From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z2c1m-0000HZ-50 for bitcoin-development@lists.sourceforge.net; Wed, 10 Jun 2015 09:10:30 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.93 as permitted sender) client-ip=62.13.148.93; envelope-from=pete@petertodd.org; helo=outmail148093.authsmtp.net; Received: from outmail148093.authsmtp.net ([62.13.148.93]) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1Z2c1j-00081J-Qg for bitcoin-development@lists.sourceforge.net; Wed, 10 Jun 2015 09:10:30 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt16.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t5A9AK4K071047; Wed, 10 Jun 2015 10:10:20 +0100 (BST) Received: from savin.petertodd.org (75-119-251-161.dsl.teksavvy.com [75.119.251.161]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id t5A9AExo044943 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 10 Jun 2015 10:10:16 +0100 (BST) Date: Wed, 10 Jun 2015 05:10:13 -0400 From: Peter Todd To: Bitcoin Dev Message-ID: <20150610091013.GA21649@savin.petertodd.org> References: <20150526051305.GA23502@savin.petertodd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline In-Reply-To: <20150526051305.GA23502@savin.petertodd.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 82ac2220-0f50-11e5-b396-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdwIUEkAaAgsB AmMbWlReUV17WGU7 bA9PbARUfEhLXhtr VklWR1pVCwQmRRlw D29rGkZycwFPfH0+ bEJkXD5TXhUpd0R/ QlNUQ2gGeGZhPWUC AkNRcR5UcAFPdx8U a1UrBXRDFzxFJT59 JAI+OXUKNDtSYB5Y WgUEJl9XS1dOMDMx DwgLAT4vVUQKTiQ1 NABuAF8AF0EQNA0Z NkEsEUxAdUZKTFc2 X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 75.119.251.161/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1Z2c1j-00081J-Qg Subject: [Bitcoin-development] First-Seen-Safe Replace-by-Fee patch against Bitcoin Core v0.10.2 X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2015 09:10:30 -0000 --fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable First-seen-safe Replace-by-Fee is now available as a patch against v0.10.2: https://github.com/petertodd/bitcoin/tree/first-seen-safe-rbf-v0.10.2 I've also had a pull-req against git HEAD open for a few weeks now: https://github.com/bitcoin/bitcoin/pull/6176#issuecomment-104877829 I've got some hashing power interested in running this patch in the near future, so I'm offering a bounty of up to 1 BTC to anyone who can find a way to attack miners running this patch. Specifically, I'm concerned about things that would lead to significant losses for those miners. A total crash would be considered very serious - 1 BTC - while excess bandwidth usage would be considered minor - more like 0.1 BTC. (remember that this would have to be bandwidth significantly in excess of existing attacks) For reference, here's an example of a crash exploit found by Suhas Daftuar: https://github.com/bitcoin/bitcoin/pull/6176#issuecomment-104877829 If two people report the same or overlapping issues, first person will get priority. Adding a new test that demos your exploit to the unit tests will be looked upon favorably. That said, in general I'm not going to make any hard promises with regards to payouts and will be using my best judgement. I've got a bit over 2BTC budgetted for this, which is coming out of my own pockets - I'm not rich! All applicants are however welcome to troll me on reddit if you think I'm being unfair. Suhas: speaking of, feel free to email me a Bitcoin address! :) --=20 'peter'[:-1]@petertodd.org 000000000000000006dd456cf5ff8bbb56cf88e9314711d55b75c8d23cccddd5 --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJVd/7wXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAwNmRlNjExMDk2OTVhNGFhN2FkNDNlMDEwMmQwNTQzNjI4 MGYzZGY3NzY0NmZhNWYvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfuV6Af6A2w//0XihKicuZ9++N26BHO9 NqCEQXt4ZMpjQPg+2PXxE21nvGX9Yb7uqiHrwgjCTozTEb6NEoY3ZX2cHsFyDZBv iph0g+ho3GYvzGadCzmvVY+Tcym2/cP5VuVds7caF5e60iqtHFV3M4MRcs2QBXAn Z7+5no/gVriIBYec8T6Z4kTltCNl5ODzxhnlV622iOdd4TwkTKnekjRWDG4vBces oWTGQ9p5Seu6AGP19L69vyzGKbbX2DistdnEUtmcDmQMa+MC0H56WUjv76UbuhMk ywiBLOh8KZlC/w0killHO6mJTWpI3zMY3Lxvpvi9xgyRWxXdcn4mqy/gmzI5TA== =QQED -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--