From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 27 Jan 2025 14:19:42 -0800 Received: from mail-qt1-f186.google.com ([209.85.160.186]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tcXSI-00036j-2W for bitcoindev@gnusha.org; Mon, 27 Jan 2025 14:19:42 -0800 Received: by mail-qt1-f186.google.com with SMTP id d75a77b69052e-467a4f0b53bsf179714831cf.3 for ; Mon, 27 Jan 2025 14:19:41 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1738016376; cv=pass; d=google.com; s=arc-20240605; b=UFqfnFDsfvGFTlcucciiJD3vmdWM3R6EkDK+Va49aVF1JDsfPAb+WQaB2lrkgsiAGU zSyWRnR8FYTtuDkCUtpHkdFcMiXOAXjBiXGv/u8W3FuG+q6xqmlVlM8kNnsWC7tFaB+P CsdCOMuJVosY1+DXxI+dPDS9HyQAvJ707CdyGkoxNmsnGFvzvhVfhd4UtRCLy/swow1+ V1hxKhWsuJyKCohqzZdK4gORfZOtXJaU5oyapqSKs2zERSYthPbH0hFKMON6pmMJX7LJ 3Ofp3iug+Sw6u3F4U24RnQgZ1/Yu69MSAvDQUgLUQ0E/b+zAUTIl9KA8MOancF25exIP +EhA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:message-id:references:in-reply-to :subject:cc:to:from:date:mime-version:sender:dkim-signature; bh=tliRThPRYpWOunnHcrniey5iarb3FdK72Q9xrFaPJmY=; fh=aVsMFfKt5sx+FZZWKLlknK8QxrdkuHwLVP8y41DsrEA=; b=Ok5IwvIG8ER3Jg8Zq11G+nxBRjucTcOpZ0kyUfN7TgBHX80dGdrXSRrO8qyCAq+0HX ddcPwXIsehv+f3lULPeXF5C9Dtpx7Vt4OQAMPiNd0mmm+K61xx4FRmvFvLbdYM9v7AA3 ZBr/W+h+hFRYiBXJIE6Pp5HhPLFVTqUtJqTzrJSAfPkC+j1I8cnpd//vNfGmBIxYDWF7 oSMrUHYD3uQIq1V4fx/FxB50xT3DLuY/VlRsFOOXg6moz69f3A/e5RkZJ5GwSA0nZW0X CpTMDjwBUzLn135ZXWMlrQE8gjFfnIo9iV8XWKN81qdpI3dOK0jXsav8+vib6uB/+9jn YRhA==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) smtp.mailfrom=dave@dtrt.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1738016376; x=1738621176; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:message-id:references:in-reply-to:subject:cc:to :from:date:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=tliRThPRYpWOunnHcrniey5iarb3FdK72Q9xrFaPJmY=; b=XCg1KqjiHwKoDGhij6vjgCeclJ5u4LMuRUyqFAuz5XQJ546w+tVDWBhEmwOTSb9rUR DDssvPSgyOFnkzDZlzAXWQEr6gOd62L2M6277DhusNzHYo5aLtbZEt7JazH8EDMbc34p XlAB8hQOdDK2N/VOhlo3uULv8j7jGKQEkjtpUkUNeZeH8ulxiGI+UMS0elmuyAX6wRYD zM13i25kY+xA3nN3Xdb2T+oVMyLBJJo/HqfQs4c8KsVqlaDOVd6dwrb/P7XGCo+tFUZ7 CXbXdP9lCR50eRLnrrQnQdptV1aXsH5trnwgdnQmiaAkXw4jbIeOS10cHG6e60CdIrPD +pRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738016376; x=1738621176; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:message-id:references:in-reply-to:subject:cc:to :from:date:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=tliRThPRYpWOunnHcrniey5iarb3FdK72Q9xrFaPJmY=; b=nZAPVIc1xmPWZ6zBlf2p35q6SErXe660MCgaLjehzA1yILdBoK/sRKpTDpZR8Deyxr 2CbOdzYKn4zd9Z5jlfZ8ejWca33qSe44t3Fr/G/ZM5Zh5qHAmueZiQQCOBL3SQAkz6v+ zQqgLMBZjs8MyTAul06RxsokqlfK0q9MeAW/vN8J8Dc5k04pa2wfDjTXjilyX7dEErDI 6vuw9pJ/6XuNiO4USz4R2h+nYMi6ez0lCeUO1UDhw4GUhsZYwU/4F7dOIgO3w1oe4AaY wXSCCEJm6CayAnipYzd0XEgjDw76oXGufaV8yo0SS+YbtBysunYkXdS7ouuRv4cRLdKr QfOQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXlCW32zkg5FtGGCWhONhrDMPSrbuQG56ZlcxPyYWSlSa9Uh5tFpfhtrJKLdlKkZZkWylMr+4Zu1Cnl@gnusha.org X-Gm-Message-State: AOJu0Yw2YgG8MZE/O7KqYcE0oK9Vx9PR4u+/B5HwUnq+jZHKmCW4ngxN QZa1Fn9DvkJEoqQkABpQWF+v3Y3JmMsVtWlUu5rAESA1uMBbdK/b X-Google-Smtp-Source: AGHT+IEeKTtEHDtbY9uh5DEGf6jAiYqnx+bOl8de/MwjkeDXv+h9b7bXYsUzCiLLL7H1x7n0HmQplg== X-Received: by 2002:a05:622a:24c:b0:46c:71f6:819b with SMTP id d75a77b69052e-46e12bdd346mr601453761cf.49.1738016376072; Mon, 27 Jan 2025 14:19:36 -0800 (PST) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:ac8:7cc:0:b0:467:5016:57f9 with SMTP id d75a77b69052e-46e5b3d5c52ls84531141cf.0.-pod-prod-04-us; Mon, 27 Jan 2025 14:19:33 -0800 (PST) X-Received: by 2002:a05:620a:4894:b0:7b6:ecaa:9633 with SMTP id af79cd13be357-7be631e6c02mr7828908485a.7.1738016373095; Mon, 27 Jan 2025 14:19:33 -0800 (PST) Received: by 2002:a05:620a:319c:b0:7b6:67a8:4fcd with SMTP id af79cd13be357-7bff5151275ms85a; Mon, 27 Jan 2025 14:17:14 -0800 (PST) X-Received: by 2002:a05:620a:f03:b0:7be:3d2f:16fc with SMTP id af79cd13be357-7be6325dc8emr6710313185a.51.1738016232460; Mon, 27 Jan 2025 14:17:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1738016232; cv=none; d=google.com; s=arc-20240605; b=lOiW4RTVfdqqYoLDA8yGBRO6pawKNJSh0bmoJrlkNeA8i1Wd4urbObW6vxnNi/LheT +wYP3ahT0BsWQf1/7j006RbbqoMr38zGStyb3eeMNERNT4sSIRBeW3UA+DznVIfR4shD MzQmjT8fIuA1ad3eznTAga9TBxCcD20dEngRl0on/n3Waoz6gWzz4tljYqqFi6sAIgI6 z2zwvKcJCVGtOdDPfjCPnUcps4rsuVLfPgm3olPCS5mY0T1IehwnUkRM9nqnrMDCAh+r DbR/BTYLfIZKPUtyboUMgq13gYo3nJ47I82qrT9AziDgun+wSdhN93Ud+fx/DnhfGiLj j7jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:message-id:references:in-reply-to:subject :cc:to:from:date:mime-version; bh=hWZldVEaSZXXtTSHjoJmaWkHKrh0YGXh2oW27BGupl8=; fh=1vJhtMnp845xQ5y34NlluuSEazdOjP1alCP9NGNZjsI=; b=GdONP/iku9D5TWnEmOMaICP+kuB4GEsxNJl/fc3aGNZZkNFD+DEC/z+zbBwBmIePnn re1YoLzNjx250w2zplGKP5IKKKif9dHx/7zc2ExwKzIRELd3KIedNNrlJJFxQu1jSysN p8fqU0eY1SVbAtMwmywF1AANcqhwJZ8oxO8DkSv3w9BYPEruZxoQdHrkuFLW8NSmh4Bj gAo97T2KCR24wzS8Hf7Hb6jTb7bI30c9Y920ecJhTgVwSmUe5QH3Th+3uDcIxW1v+xdf a3GbYwur+13B/Ysoxb86OnKaDBqf4CcbK638BWjCaEvD+8CbNqgnF0HFiJwj5LUzrlp+ S20w==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) smtp.mailfrom=dave@dtrt.org Received: from smtpauth.rollernet.us (smtpauth.rollernet.us. [208.79.240.5]) by gmr-mx.google.com with ESMTPS id af79cd13be357-7be9ae7caacsi37613685a.2.2025.01.27.14.17.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Jan 2025 14:17:12 -0800 (PST) Received-SPF: pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) client-ip=208.79.240.5; Received: from smtpauth.rollernet.us (localhost [127.0.0.1]) by smtpauth.rollernet.us (Postfix) with ESMTP id 94DE1280004F; Mon, 27 Jan 2025 14:17:05 -0800 (PST) Received: from webmail.rollernet.us (webmail.rollernet.us [IPv6:2607:fe70:0:14::a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by smtpauth.rollernet.us (Postfix) with ESMTPSA; Mon, 27 Jan 2025 14:17:05 -0800 (PST) MIME-Version: 1.0 Date: Mon, 27 Jan 2025 12:17:05 -1000 From: "David A. Harding" To: Antoine Riard Cc: Bitcoin Development Mailing List , security@ariard.me Subject: Re: [bitcoindev] [FULL DISCLOSURE]: Replacement Cycling Attacks on Attacks on Bitcoin Miners Block Templates In-Reply-To: References: Message-ID: <7aa8b4bd7c2d475ad07efb90d770fbd8@dtrt.org> X-Sender: dave@dtrt.org Content-Type: text/plain; charset="UTF-8"; format=flowed X-Rollernet-Abuse: mailto:abuse@rollernet.us https://www.rollernet.us/policy X-Rollernet-Submit: Submit ID 2921.679805e1.75e36.0 X-Original-Sender: dave@dtrt.org X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) smtp.mailfrom=dave@dtrt.org Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) On 2025-01-27 05:22, Antoine Riard wrote: > As soon as Alice's batch transaction starts to propagate, Mallet > consumes its 2 outputs with 2 chain of junk transactions to reach max > package limits (25 descendants) and block the carve-out. The junk > transactions are of size 150 bytes and feerates 2 satoshis per virtual > byte and they have 2 parents: one Alice's payout UTXO and one Mallet's > UTXO. > > Starting from this point, Alice's exchange server logic should either > (a) attempts a CPFP or (b) attempts a RBF on the batch transaction. As > there is no global mempool, Alice is uncertain on the explanation for > the lack of propagation of her batch transaction [...] Do I understand correctly that this attack only applies if Alice attempts to fee bump her batch transaction? In short, is this the attack: - Alice broadcasts a transaction. - Mallet pins Alice. - Alice doesn't realize she's been pinned and bumps the fees. - The bump doesn't propagate due to the pin, but Mallet receives it anyway somehow. - Mallet mines the fee bump, but nobody else mines it because it didn't propagate. Mallet thus makes more money than other miners. Thanks, -Dave -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/7aa8b4bd7c2d475ad07efb90d770fbd8%40dtrt.org.