From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sat, 20 Jul 2024 07:12:29 -0700 Received: from mail-oa1-f62.google.com ([209.85.160.62]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sVAp2-0003BY-JP for bitcoindev@gnusha.org; Sat, 20 Jul 2024 07:12:28 -0700 Received: by mail-oa1-f62.google.com with SMTP id 586e51a60fabf-25e919618c4sf2322789fac.2 for ; Sat, 20 Jul 2024 07:12:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1721484742; cv=pass; d=google.com; s=arc-20160816; b=BO9ShhrgpDJqJ8tNRfOSuAkYvmn7gt2PqTK9HCz1zex5S5NrKqTlco472R8OOytSEG LkmhuXEv5f5IDdTwH38qgkQaYEJGVJ/l1CXRRnwm7ljzIzkxaBBpl80YVufCMlCCs1MV 787KJDU4F0mSBC0cD1UR/GNvR8juPEyKm19oTfejz+Eefx9gsSoFPCuAr7Gpduv/3SCf kTbAvCkvwoE3qqrgMTF1FtsB+a+ejbyREiTFyj+Q8GlbF1r4zFWzoXC9F0mkOmwAGEyG ty29hRwWS+yYsjOYwtyt5pdNtLC3KhQHcBCMJuWCU7+MKIQxp8//NGbRVcahywPUn3tT rzSg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:sender:dkim-signature; bh=hSvvwGYFoGpN7gaOv9f2aapWBLmizKaUcgvJpp0ahb8=; fh=aTKRs3J2htqS/4JCDqRkqP7HmsuaZAc6uz0bGGRNtDk=; b=kV+xXxWoLi1Tcw/vtFkvAUlubkh0iKTQdLlYBLKxmLBY2umVzoFds/BBXdAoB4AMRO XR2KK2T6A+rxnlQr7YUoglwqIJkkiUxqjnos5SExE3lrNiV4blz4XR72/y704swQpC0b 2n9Sw/mNnsvpJmcS2T2+MVfY9jeGs/xN7qpEUv9YqQCHHvymxgmnsjMp7LoqcrcrRstF Pi6+oi0V7JTqlyt/l7QwJbxT8z7jvvf13IvR31ENW0sD7IgGdKEIlviJUiy+c8kHpv3y 0jzpjH/+ypArQlHbitEUjEFzKPSPUEYqZpAyXRyATc5xuZ4KuVbP7ZwC6CGRJh1QH5hg ktuA==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=sU3CQ8Cu; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) smtp.mailfrom=pete@petertodd.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1721484742; x=1722089542; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id:sender :from:to:cc:subject:date:message-id:reply-to; bh=hSvvwGYFoGpN7gaOv9f2aapWBLmizKaUcgvJpp0ahb8=; b=HjV3hxssjYl0R9rocBGsdMkLcdKziDslHIgdvkW0rG7IGygUjall6Ppsp58GnUyTth EQf0Kze5mk2nta702N8eHEqyyX3g31/2Q/ZqZcc1N2PXABqAqFyXZbTej9O2d1otii+/ o48FlkW4PBijcAs9pJ/+YNoaVxpWp0Ld3etD7KBDTP4gf+/mdU8NvtmFJvIhSvdG47YL e/iF2QBtHCb+1k2RFuRfFZFcqSilvN4Iboc70xHekMvFPktakEHSMLeqLBKEJictvWA4 Q3tFOAi8xRYnUm6sHJTYaMRYtg6F4MT7d/Z0tJFcCXuVZPOc22O7l38ZbhY2W3Wu3/il JbLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721484742; x=1722089542; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=hSvvwGYFoGpN7gaOv9f2aapWBLmizKaUcgvJpp0ahb8=; b=OzWbyQQJ8m9p5NDguXYJxbRHsMnUFaZzFFm/rx+8CXRq6SspeZRSe0/HnEl63zxPkW Rn3drDepxCe5xvg94BPYEGNBkCCDc5a6vwLjZp4UgvlXrf2EfcJLOowxC3esyz6yQv76 Ol+TXXPrdmmbVfvX6eAnNhCdRhfiwgM6gSYdp6Z9XJ6kfLYHqwFz/XyEGk5dJLd9x+3n cwqIahivlIOEhfcaRREbzgec5fH2IDOwW8TXaOxH5f51gcwC4Cdhv7w3eaUGUaGIrYl1 fJGb/TUVd951qH2fl0NbybW7C3so2FOS30Pbqz06sayAzDJkHpwAU+rqp9bF/dWXWAsA M2tQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVUHb2Wf3LROsEZ/BYzavh9gpvImFKWYC5HfMBLnoKiG1DHq0RmCwErCrdf5R/g72OXdWBIILp8ymHCwWPlD+Z+i6vfOn0= X-Gm-Message-State: AOJu0Yw1odsgYUi+5zw9DO6V+AfUyS47RYebq8kdg9cuhjjkuwKkZZZN 6N9uBW6N9xlAcyQnWUSGvWfW4g1O/7RGn9uqBb/R46FkcPYAfbWQ X-Google-Smtp-Source: AGHT+IEfjW2s/a3NCrULmRukyP2oH6//ETipD+PR0ti4zukrZkTxlGDXjuNOQvOaccupRPPNButtsw== X-Received: by 2002:a05:6870:f14a:b0:260:f75c:c28b with SMTP id 586e51a60fabf-2638df895eamr1116251fac.8.1721484741920; Sat, 20 Jul 2024 07:12:21 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6871:6188:b0:25e:160c:c90 with SMTP id 586e51a60fabf-260ec506795ls2906218fac.2.-pod-prod-08-us; Sat, 20 Jul 2024 07:12:20 -0700 (PDT) X-Received: by 2002:a05:6870:b1c6:b0:25e:d735:3b93 with SMTP id 586e51a60fabf-261216bdc10mr120508fac.9.1721484739975; Sat, 20 Jul 2024 07:12:19 -0700 (PDT) Received: by 2002:a05:6808:a09:b0:3d9:2ea5:e56e with SMTP id 5614622812f47-3dadf32f947msb6e; Sat, 20 Jul 2024 07:10:58 -0700 (PDT) X-Received: by 2002:a05:6a21:999e:b0:1c3:b296:972f with SMTP id adf61e73a8af0-1c4285d3565mr1916721637.15.1721484657163; Sat, 20 Jul 2024 07:10:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721484657; cv=none; d=google.com; s=arc-20160816; b=zIjjx6I0f+o5lDQGz/EzM3JlIcE004/0zsUiQ8a4tz1r3YfAf6BDusaRvG34oSqMrq tdW/E8rA4ssRzOHCh6ySN+tWRitZCHmKy2rCDK7FgIdFhrIywvBp5T1cyftREvg4rRg8 coDT8FW/qqYWcUE4hmVIzl5s1oLjetGD9+nfzC1ivf7/HYwDoLfk7KRUPpTXxkZhSVRA /upEKuRax7ijdX4oXFyZB2iX0PmBrHs2mzWGfx47/wMVLkoUSoFOjP90Dfi38/IORkxj tUUeDp4CqntpgTER7n9DXYyAi3M/eaMTczJdOmWbJudKPRMChvbsnN+/pdwya6JjxjtS Jv5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:feedback-id:dkim-signature; bh=0NLlPn2OPJ0+Y9IrvImSrzsuPXdfxlfeW9QBvKzRtM4=; fh=foaZ9w3C3c5ltuXRyLrsJcSZd5F+/L4e8AHpKYxjE8o=; b=gWxRwqZt6tO+AkZQiZWJqXQFdjw02Z6bWvNCzdg3mtOaqH6IN77uofpnIjerjd9vq9 camR+jEtKnGolYFImQQVu9V1xstYSiQM2L7PXxx7XS6WvVv1ZutRv9zofbE6aLfQURNg RNdjBH7rD98faXSxJwidMOU2Ha27ckdMpOFjmr5Ar/XzlQQVCnsq6HdqHxMkMAWLkyz+ Ry84Tv0H3xZ6JfoeOiXR2psmb3g92F+EBuN2n8boCCpLK9rilhLjQ2LUNjxUgU8lerSu jE2FaMdZ1oWFVcJSA4CikGnYpuaY1m9R+GJYkv6L9xHc+7vZx8CCHg2V8ogTnip4rwej gFCA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=sU3CQ8Cu; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) smtp.mailfrom=pete@petertodd.org Received: from fhigh8-smtp.messagingengine.com (fhigh8-smtp.messagingengine.com. [103.168.172.159]) by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-70d130b6123si31444b3a.0.2024.07.20.07.10.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Jul 2024 07:10:57 -0700 (PDT) Received-SPF: pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) client-ip=103.168.172.159; Received: from compute8.internal (compute8.nyi.internal [10.202.2.227]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 05A8A11401A9; Sat, 20 Jul 2024 10:10:56 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute8.internal (MEProxy); Sat, 20 Jul 2024 10:10:56 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrheefgdejvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmdenuc fjughrpeffhffvvefukfhfgggtuggjsehgtdorredttddvnecuhfhrohhmpefrvghtvghr ucfvohguugcuoehpvghtvgesphgvthgvrhhtohguugdrohhrgheqnecuggftrfgrthhtvg hrnhepvedutefhffeuudduleekudejjeekleegudeiveejudeitedvtdevudeuteevheeg necuffhomhgrihhnpehgohhoghhlvgdrtghomhdpphgvthgvrhhtohguugdrohhrghenuc evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvghtvges phgvthgvrhhtohguugdrohhrgh X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 20 Jul 2024 10:10:55 -0400 (EDT) Received: by localhost (Postfix, from userid 1000) id 26DCB5F83F; Sat, 20 Jul 2024 14:10:49 +0000 (UTC) Date: Sat, 20 Jul 2024 14:10:49 +0000 From: Peter Todd To: Murch Cc: bitcoindev@googlegroups.com Subject: Re: [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core Message-ID: References: <6f6177b4-4fd3-4c22-ad13-97d430d7d0bc@murch.one> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Ktj3vlIIKXJ8qT/d" Content-Disposition: inline In-Reply-To: <6f6177b4-4fd3-4c22-ad13-97d430d7d0bc@murch.one> X-Original-Sender: pete@petertodd.org X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=sU3CQ8Cu; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) smtp.mailfrom=pete@petertodd.org Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) --Ktj3vlIIKXJ8qT/d Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline On Fri, Jul 19, 2024 at 02:26:44PM -0400, Murch wrote: > On 7/18/24 11:56, Peter Todd wrote: > > # Summary > > > > This is a public disclosure of a vulnerability that I previously disclosed to > > the bitcoin-security mailing list. > > It seems redundant to point out that some transactions are only relayed by a > subset of a node population if there are multiple diverging mempool policies > with significant adoption. 1) So you agree with me in general that this is just one of a large class of "free" relay attacks? 2) You should re-read my analysis. You do _not_ need significant adoption of the diverging mempool policy for this attack to work. Literally a single miner is sufficient. Indeed, as I pointed out one month ago on this mailing list, a "free" relay "attack" was happening by accident due to good samaritans attemping to spend Lightning anchor outputs to clean up the UTXO set, accidentally pinning Lightning nodes in the process, and the fact that Libre Relay's RBFR was already sufficent to get the intended transactions mined: "Libre Relay v27.1 released with lower 1.25x replacement threshold" - Jun 20th 2024 https://groups.google.com/g/bitcoindev/c/n2GNmnz0btw/m/IemUVKBoAgAJ > However, I concur that Bitcoin Core should match its default setting for > `mempoolfullrbf` to the behavior of miners, and there appears to be palpable > evidence that a supermajority of the hashrate has enabled `mempoolfullrbf`. Thanks! -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZpvFaRDoNbzSOgIq%40petertodd.org. --Ktj3vlIIKXJ8qT/d Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmabxVEACgkQLly11TVR Lzcs+RAAnTcZ3xUepdr/ySzRzZS5987+PLRGt+AsDgJvVKxrMFiNSvDfRg+pB5D7 52yRMHsA0KzMFkvfj93Yi18p5fdJOWmbPV2UprQr53Lt1T8fFT9RzF98zhzDoXfm 1+IzxjWk/hY2r4mGTVm69tuHr5Ffz6Xz3IGD3ajZQ63Z5A9/iPCWqpnZElZzg8uH 9cpimJIqVNGdWjYq8++HOc737/lrjRuzTgBg++/2witU9HKkCEA+N6qqALipZ6/A tLOUbmWeCJvKfFtSh/vto6QOax5Z790L4bPPuc3O9VKCBa/HZabVbUxvhsXXwNz+ b0XO8yyAT9G5N4l8eLn5yEXtS6zSyR0tmp36CZwlGtoMhrttNm9GKJEK89/+O6cV 4HVs7+y97PwjfbPihcT84PeMj9g7cgJ0RI+fTNDwRY0daGR6KoziQaeCLl/7ELha nlBs5A7STI3c8CxfsQ/flpfElCFHAwHFW2bYWQKrmgUxwOqQApTuTjpXDhSZvVvq mopNaMrx6VPj2kJ7hbN90hZr36sAzsqvODt3JeR5T8xAgE6Ay1zoFGtbDVDI2nsJ BMJHXATJNv2bOqbLvhV23uAJMpMvbsFb1cR9iMxTpU4nydRdGmrrzr0Om7xpEN04 advag8CWAPSNekpH3QtHu1Wig4kaVqRRaFH3TWOWnEkIcrpkuNs= =KGW7 -----END PGP SIGNATURE----- --Ktj3vlIIKXJ8qT/d--