1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
Return-Path: <user@petertodd.org>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 59FBFC002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 27 Jun 2022 00:43:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 176F660F09
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 27 Jun 2022 00:43:41 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 176F660F09
Authentication-Results: smtp3.osuosl.org;
dkim=pass (2048-bit key, unprotected) header.d=petertodd.org
header.i=@petertodd.org header.a=rsa-sha256 header.s=fm3 header.b=nKoo9fUl;
dkim=pass (2048-bit key,
unprotected) header.d=messagingengine.com header.i=@messagingengine.com
header.a=rsa-sha256 header.s=fm2 header.b=U8m3sCRp
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id scjTEJvJ0Npo
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 27 Jun 2022 00:43:38 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 9760060EF9
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
[66.111.4.28])
by smtp3.osuosl.org (Postfix) with ESMTPS id 9760060EF9
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 27 Jun 2022 00:43:38 +0000 (UTC)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
by mailout.nyi.internal (Postfix) with ESMTP id 7CF955C00CE;
Sun, 26 Jun 2022 20:43:37 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
by compute4.internal (MEProxy); Sun, 26 Jun 2022 20:43:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=petertodd.org;
h=cc:cc:content-type:date:date:from:from:in-reply-to
:in-reply-to:message-id:mime-version:references:reply-to:sender
:subject:subject:to:to; s=fm3; t=1656290617; x=1656377017; bh=6p
WZd1lwFd4qqtn/3vJU+xhj2hOxvf7EgSEgJ0vsOmk=; b=nKoo9fUlmPBwMpDCG/
8NWenHPeauKnWah/HTBOtuwraLnAPZiFIVqkfmvQ5B9z9bY/nukWb1xd9nUE0JYm
LwXtkENf9BEXjQ8KYOlEKEPtFUGezj/Cl8Zxws0B/EpVUo+VLfYoGHKNOQgX9m/m
oOlW9obMbj61/LzOEP3foSvkhfn2vYfZonuL3AP3R3/IpgojrbPJFkyrRN/Eie5V
piUgZ7JGXTV9mnkS+HuPgihbG5msOUxTVUwhh1i2m8MwDzaxCfO98ECdMN3uBxFM
3D/6Xfx4Xm9oPygBo5LIgpcjpIvyiuuvcbROL+9Tx5AdSXhqg0WJ8kRxxdeRFefD
VHvQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:cc:content-type:date:date:feedback-id
:feedback-id:from:from:in-reply-to:in-reply-to:message-id
:mime-version:references:reply-to:sender:subject:subject:to:to
:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
fm2; t=1656290617; x=1656377017; bh=6pWZd1lwFd4qqtn/3vJU+xhj2hOx
vf7EgSEgJ0vsOmk=; b=U8m3sCRp9wl4RRNdevfvVm6QjJBNfg+G/TNcecXSNjKk
Y7oO4kvrF4jzD+Vj8hxRVQwSU2X4REWxmQb+CTn70GFbbzrC9IUHpALZTG7pwes1
2DOzKr2bvFKGoDrqGxChgKblLDbqMYtqlkiepDBgyTvVYDhfNq1FSyqerQeKhFUV
kIySE2dS1YytTxN+5N/hdNBqoZo8VZzhz8WjXtWndWmlEdQikJNjOFVoEFB+fgK+
m86oj8keRkrvaynSRqtMUaetiZ0jtHfpfULUOc6fPO+k8o1lIHVAODSjKzRyla3M
9eNJzSS13YiGMuFI+sb2OyJQ03Hu0mRyan2ZgFg7Tg==
X-ME-Sender: <xms:Of24Ype5WAoy1ZfXOLDyYtkDlOZcRxzq4pCMCoYEjblsIMUQDYcqpg>
<xme:Of24YnPLrm9XtMgRh9t2IbXPQzypWW8FAX151Ym-SsLGwkNkV9nPf31F6Km4XCdF5
rL_vgM-UJGzJm7T0-o>
X-ME-Received: <xmr:Of24YihKmte9uKdAUOc2UpDVOEwlLNYjQU_4AJkc7zz7UCui0WO9wM2lsWlrPY1ah5wvNeDvdKMXAx29_KIA4QgRkZCg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudeggedgfeegucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgvthgv
rhcuvfhougguuceophgvthgvsehpvghtvghrthhouggurdhorhhgqeenucggtffrrghtth
gvrhhnpeeijeehvdeuffefteeifeetfeetkeeujefffffgjeefhfeuteefuedtleekuedv
teenucffohhmrghinhepnhhithhtvghrrdhnvghtpdhpvghtvghrthhouggurdhorhhgne
cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuhhsvghr
sehpvghtvghrthhouggurdhorhhg
X-ME-Proxy: <xmx:Of24Yi_vFL0se4yANG5zHVPIhnLHFvI8tLwc3r_t6WVJ0qxDHuUqGg>
<xmx:Of24YlvVZc5CSIql8cmI2QEHkRNtXTvJY2tw6ivyy-fu_ae4CKqk9w>
<xmx:Of24YhE21nkz0AGN7LPslB5djMA-VDzVFFU81xxhfcnrTSsNO0XLeg>
<xmx:Of24YmURYz6ryJevoe8EuX2670I_RHFV1vAQBENkk9Zn1if2vpCqDw>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
26 Jun 2022 20:43:37 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
id 4ABB122B4C; Sun, 26 Jun 2022 20:43:35 -0400 (EDT)
Date: Sun, 26 Jun 2022 20:43:35 -0400
From: Peter Todd <pete@petertodd.org>
To: alicexbt <alicexbt@protonmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <Yrj9N7k8osWsxhY4@petertodd.org>
References: <CALZpt+GOh-7weEypT9JrzcwthZJqHOfj7sf9FMuqi5_FZv0g7w@mail.gmail.com>
<gmDNbfrrvaZL4akV2DFwCuKrls9SScQjqxeRoEorEiYlv24dPt1j583iOtcB2lFrxZc59N3kp7T9KIM4ycl4QOmGBfDOUmO-BVHsttvtvDc=@protonmail.com>
<CALZpt+FJ-R9yCoMLP=Vcxk1U7n=-LKHUGctFZj0K-vTMsz==ew@mail.gmail.com>
<RJEFmrnjbzKQCBr4L7ebwBLzg7QHGXlaE19zj6jfkxL6xjfodgbfssZBQSYxm783Y4X5awuhL9Gj8IaBc4npE2oh3d1xoudKTrSsJ-dk0VQ=@protonmail.com>
<CALZpt+HXB=xh3qtxJFM7yUzRu1uj-pPtLQmT=5QV0dNfVuTpfQ@mail.gmail.com>
<Pb8H4PbeS-RaNOKfekOPdY8gQo4_Syd3HoTK26AO872f7tCKyGnty56KtcvmvrXFOJdC7nQgNHoQ37M4MNXQ6vqQ9du6BFbvGLbY3BdYVpY=@protonmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="zwp7TnS3OpeDXg8r"
Content-Disposition: inline
In-Reply-To: <Pb8H4PbeS-RaNOKfekOPdY8gQo4_Syd3HoTK26AO872f7tCKyGnty56KtcvmvrXFOJdC7nQgNHoQ37M4MNXQ6vqQ9du6BFbvGLbY3BdYVpY=@protonmail.com>
Subject: Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s
security
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2022 00:43:41 -0000
--zwp7TnS3OpeDXg8r
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jun 26, 2022 at 04:40:24PM +0000, alicexbt via bitcoin-dev wrote:
> Hi Antoine,
>=20
> Thanks for sharing the DoS attack example with alternatives.
>=20
> > - Caroll broadcasts a double-spend of her own input C, the double-spend=
is attached with a low-fee (1sat/vb) and it does _not_ signal opt-in RBF
> > - Alice broadcasts the multi-party transaction, it is rejected by the n=
etwork mempools because Alice double-spend is already present
>=20
> I think this affects almost all types of coinjoin transaction including c=
oordinator based implementations. I tried a few things and have already rep=
orted details for an example DoS attack to one of the team but there is no =
response yet.
>=20
> It was fun playing with RBF, DoS and Coinjoin. Affected projects should s=
hare their opinion about full-rbf as it seems it might improve things.
>=20
> Example:
>=20
> In Wasabi an attacker can broadcast a transaction spending input used in =
coinjoin after sending signature in the round. This would result in a coinj=
oin tx which never gets relayed: https://nitter.net/1440000bytes/status/154=
0727534093905920
Note that Wasabi already has a DoS attack vector in that a participant can =
stop
participating after the first phase of the round, with the result that the
coinjoin fails. Wasabi mitigates that by punishing participating in future
rounds. Double-spends only create additional types of DoS attack that need =
to
be detected and punished as well - they don't create a fundamentally new
vulerability.
--=20
https://petertodd.org 'peter'[:-1]@petertodd.org
--zwp7TnS3OpeDXg8r
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEFcyURjhyM68BBPYTJIFAPaXwkfsFAmK4/TEACgkQJIFAPaXw
kfv+tggAgg0HaIpO+qVegWegMtPIqgTgcbLFYCd75YHOTMwD3co6loSMgApnHePH
Au/2S+XpWA8iZiLpiwOXlUafhw15uNEHBmCVCHwGw4f1tn4jY/iIFQC0/wm41vFZ
noG3mcrOcAV0hkiVC7RLrrr7nh5rSEm9y3LTGkwDPOTBae93P5WCtGEkrK/P4hvO
rTZHn0gavYiNdDtr4CgC7X9P5/nji1gx0xBaGyh7o6HAz5nLYaq6AvJR8gHfJgU3
RSO47Z74dUE7IS8WGXsD6N953p0tZjc2fVC3RGwWoi7KmDeqoy0p7Q7PFBJRd0Ta
eLPz6keWPxYqdIOwJtJY/PRm+M9o3Q==
=zG7+
-----END PGP SIGNATURE-----
--zwp7TnS3OpeDXg8r--
|