Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 31357F04 for ; Sun, 2 Jun 2019 04:41:51 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from ozlabs.org (bilbo.ozlabs.org [203.11.71.1]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 153A619B for ; Sun, 2 Jun 2019 04:41:48 +0000 (UTC) Received: by ozlabs.org (Postfix, from userid 1011) id 45Glrp4gGVz9sBr; Sun, 2 Jun 2019 14:41:46 +1000 (AEST) From: Rusty Russell To: "Bitcoin Dev" Date: Sun, 02 Jun 2019 14:11:39 +0930 Message-ID: <871s0c1tvg.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Sun, 02 Jun 2019 13:20:57 +0000 Cc: Matt Corallo Subject: [bitcoin-dev] [PROPOSAL] Emergency RBF (BIP 125) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jun 2019 04:41:51 -0000 Hi all, I want to propose a modification to rules 3, 4 and 5 of BIP 125: To remind you of BIP 125: 3. The replacement transaction pays an absolute fee of at least the sum paid by the original transactions. 4. The replacement transaction must also pay for its own bandwidth at or above the rate set by the node's minimum relay fee setting. 5. The number of original transactions to be replaced and their descendant transactions which will be evicted from the mempool must not exceed a total of 100 transactions. The new "emergency RBF" rule: 6. If the original transaction was not in the first 4,000,000 weight units of the fee-ordered mempool and the replacement transaction is, rules 3, 4 and 5 do not apply. This means: 1. RBF can be used in adversarial conditions, such as lightning unilateral closes where the adversary has another valid transaction and can use it to block yours. This is a problem when we allow differential fees between the two current lightning transactions (aka "Bring Your Own Fees"). 2. RBF can be used without knowing about miner's mempools, or that the above problem is occurring. One simply gets close to the required maximum height for lightning timeout, and bids to get into the next block. 3. This proposal does not open any significant new ability to RBF spam, since it can (usually) only be used once. IIUC bitcoind won't accept more that 100 descendents of an unconfirmed tx anyway. 4. This proposal makes RBF miner-incentive compatible. Currently the protocol tells miners they shouldn't accept the highest bidding tx for the good of the network. This conflict is particularly sharp in the case where the replacement tx would be immediately minable, which this proposal addresses. Unfortunately I haven't found time to code this up in bitcoin, but if there's positive response I can try. Thanks for reading! Rusty.