Hi list,
Recent discussions among LN devs have brought back on the surface concerns about the security of multi-party funded transactions (coinjoins, dual-funded LN channels, on-chain DLCs, ...). It turns out there is a low-fruit, naive DoS vector playable against the funding flow of any such construction due to the lack of existent full-rbf transaction-relay topology on today's p2p network [0] [1]. While it does not consist in a direct loss of funds, if exploited well I think it's annoying enough to inflict significant timevalue loss or fee-bumping waste
to the future providers or distributed swarm of users doing multi-party funded transactions. Of course, it can be fixed one layer above by introducing either fidelity bonds or a reliable centralized coordinator, though at the price of an overhead per-participant ressources cost and loss in system openness [1].
For that reason, I believe it would be beneficial to the flourishing of multi-party funded transactions to fix the Dos vector by seeing a subset of the network running full-rbf and enabling propagation of honest multi-party transactions to the interested miners, replacing potential non-signaling double-spend from a malicious counterparty. Moving towards that direction, I've submitted a small patch against Bitcoin Core enabling it to turn on full-rbf as a policy, still under review [3]. The default setting stays **false**, i.e keeping opt-in RBF as a default replacement policy. I've started to run the patch on a public node at 146.190.224.15.
If you're a node operator curious to play with full-rbf, feel free to connect to this node or spawn up a toy, public node yourself. There is a ##uafrbf libera chat if you would like information on the settings or looking for full-rbf friends (though that step could be automated in the future by setting up a dedicated network bit and reserving a few outbound slots for them).
If you're a mining operator looking to increase your income, you might be interested to experiment with full-rbf as a policy. Indeed, in the future I believe the multi-party transactions issuers who need full-rbf to secure their funding flow should connect by default to full-rbf peers. One can conjecture that their transactions are likely to be more compelling in their feerate as their liquidity needs are higher than the simple transaction. For today, I think we have really few standards and bitcoin softwares relying on multi-party funded transactions [4].
If you're a Bitcoin user or business and you don't like full-rbf, please express an opinion on how it might affect your software/operations. I'm always interested to learn more about mempool and transaction-relay interactions with upper-layers and applications and to listen to feedback in those areas, and I guess a lot of other Bitcoin researchers/devs too. I know there have been a lot of concerns about full-rbf in the past, however I believe the Bitcoin ecosystem has matured a lot since then.
Any mistakes or missing context is my own.
Cheers,
Antoine
[0] For more info about replace-by-fee, see
https://bitcoinops.org/en/topics/replace-by-fee/[1] For more details about the DoS vector, see
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html[2] E.g I think it does not affect the Lightning Pool service, as there is a preliminary step where the participant funds are locked first in a 2-of-2 with the coordinator before being committed in the multi-party batch transaction.
[3]
https://github.com/bitcoin/bitcoin/pull/25353[4] E.g DLCs :
https://github.com/discreetlogcontracts/dlcspecs/blob/master/Transactions.md ; Lightning dual-funded channel :
https://github.com/lightning/bolts/pull/851