was running both nodes in these 
tests).
> IIUC the LND compat block filter implementation does not track mempool
> transactions, so it only notices revoked commitment transactions when they
> appear in blocks (notice how this means that the lack of package relay 
will
> render LND's fee-bumping code potentially useless if the conflicting 
commitment
> transaction is equal or greater fee/fee-rate).
> 
> I haven't tried fully exploiting this particular scenario by maximizing 
the
> number of HTLCs in flight; I was just trying out stuff manually. Someone
> should.
> 
> It should be relatively easy to automate this class type of attack by 
simply
> picking opportunities for it based on fee rates. It's quite common for fee
> spikes to cause conditions where you can easily predict that fees won't go
> below certain levels for many blocks in the future, multiple days even. 
Your
> claim that "estimating feerates correctly for over 144 blocks in a row 
sounds
> difficult" is very wrong.

After reading Dave description of the "loophole pinning" attack, which is a
re-formalization of my gitub comment on one of the TRUC PR, I'm not entirely
sure, we're describing the same exploitation scenario. Finely evaluating the
viability of an attack, before the attack scheme and attacker capabilities 
are
fleshed out is a bit premature...

Especially, when you're saying few more lines after that you have tried to
fully exploit this scenario with HTLCs in flights, and all other attempts
were more accidental and without being sure the LND software correctly
implements RBF, including the rule 5 penalty computation at all time (you're
observing yourself the limitations of LND's fee-bumping code).

If there is a lightning node on mainnet of yours that your formally 
authorize
me to test some pinning attacks, I could try a demo. Alternatively, I can
setup a LN node + full-node on some long-running infrastructure, if you wish
to try the scenario on your side. Though, as observed by Dave there is no
lightning code written yet to opt-in into TRUC transactions.

On the last observation, I agree with you that is a class type of attack 
that
one could automate by leveraging fee-estimation algorithms.

Best,
Antoine
ots hash: a958c5bf1a5af3f3fd2b3788b201b95707621cfecc9b1478075a0da4d8c5c0a5

Le mardi 30 juillet 2024 à 20:58:08 UTC+1, Peter Todd a écrit :

> On Mon, Jul 29, 2024 at 06:57:17PM -1000, David A. Harding wrote:
> > Given the first point and the last point, I'm not sure how viable the
> > attack is (but, as I said, I'm not sure I understand it). Estimating or
> > manipulating feerates correctly for over 144 blocks in a row sounds
> > difficult. Counterparties being able to deprive Mallory of profit seems
> > like a major weakness.
>
> It is not.
>
> I've actually *accidentally* exploited this type of pinning vector a few 
> times
> in Lighting channels by simply force closing them at times when fee-rates 
> were
> high. I've even twice managed to delay the force close of a channel by 
> testing
> out justice transactions by broadcasting a low fee-rate, revoked 
> commitment,
> which the counterparty node did not notice. Instead, the channel just 
> stayed
> in limbo for a few days until the node finally got in a normal force-close
> using the non-revoked state after fees reduced. In both cases, both 
> endpoints
> were LND using compact block filters (I was running both nodes in these 
> tests).
> IIUC the LND compat block filter implementation does not track mempool
> transactions, so it only notices revoked commitment transactions when they
> appear in blocks (notice how this means that the lack of package relay will
> render LND's fee-bumping code potentially useless if the conflicting 
> commitment
> transaction is equal or greater fee/fee-rate).
>
> I haven't tried fully exploiting this particular scenario by maximizing the
> number of HTLCs in flight; I was just trying out stuff manually. Someone
> should.
>
> It should be relatively easy to automate this class type of attack by 
> simply
> picking opportunities for it based on fee rates. It's quite common for fee
> spikes to cause conditions where you can easily predict that fees won't go
> below certain levels for many blocks in the future, multiple days even. 
> Your
> claim that "estimating feerates correctly for over 144 blocks in a row 
> sounds
> difficult" is very wrong.
>
> -- 
> https://petertodd.org 'peter'[:-1]@petertodd.org
>

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/04a22956-b722-4f6c-b8d5-0f8905359721n%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 6889 bytes --]

  reply	other threads:[~2024-08-16  4:47 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-18 15:56 [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core Peter Todd
2024-07-18 23:04 ` [bitcoindev] " Antoine Riard
2024-07-19  1:05   ` Peter Todd
2024-07-19 13:52     ` Antoine Riard
2024-07-19 14:38       ` Peter Todd
2024-07-19 23:58         ` Antoine Riard
2024-07-20  0:46           ` 'Ava Chow' via Bitcoin Development Mailing List
2024-07-21  2:06             ` Antoine Riard
2024-07-21 20:17               ` 'Ava Chow' via Bitcoin Development Mailing List
2024-07-22  1:59                 ` 'Anonymous User' via Bitcoin Development Mailing List
2024-07-24  0:44                   ` Antoine Riard
2024-08-01  5:57                   ` Garlo Nicon
2024-07-24  0:35                 ` Antoine Riard
2024-07-19 12:41 ` /dev /fd0
2024-07-19 23:56   ` Antoine Riard
2024-07-20  5:57     ` /dev /fd0
2024-07-20 15:08       ` Peter Todd
2024-07-21  2:13         ` Antoine Riard
2024-07-21  6:16         ` /dev /fd0
2024-07-21  2:12       ` Antoine Riard
2024-07-19 18:26 ` [bitcoindev] " Murch
2024-07-20 14:10   ` Peter Todd
2024-07-20  6:41 ` David A. Harding
2024-07-20 15:03   ` Peter Todd
2024-07-20 15:30     ` Peter Todd
2024-07-21 15:35     ` David A. Harding
2024-07-21 20:25       ` Peter Todd
2024-07-24  0:38       ` Antoine Riard
2024-07-21  2:10   ` Antoine Riard
2024-07-22 15:10     ` Peter Todd
2024-07-24  0:41       ` Antoine Riard
2024-07-30  4:57     ` David A. Harding
2024-07-30 19:38       ` Peter Todd
2024-08-16  4:45         ` Antoine Riard [this message]
2024-08-16  4:20       ` Antoine Riard
2024-07-22 11:45   ` [bitcoindev] RBFR makes the CPFP carve-out obsolete with cluster mempool, without upgrading LN nodes; TRUC/V3 does not Peter Todd
2024-07-22 16:43     ` David A. Harding
2024-07-22 20:06       ` Peter Todd
2024-07-22 22:08         ` David A. Harding
2024-07-23 11:29           ` Peter Todd
2024-07-24  0:42           ` Antoine Riard
2024-07-22 17:13   ` [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core Peter Todd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=04a22956-b722-4f6c-b8d5-0f8905359721n@googlegroups.com \
    --to=antoine.riard@gmail.com \
    --cc=bitcoindev@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox