summaryrefslogtreecommitdiff
path: root/3e/1572add183b0ec8eeb5f36e9fb3c9c14e949eb
blob: 7062926ac65241f504e70832fbc734f28941de86 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
Return-Path: <user@petertodd.org>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 59FBFC002D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 27 Jun 2022 00:43:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 176F660F09
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 27 Jun 2022 00:43:41 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 176F660F09
Authentication-Results: smtp3.osuosl.org;
 dkim=pass (2048-bit key, unprotected) header.d=petertodd.org
 header.i=@petertodd.org header.a=rsa-sha256 header.s=fm3 header.b=nKoo9fUl; 
 dkim=pass (2048-bit key,
 unprotected) header.d=messagingengine.com header.i=@messagingengine.com
 header.a=rsa-sha256 header.s=fm2 header.b=U8m3sCRp
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
 RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id scjTEJvJ0Npo
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 27 Jun 2022 00:43:38 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 9760060EF9
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
 [66.111.4.28])
 by smtp3.osuosl.org (Postfix) with ESMTPS id 9760060EF9
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Mon, 27 Jun 2022 00:43:38 +0000 (UTC)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 7CF955C00CE;
 Sun, 26 Jun 2022 20:43:37 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute4.internal (MEProxy); Sun, 26 Jun 2022 20:43:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=petertodd.org;
 h=cc:cc:content-type:date:date:from:from:in-reply-to
 :in-reply-to:message-id:mime-version:references:reply-to:sender
 :subject:subject:to:to; s=fm3; t=1656290617; x=1656377017; bh=6p
 WZd1lwFd4qqtn/3vJU+xhj2hOxvf7EgSEgJ0vsOmk=; b=nKoo9fUlmPBwMpDCG/
 8NWenHPeauKnWah/HTBOtuwraLnAPZiFIVqkfmvQ5B9z9bY/nukWb1xd9nUE0JYm
 LwXtkENf9BEXjQ8KYOlEKEPtFUGezj/Cl8Zxws0B/EpVUo+VLfYoGHKNOQgX9m/m
 oOlW9obMbj61/LzOEP3foSvkhfn2vYfZonuL3AP3R3/IpgojrbPJFkyrRN/Eie5V
 piUgZ7JGXTV9mnkS+HuPgihbG5msOUxTVUwhh1i2m8MwDzaxCfO98ECdMN3uBxFM
 3D/6Xfx4Xm9oPygBo5LIgpcjpIvyiuuvcbROL+9Tx5AdSXhqg0WJ8kRxxdeRFefD
 VHvQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:date:date:feedback-id
 :feedback-id:from:from:in-reply-to:in-reply-to:message-id
 :mime-version:references:reply-to:sender:subject:subject:to:to
 :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm2; t=1656290617; x=1656377017; bh=6pWZd1lwFd4qqtn/3vJU+xhj2hOx
 vf7EgSEgJ0vsOmk=; b=U8m3sCRp9wl4RRNdevfvVm6QjJBNfg+G/TNcecXSNjKk
 Y7oO4kvrF4jzD+Vj8hxRVQwSU2X4REWxmQb+CTn70GFbbzrC9IUHpALZTG7pwes1
 2DOzKr2bvFKGoDrqGxChgKblLDbqMYtqlkiepDBgyTvVYDhfNq1FSyqerQeKhFUV
 kIySE2dS1YytTxN+5N/hdNBqoZo8VZzhz8WjXtWndWmlEdQikJNjOFVoEFB+fgK+
 m86oj8keRkrvaynSRqtMUaetiZ0jtHfpfULUOc6fPO+k8o1lIHVAODSjKzRyla3M
 9eNJzSS13YiGMuFI+sb2OyJQ03Hu0mRyan2ZgFg7Tg==
X-ME-Sender: <xms:Of24Ype5WAoy1ZfXOLDyYtkDlOZcRxzq4pCMCoYEjblsIMUQDYcqpg>
 <xme:Of24YnPLrm9XtMgRh9t2IbXPQzypWW8FAX151Ym-SsLGwkNkV9nPf31F6Km4XCdF5
 rL_vgM-UJGzJm7T0-o>
X-ME-Received: <xmr:Of24YihKmte9uKdAUOc2UpDVOEwlLNYjQU_4AJkc7zz7UCui0WO9wM2lsWlrPY1ah5wvNeDvdKMXAx29_KIA4QgRkZCg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudeggedgfeegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgvthgv
 rhcuvfhougguuceophgvthgvsehpvghtvghrthhouggurdhorhhgqeenucggtffrrghtth
 gvrhhnpeeijeehvdeuffefteeifeetfeetkeeujefffffgjeefhfeuteefuedtleekuedv
 teenucffohhmrghinhepnhhithhtvghrrdhnvghtpdhpvghtvghrthhouggurdhorhhgne
 cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuhhsvghr
 sehpvghtvghrthhouggurdhorhhg
X-ME-Proxy: <xmx:Of24Yi_vFL0se4yANG5zHVPIhnLHFvI8tLwc3r_t6WVJ0qxDHuUqGg>
 <xmx:Of24YlvVZc5CSIql8cmI2QEHkRNtXTvJY2tw6ivyy-fu_ae4CKqk9w>
 <xmx:Of24YhE21nkz0AGN7LPslB5djMA-VDzVFFU81xxhfcnrTSsNO0XLeg>
 <xmx:Of24YmURYz6ryJevoe8EuX2670I_RHFV1vAQBENkk9Zn1if2vpCqDw>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 26 Jun 2022 20:43:37 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
 id 4ABB122B4C; Sun, 26 Jun 2022 20:43:35 -0400 (EDT)
Date: Sun, 26 Jun 2022 20:43:35 -0400
From: Peter Todd <pete@petertodd.org>
To: alicexbt <alicexbt@protonmail.com>,
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <Yrj9N7k8osWsxhY4@petertodd.org>
References: <CALZpt+GOh-7weEypT9JrzcwthZJqHOfj7sf9FMuqi5_FZv0g7w@mail.gmail.com>
 <gmDNbfrrvaZL4akV2DFwCuKrls9SScQjqxeRoEorEiYlv24dPt1j583iOtcB2lFrxZc59N3kp7T9KIM4ycl4QOmGBfDOUmO-BVHsttvtvDc=@protonmail.com>
 <CALZpt+FJ-R9yCoMLP=Vcxk1U7n=-LKHUGctFZj0K-vTMsz==ew@mail.gmail.com>
 <RJEFmrnjbzKQCBr4L7ebwBLzg7QHGXlaE19zj6jfkxL6xjfodgbfssZBQSYxm783Y4X5awuhL9Gj8IaBc4npE2oh3d1xoudKTrSsJ-dk0VQ=@protonmail.com>
 <CALZpt+HXB=xh3qtxJFM7yUzRu1uj-pPtLQmT=5QV0dNfVuTpfQ@mail.gmail.com>
 <Pb8H4PbeS-RaNOKfekOPdY8gQo4_Syd3HoTK26AO872f7tCKyGnty56KtcvmvrXFOJdC7nQgNHoQ37M4MNXQ6vqQ9du6BFbvGLbY3BdYVpY=@protonmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="zwp7TnS3OpeDXg8r"
Content-Disposition: inline
In-Reply-To: <Pb8H4PbeS-RaNOKfekOPdY8gQo4_Syd3HoTK26AO872f7tCKyGnty56KtcvmvrXFOJdC7nQgNHoQ37M4MNXQ6vqQ9du6BFbvGLbY3BdYVpY=@protonmail.com>
Subject: Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s
 security
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2022 00:43:41 -0000


--zwp7TnS3OpeDXg8r
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jun 26, 2022 at 04:40:24PM +0000, alicexbt via bitcoin-dev wrote:
> Hi Antoine,
>=20
> Thanks for sharing the DoS attack example with alternatives.
>=20
> > - Caroll broadcasts a double-spend of her own input C, the double-spend=
 is attached with a low-fee (1sat/vb) and it does _not_ signal opt-in RBF
> > - Alice broadcasts the multi-party transaction, it is rejected by the n=
etwork mempools because Alice double-spend is already present
>=20
> I think this affects almost all types of coinjoin transaction including c=
oordinator based implementations. I tried a few things and have already rep=
orted details for an example DoS attack to one of the team but there is no =
response yet.
>=20
> It was fun playing with RBF, DoS and Coinjoin. Affected projects should s=
hare their opinion about full-rbf as it seems it might improve things.
>=20
> Example:
>=20
> In Wasabi an attacker can broadcast a transaction spending input used in =
coinjoin after sending signature in the round. This would result in a coinj=
oin tx which never gets relayed: https://nitter.net/1440000bytes/status/154=
0727534093905920

Note that Wasabi already has a DoS attack vector in that a participant can =
stop
participating after the first phase of the round, with the result that the
coinjoin fails. Wasabi mitigates that by punishing participating in future
rounds. Double-spends only create additional types of DoS attack that need =
to
be detected and punished as well - they don't create a fundamentally new
vulerability.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--zwp7TnS3OpeDXg8r
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEFcyURjhyM68BBPYTJIFAPaXwkfsFAmK4/TEACgkQJIFAPaXw
kfv+tggAgg0HaIpO+qVegWegMtPIqgTgcbLFYCd75YHOTMwD3co6loSMgApnHePH
Au/2S+XpWA8iZiLpiwOXlUafhw15uNEHBmCVCHwGw4f1tn4jY/iIFQC0/wm41vFZ
noG3mcrOcAV0hkiVC7RLrrr7nh5rSEm9y3LTGkwDPOTBae93P5WCtGEkrK/P4hvO
rTZHn0gavYiNdDtr4CgC7X9P5/nji1gx0xBaGyh7o6HAz5nLYaq6AvJR8gHfJgU3
RSO47Z74dUE7IS8WGXsD6N953p0tZjc2fVC3RGwWoi7KmDeqoy0p7Q7PFBJRd0Ta
eLPz6keWPxYqdIOwJtJY/PRm+M9o3Q==
=zG7+
-----END PGP SIGNATURE-----

--zwp7TnS3OpeDXg8r--