From: Peter Todd <pete@petertodd.org>
To: alicexbt <alicexbt@protonmail.com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s security
Date: Sun, 26 Jun 2022 20:43:35 -0400 [thread overview]
Message-ID: <Yrj9N7k8osWsxhY4@petertodd.org> (raw)
In-Reply-To: <Pb8H4PbeS-RaNOKfekOPdY8gQo4_Syd3HoTK26AO872f7tCKyGnty56KtcvmvrXFOJdC7nQgNHoQ37M4MNXQ6vqQ9du6BFbvGLbY3BdYVpY=@protonmail.com>
[-- Attachment #1: Type: text/plain, Size: 1568 bytes --]
On Sun, Jun 26, 2022 at 04:40:24PM +0000, alicexbt via bitcoin-dev wrote:
> Hi Antoine,
>
> Thanks for sharing the DoS attack example with alternatives.
>
> > - Caroll broadcasts a double-spend of her own input C, the double-spend is attached with a low-fee (1sat/vb) and it does _not_ signal opt-in RBF
> > - Alice broadcasts the multi-party transaction, it is rejected by the network mempools because Alice double-spend is already present
>
> I think this affects almost all types of coinjoin transaction including coordinator based implementations. I tried a few things and have already reported details for an example DoS attack to one of the team but there is no response yet.
>
> It was fun playing with RBF, DoS and Coinjoin. Affected projects should share their opinion about full-rbf as it seems it might improve things.
>
> Example:
>
> In Wasabi an attacker can broadcast a transaction spending input used in coinjoin after sending signature in the round. This would result in a coinjoin tx which never gets relayed: https://nitter.net/1440000bytes/status/1540727534093905920
Note that Wasabi already has a DoS attack vector in that a participant can stop
participating after the first phase of the round, with the result that the
coinjoin fails. Wasabi mitigates that by punishing participating in future
rounds. Double-spends only create additional types of DoS attack that need to
be detected and punished as well - they don't create a fundamentally new
vulerability.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2022-06-27 0:43 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-14 0:25 [bitcoin-dev] Playing with full-rbf peers for fun and L2s security Antoine Riard
2022-06-15 2:27 ` Peter Todd
2022-06-15 2:53 ` Luke Dashjr
2022-06-15 3:18 ` Peter Todd
2022-06-16 0:16 ` alicexbt
2022-06-16 1:02 ` Greg Sanders
2022-06-16 1:45 ` alicexbt
2022-06-16 5:43 ` linuxfoundation.cndm1
2022-06-16 12:47 ` alicexbt
2022-06-16 13:24 ` Greg Sanders
[not found] ` <gmDNbfrrvaZL4akV2DFwCuKrls9SScQjqxeRoEorEiYlv24dPt1j583iOtcB2lFrxZc59N3kp7T9KIM4ycl4QOmGBfDOUmO-BVHsttvtvDc=@protonmail.com>
2022-06-17 1:34 ` Antoine Riard
2022-06-17 4:54 ` alicexbt
2022-06-19 10:42 ` Peter Todd
2022-06-21 23:43 ` Antoine Riard
2022-06-26 16:40 ` alicexbt
2022-06-27 0:43 ` Peter Todd [this message]
2022-06-27 12:03 ` Greg Sanders
2022-06-27 13:46 ` Peter Todd
2022-07-05 20:46 ` alicexbt
2022-07-08 14:53 ` Peter Todd
2022-07-08 15:09 ` Greg Sanders
2022-07-08 19:44 ` alicexbt
2022-07-09 15:06 ` Antoine Riard
2022-06-20 23:49 ` Peter Todd
2022-06-21 23:45 ` Antoine Riard
2022-06-23 19:13 ` Peter Todd
2022-08-24 1:56 ` Antoine Riard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yrj9N7k8osWsxhY4@petertodd.org \
--to=pete@petertodd.org \
--cc=alicexbt@protonmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox