Re: [bitcoin-dev] [Opt-in full-RBF] Zero-conf apps in immediate danger

From: Daniel Lipshitz <daniel@gap600•com>
To: Antoine Riard <antoine.riard@gmail•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Opt-in full-RBF] Zero-conf apps in immediate danger
Date: Fri, 2 Dec 2022 08:59:01 +0200	[thread overview]
Message-ID: <CACkWPs_fgjkF8wJxUVex=R4sS-B6R+UgtqVQU0T-8vzpHjWT2Q@mail.gmail.com> (raw)
In-Reply-To: <CALZpt+GnTE+LMSMHVt-E7Uq0FeuqrSKyr1m9OJa_yKkh6MrgzA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 6937 bytes --]

HI Antoine

Thank you for all the references - I agree with Sergej
statement "opportunity makes the thief"

The 1.5M trxs are all BTC which our clients query, I dont have specifics
for those trxs i.e. reasons for not being confirmed. However we target to
achieve +90% confirmation of trxs for our clients. Fee rates the
transactions generally follow standard fee/rate policy similar to all
industry recommendations, we recommend higher priority fee rate but approve
trxs well below that level. I would say we havent seen a trx with medium
fee rate be double spend - this is excluding race attacks or as you
mentioned ancestral unconfirmed attacks.

Opt in RBF is used in many ways to try to do double spends - i.e with
ancestral attacks inputs which are not confirmed, and also publishing the
RBF first and then the straight trxs later. In general double spends excl
Optin RBF does not occur alot at all - but the presence of a potential risk
causes everyone to wait back for confirmations.

Looking at a sample of latest 4.3M trxs, I can see crica 11k trxs which
seem to be double spent vast majority of these will be RBF, also on trx
that are high risk and we dont confirm the attacker has no incentive to
follow through with the second trxs.

I see quite a bit of reference to the benefit to miners for RBF - I would
think this cash flow benefit is not significant but I would suggest getting
input from a miner themselves.

Best
Daniel

________________________________

Daniel Lipshitz
GAP600| www.gap600.com
Phone: +44 113 4900 117
Skype: daniellipshitz123
Twitter: @daniellipshitz

On Fri, Dec 2, 2022 at 3:52 AM Antoine Riard <antoine.riard@gmail•com>
wrote:

> Hi Daniel,
>
> From my understanding of GAP600, you're operating a zero-conf risk
> analysis business, which is integrated and leveraged by payment
> processors/liquidity providers and merchants. A deployment of fullrbf by
> enough full-node operators and a subset of the mining hashrate would lower
> the cost of double-spend attack by lamda users, therefore increasing the
> risk exposure of your users. This increased risk exposure could lead you to
> alter the acceptance of incoming zero-conf transactions, AFAICT in a
> similar reasoning as exposed by Bitrefill earlier this year [0].
>
> About the statistics you're asking for considerations, few further
> questions, on those 1.5M transactions per month, a) how many are
> Bitcoin-only (as I understand to be multi-cryptocurrencies), b) how many
> are excluded from zeroconf due to factors like RBF, long-chain of
> unconfirmed ancestors or too high-value and c) what has been the average
> feerate (assuming a standard size of 200 bytes) ?
>
> My personal position on fullrbf is still the same as expressed in #26525
> [1]. As a community, I think we still don't have conceptual consensus on
> deploying full-rbf, neither to remove it. In the direction of removing the
> current option from Bitcoin Core, I think the prerequisite to address are
> the qualification of enough economic flows at risk and the presence of a
> sizable loss in miners income. Beyond that, I think there is still the open
> question if we (we, as the Bitcoin protocol development community, with all
> its stakeholders) should restrain user choice in policy settings in the
> name of preserving mining income and established use-case stability.
>
> To recall, the original technical motivation of this option, and the wider
> smoother deployment was to address a DoS vector affecting another class of
> use-case: multi-party transactions like coinjoin and contracting protocols
> like Lightning [2] [3]. All of them expect to generate economic flows and
> corresponding mining income. Since then, alternative paths to solve this
> DoS vector have been devised, all with their own trade-offs and conceptual
> issues [4] [5].
>
> Best,
> Antoine
>
> [0]
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-October/021070.html
> [1] https://github.com/bitcoin/bitcoin/pull/26525#issuecomment-1319499006
> [2]
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020557.html
> [3]
> https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-May/003033.html
> [4]
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-October/021135.html
> [5]
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-November/021144.html
>
> Le jeu. 1 déc. 2022 à 07:32, Daniel Lipshitz via bitcoin-dev <
> bitcoin-dev@lists•linuxfoundation.org> a écrit :
>
>> HI All
>>
>> I am the CEO of GAP600. We guarantee zero confirmed Bitcoin and other
>> crypto  transactions, BTC is a primary part of our business. Our guarantee
>> enables our customers to recognise zero-conf deposits. We reimburse our
>> clients value of the trx should we get it wrong and a transaction we
>> confirmed gets double spent.
>>
>> Should full RBF become default enabled and significantly adopted this
>> would have a major impact on the capacity to accept zerof confs on mainnet.
>> With the end result being this use case will be forced to move to a
>> different chain, with lightning being just another option.
>>
>> I wanted to share some statistics about how significant this use case is.
>> GAP600 clients are primarily payment processors and non custodial
>> liquidity providers; you can see some of our clients on our site
>> www.gap600.com. There are also merchants who have developed their own
>> tools so GAP600 statistics are only a subset of the full use case.
>>
>> I do not know of any wallet, exchange or custodian who accepts zero conf
>> without having some sort of solution in place. The market seems to be fully
>> aware of the risks of zero-conf. The opt-RBF seems to be a solution which
>> gives a clear free choice for actors.
>>
>> Statistics for consideration as a sample of the zero conf use case -
>>
>>
>>    1. As of end of Nov 2022 - GAP600 has processed i.e responded to
>>    circa 15M transactions
>>    2. These transactions have a cumulative value of 2.3B USD value.
>>    3. We currently are seeing circa 1.5M transactions queired per month.
>>
>>
>> It's a sizable amount of trxs on mainet and we are by no means the full
>> market of platforms accepting zero-conf.  I realise there are other
>> considerations which BTC has,  I would urge you to take into account the
>> major risk being placed on this significant market share when deciding to
>> make this feature default enabled and encouraging full adoption.
>>
>> Thank you for your consideration
>> Daniel
>> ________________________________
>>
>> Daniel Lipshitz
>> GAP600| www.gap600.com
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists•linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>

[-- Attachment #2: Type: text/html, Size: 9920 bytes --]