📅 Original date posted:2022-10-27
📝 Original message:I have more to say on this broader topic, but since you've brought up this
particular example I think it's worth commenting:
On Thu, Oct 27, 2022 at 1:23 PM Anthony Towns via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
> Is that true? Antoine claims [1] that opt-in RBF isn't enough to avoid
> a DoS issue when utxos are jointly funded by untrusting partners, and,
> aiui, that's the main motivation for addressing this now.
>
> [1]
> https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html
>
> The scenario he describes is: A, B, C create a tx:
>
> inputs: A1, B1, C1 [opts in to RBF]
> fees: normal
> outputs:
> [lightning channel, DLC, etc, who knows]
>
> they all analyse the tx, and agree it looks great; however just before
> publishing it, A spams the network with an alternative tx, double
> spending her input:
>
> inputs: A1 [does not opt in to RBF]
> fees: low
> outputs: A
>
> If A gets the timing right, that's bad for B and C because they've
> populated their mempool with the 1st transaction, while everyone else
> sees the 2nd one instead; and neither tx will replace the other. B and
> C can't know that they should just cancel their transaction, eg:
>
> inputs: B1, C1 [opts in to RBF]
> fees: 50% above normal
> outputs:
> [smaller channel, refund, whatever]
>
> and might instead waste time trying to fee bump the tx to get it mined,
> or similar.
>
> What should folks wanting to do coinjoins/dualfunding/dlcs/etc do to
> solve that problem if they have only opt-in RBF available?
>
I think this is not a real example of a DoS vector that is available
because we support non-rbf signaling transactions. Even in a world where
all transactions are replaceable, person A could double-spend their input
in a way that is annoying for B and C. For instance, the double-spend
could be low-feerate and large, and effectively pin any attempt to replace
it. Or it could be higher feerate and confirm and B/C have to start all
over. Or, A could stall things in the signing phase and B/C have to figure
out when to give up on the channel with A.
So I find this example to be unconvincing. Are there any other examples
where having a non-replacement policy for some transactions causes problems
for protocols people are trying to build?
Thanks,
Suhas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20221027/511dc909/attachment-0001.html>;
Suhas Daftuar [ARCHIVE] /
npub1ss…e0am4
2023-06-07 23:15:53
in reply to nevent1q…g3qp
Author Public Key
npub1ss2s89s938xfh3zzz0j2mhp25tlrlcrj0duljr0ne0t8v2r4cv0q5e0am4Published at
2023-06-07 23:15:53Event JSON
{
"id": "81ce6545b5400656e788d2a01c10978c573cc5a1ac36874b8bb86192b1854185",
"pubkey": "841503960589cc9bc44213e4addc2aa2fe3fe0727b79f90df3cbd6762875c31e",
"created_at": 1686179753,
"kind": 1,
"tags": [
[
"e",
"72e405df3aaafafab176501cba9ee9ab7db3f9a3f761dd313e13dd7ef49c1f95",
"",
"root"
],
[
"e",
"d95c88b7df7bc256850add9b44e4d2196ab32f8097026b54482f50c5e63fae90",
"",
"reply"
],
[
"p",
"f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab"
]
],
"content": "📅 Original date posted:2022-10-27\n📝 Original message:I have more to say on this broader topic, but since you've brought up this\nparticular example I think it's worth commenting:\n\nOn Thu, Oct 27, 2022 at 1:23 PM Anthony Towns via bitcoin-dev \u003c\nbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\n\u003e Is that true? Antoine claims [1] that opt-in RBF isn't enough to avoid\n\u003e a DoS issue when utxos are jointly funded by untrusting partners, and,\n\u003e aiui, that's the main motivation for addressing this now.\n\u003e\n\u003e [1]\n\u003e https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html\n\u003e\n\u003e The scenario he describes is: A, B, C create a tx:\n\u003e\n\u003e inputs: A1, B1, C1 [opts in to RBF]\n\u003e fees: normal\n\u003e outputs:\n\u003e [lightning channel, DLC, etc, who knows]\n\u003e\n\u003e they all analyse the tx, and agree it looks great; however just before\n\u003e publishing it, A spams the network with an alternative tx, double\n\u003e spending her input:\n\u003e\n\u003e inputs: A1 [does not opt in to RBF]\n\u003e fees: low\n\u003e outputs: A\n\u003e\n\u003e If A gets the timing right, that's bad for B and C because they've\n\u003e populated their mempool with the 1st transaction, while everyone else\n\u003e sees the 2nd one instead; and neither tx will replace the other. B and\n\u003e C can't know that they should just cancel their transaction, eg:\n\u003e\n\u003e inputs: B1, C1 [opts in to RBF]\n\u003e fees: 50% above normal\n\u003e outputs:\n\u003e [smaller channel, refund, whatever]\n\u003e\n\u003e and might instead waste time trying to fee bump the tx to get it mined,\n\u003e or similar.\n\u003e\n\u003e What should folks wanting to do coinjoins/dualfunding/dlcs/etc do to\n\u003e solve that problem if they have only opt-in RBF available?\n\u003e\n\nI think this is not a real example of a DoS vector that is available\nbecause we support non-rbf signaling transactions. Even in a world where\nall transactions are replaceable, person A could double-spend their input\nin a way that is annoying for B and C. For instance, the double-spend\ncould be low-feerate and large, and effectively pin any attempt to replace\nit. Or it could be higher feerate and confirm and B/C have to start all\nover. Or, A could stall things in the signing phase and B/C have to figure\nout when to give up on the channel with A.\n\nSo I find this example to be unconvincing. Are there any other examples\nwhere having a non-replacement policy for some transactions causes problems\nfor protocols people are trying to build?\n\nThanks,\nSuhas\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20221027/511dc909/attachment-0001.html\u003e",
"sig": "0c7d13f53d3fe67d7f0bafdee5c4c7dd3ba65bf1a64dcd36295144c21665c6f2d9a511bcb1eae262a28e631638c8b6e3417ae0c64dc52a522740206e0445da41"
}