On Fri, Jul 19, 2024 at 02:26:44PM -0400, Murch wrote:
> On 7/18/24 11:56, Peter Todd wrote:
> > # Summary
> > 
> > This is a public disclosure of a vulnerability that I previously disclosed to
> > the bitcoin-security mailing list.
> 
> It seems redundant to point out that some transactions are only relayed by a
> subset of a node population if there are multiple diverging mempool policies
> with significant adoption.

1) So you agree with me in general that this is just one of a large class of
"free" relay attacks?

2) You should re-read my analysis. You do _not_ need significant adoption of
the diverging mempool policy for this attack to work. Literally a single miner
is sufficient.

Indeed, as I pointed out one month ago on this mailing list, a "free" relay
"attack" was happening by accident due to good samaritans attemping to spend
Lightning anchor outputs to clean up the UTXO set, accidentally pinning
Lightning nodes in the process, and the fact that Libre Relay's RBFR was
already sufficent to get the intended transactions mined:

"Libre Relay v27.1 released with lower 1.25x replacement threshold" - Jun 20th 2024
https://groups.google.com/g/bitcoindev/c/n2GNmnz0btw/m/IemUVKBoAgAJ

> However, I concur that Bitcoin Core should match its default setting for
> `mempoolfullrbf` to the behavior of miners, and there appears to be palpable
> evidence that a supermajority of the hashrate has enabled `mempoolfullrbf`.

Thanks!

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZpvFaRDoNbzSOgIq%40petertodd.org.