public inbox for
 help / color / mirror / Atom feed
* [bitcoindev] A Free-Relay Attack Exploiting Min-Relay-Fee Differences
@ 2024-03-31 17:31 Peter Todd
  0 siblings, 0 replies; only message in thread
From: Peter Todd @ 2024-03-31 17:31 UTC (permalink / raw)
  To: bitcoindev

[-- Attachment #1: Type: text/plain, Size: 2139 bytes --]

It's common for some nodes, especially miners, to have larger than default
mempools, leading to lower-than-normal minrelayfees. This can be exploited for
free-relay attacks as follows:

1. Publish tx A, with an unusually low fee-rate, below typical
   min-relay-fees, but with a sufficient size to have a reasonably large absolute
   fee. In my experience it is not difficult to get very low fee rate
   transactions mined if they're broadcast by well-connected nodes. Specific
   connections to miners is not required.

2. Publish B, double-spending A, with a fee-rate high enough to be accepted by
   most mempools. But with a total fee less than A.

3. Publish C, spending B, with a low fee rate and large size. Nodes with A will
   not accept C, as it spends a txout that they're not aware of.

4. To recover funds, double-spend A with A', with a sufficiently high fee-rate
   to get mined.

Since package replacement has not been implemented, the combination of C and B
will not replace A, and the total cost of the attack will be limited to the
cost of spending A.

As usual, C can in turn be double-spent at higher and higher fee-rates. C could
also be double-spent across multiple different nodes with different, almost
identical, variants of C.

# Mitigation

Package replacement. Though it is still economically irrational for miners to
"mitigate" this attack: they earn more money by simply mining the high fee-rate
A', with replace-by-fee-rate.

# Responsible Disclosure

You're reading it. Since this type of attack is public, other variants of
attacks along these lines should just be openly discussed. Better to have
plenty of people who understand the issue so there's lots of eyes on potential

-- 'peter'[:-1]

You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-03-31 18:31 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-31 17:31 [bitcoindev] A Free-Relay Attack Exploiting Min-Relay-Fee Differences Peter Todd

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox