public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Rusty Russell <rusty@rustcorp.com.au>
To: "Bitcoin Dev" <bitcoin-dev@lists.linuxfoundation.org>
Cc: Matt Corallo <matt@chaincode.com>
Subject: [bitcoin-dev] [PROPOSAL] Emergency RBF (BIP 125)
Date: Sun, 02 Jun 2019 14:11:39 +0930	[thread overview]
Message-ID: <871s0c1tvg.fsf@rustcorp.com.au> (raw)

Hi all,

        I want to propose a modification to rules 3, 4 and 5 of BIP 125:

To remind you of BIP 125:
 3. The replacement transaction pays an absolute fee of at least the sum
    paid by the original transactions.

 4. The replacement transaction must also pay for its own bandwidth at
    or above the rate set by the node's minimum relay fee setting.

 5. The number of original transactions to be replaced and their
    descendant transactions which will be evicted from the mempool must not
    exceed a total of 100 transactions.

The new "emergency RBF" rule:

 6. If the original transaction was not in the first 4,000,000 weight
    units of the fee-ordered mempool and the replacement transaction is,
    rules 3, 4 and 5 do not apply.

This means:

1. RBF can be used in adversarial conditions, such as lightning
   unilateral closes where the adversary has another valid transaction
   and can use it to block yours.  This is a problem when we allow
   differential fees between the two current lightning transactions
   (aka "Bring Your Own Fees").

2. RBF can be used without knowing about miner's mempools, or that the
   above problem is occurring.  One simply gets close to the required
   maximum height for lightning timeout, and bids to get into the next
   block.

3. This proposal does not open any significant new ability to RBF spam,
   since it can (usually) only be used once.  IIUC bitcoind won't
   accept more that 100 descendents of an unconfirmed tx anyway.

4. This proposal makes RBF miner-incentive compatible.  Currently the
   protocol tells miners they shouldn't accept the highest bidding tx
   for the good of the network.  This conflict is particularly sharp
   in the case where the replacement tx would be immediately minable,
   which this proposal addresses.

Unfortunately I haven't found time to code this up in bitcoin, but if
there's positive response I can try.

Thanks for reading!
Rusty.


             reply	other threads:[~2019-06-02  4:41 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-02  4:41 Rusty Russell [this message]
2019-06-03  1:49 ` [bitcoin-dev] [PROPOSAL] Emergency RBF (BIP 125) rhavar
2019-06-03  9:48 ` Matt Corallo
2019-06-06  5:16   ` Rusty Russell
2019-06-09 14:07     ` David A. Harding
2019-06-10 16:34       ` rhavar
2019-06-14  5:50       ` Rusty Russell
2019-06-03 12:56 ` Russell O'Connor
2019-06-06  3:08   ` Rusty Russell
2019-06-09  4:21     ` Russell O'Connor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=871s0c1tvg.fsf@rustcorp.com.au \
    --to=rusty@rustcorp.com.au \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=matt@chaincode.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox