* [bitcoin-dev] Denial of Service using Package Relay
@ 2023-07-06 16:22 alicexbt
2023-07-06 17:24 ` Andrew Chow
0 siblings, 1 reply; 2+ messages in thread
From: alicexbt @ 2023-07-06 16:22 UTC (permalink / raw)
To: Bitcoin Protocol Discussion
Hi Bitcoin Developers,
I think its possible to use [package relay][0] for DoS attack in coinjoin. A few other projects could also be affected by packages. Since its a proposal that adds new P2P messages, transaction relay etc. its as important as any soft fork. Let me know if I am missing something.
Consider there are 2 coinjoin implementations: A and B
1) Register input in A
2) Double spend same input with zero fee to your own address
3) Register unconfirmed UTXO from 2 in B
4) B relays a package in which coinjoin transaction (child) pays for 2 (parent)
Users and coinjoin implementation B, both are incentivized to attack in this case.
Attacker could also use a different approach and register same input in A, B although there are some tradeoffs:
- If input gets included in a coinjoin transaction broadcasted by A, there is nothing much B can do about it. RBF with multiple users isn't easy and costly.
- Implementation with less users participating in a round would have an advantage.
[0]: https://gist.github.com/sdaftuar/8756699bfcad4d3806ba9f3396d4e66a
/dev/fd0
floppy disk guy
Sent with Proton Mail secure email.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bitcoin-dev] Denial of Service using Package Relay
2023-07-06 16:22 [bitcoin-dev] Denial of Service using Package Relay alicexbt
@ 2023-07-06 17:24 ` Andrew Chow
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Chow @ 2023-07-06 17:24 UTC (permalink / raw)
To: bitcoin-dev
On 07/06/2023 12:22 PM, alicexbt via bitcoin-dev wrote:
> 1) Register input in A
> 2) Double spend same input with zero fee to your own address
> 3) Register unconfirmed UTXO from 2 in B
Why would unconfirmed inputs be accepted in a coinjoin? That seems
unsafe, regardless of package relay. The sender of the unconfirmed
transaction can already replace it thereby pinning or otherwise
invalidating the coinjoin, it doesn't need package relay.
Furthermore, the coordinator B shouldn't accept the unconfirmed UTXO
from 2 because it doesn't even know about that unconfirmed transaction.
It has zero fee, so it's not going to be relayed.
Conceivably a similar attack can already be done by simply registering
the same UTXO with multiple coordinators anyways. This doesn't require
package relay either.
***
Package relay should help coinjoins since any one of the participants
can rebroadcast the coinjoin with a further CPFP if the coinjoin is
below the minimum relay fee. Some of the upcoming package RBF proposals
should also help by allowing other child transactions in the package to
RBF the entire thing, thereby resolving the need to have everyone
re-sign the coinjoin in order to RBF.
Andrew
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-07-06 17:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-06 16:22 [bitcoin-dev] Denial of Service using Package Relay alicexbt
2023-07-06 17:24 ` Andrew Chow
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox