From: Peter Todd <pete@petertodd.org>
To: bitcoindev@googlegroups.com
Subject: [bitcoindev] A Free-Relay Attack Exploiting Min-Relay-Fee Differences
Date: Sun, 31 Mar 2024 17:31:47 +0000 [thread overview]
Message-ID: <ZgmeAzZp8RS6uMdc@petertodd.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2139 bytes --]
It's common for some nodes, especially miners, to have larger than default
mempools, leading to lower-than-normal minrelayfees. This can be exploited for
free-relay attacks as follows:
1. Publish tx A, with an unusually low fee-rate, below typical
min-relay-fees, but with a sufficient size to have a reasonably large absolute
fee. In my experience it is not difficult to get very low fee rate
transactions mined if they're broadcast by well-connected nodes. Specific
connections to miners is not required.
2. Publish B, double-spending A, with a fee-rate high enough to be accepted by
most mempools. But with a total fee less than A.
3. Publish C, spending B, with a low fee rate and large size. Nodes with A will
not accept C, as it spends a txout that they're not aware of.
4. To recover funds, double-spend A with A', with a sufficiently high fee-rate
to get mined.
Since package replacement has not been implemented, the combination of C and B
will not replace A, and the total cost of the attack will be limited to the
cost of spending A.
As usual, C can in turn be double-spent at higher and higher fee-rates. C could
also be double-spent across multiple different nodes with different, almost
identical, variants of C.
# Mitigation
Package replacement. Though it is still economically irrational for miners to
"mitigate" this attack: they earn more money by simply mining the high fee-rate
A', with replace-by-fee-rate.
# Responsible Disclosure
You're reading it. Since this type of attack is public, other variants of
attacks along these lines should just be openly discussed. Better to have
plenty of people who understand the issue so there's lots of eyes on potential
fixes.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZgmeAzZp8RS6uMdc%40petertodd.org.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
reply other threads:[~2024-03-31 18:31 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZgmeAzZp8RS6uMdc@petertodd.org \
--to=pete@petertodd.org \
--cc=bitcoindev@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox