1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
Return-Path: <aj@erisian.com.au>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 93EB7C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 20 Oct 2022 19:58:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id 4395B41E54
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 20 Oct 2022 19:58:55 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4395B41E54
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id AavWvEa4sFZf
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 20 Oct 2022 19:58:53 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A65D841E4E
Received: from azure.erisian.com.au (azure.erisian.com.au [172.104.61.193])
by smtp4.osuosl.org (Postfix) with ESMTPS id A65D841E4E
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 20 Oct 2022 19:58:53 +0000 (UTC)
Received: from aj@azure.erisian.com.au (helo=sapphire.erisian.com.au)
by azure.erisian.com.au with esmtpsa (Exim 4.92 #3 (Debian))
id 1olbgj-0005yj-BN; Fri, 21 Oct 2022 05:58:50 +1000
Received: by sapphire.erisian.com.au (sSMTP sendmail emulation);
Fri, 21 Oct 2022 05:58:41 +1000
Date: Fri, 21 Oct 2022 05:58:41 +1000
From: Anthony Towns <aj@erisian.com.au>
To: Sergej Kotliar <sergej@bitrefill.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <Y1Gocf216O+yKqqS@erisian.com.au>
References: <CABZBVTC5kh7ca3KhVkFPdQjnsPhP4Kun1k3K6cPkarrjUiTJpA@mail.gmail.com>
<CABZBVTCgiQFtxEyeOU=-SGDQUDthyy7sOgPwiT+OVi35LVivyA@mail.gmail.com>
<Y1D3OkdsCq2pLduG@erisian.com.au>
<CABZBVTBupMcBbOUtLbMaEmAiWGsMwisNW+k+bTUJGsUad2=ZZg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CABZBVTBupMcBbOUtLbMaEmAiWGsMwisNW+k+bTUJGsUad2=ZZg@mail.gmail.com>
X-Spam-Score-int: -18
X-Spam-Bar: -
Subject: Re: [bitcoin-dev] [Opt-in full-RBF] Zero-conf apps in immediate
danger
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 19:58:55 -0000
On Thu, Oct 20, 2022 at 02:37:53PM +0200, Sergej Kotliar via bitcoin-dev wrote:
> > If someone's going to systematically exploit your store via this
> > mechanism, it seems like they'd just find a single wallet with a good
> > UX for opt-in RBF and lowballing fees, and go to town -- not something
> > where opt-in rbf vs fullrbf policies make any difference at all?
> Sort of. But yes once this starts being abused systemically we will have to
> do something else w RBF payments, such as crediting the amount in BTC to a
> custodial account. But this option isn't available to your normal payment
> processor type business.
So, what I'm hearing is:
* lightning works great, but is still pretty small
* zeroconf works great for txs that opt-out of RBF
* opt-in RBF is a pain for two reasons:
- people don't like that it's not treated as zeroconf
- the risk of fiat/BTC exchange rate changes between
now and when the tx actually confirms is worrying
even if it hasn't caused real problems yet
(Please correct me if that's too far wrong)
Maybe it would be productive to explore this opt-in RBF part a bit
more? ie, see if "we" can come up with better answers to some question
along the lines of:
"how can we make on-chain payments for goods priced in fiat work well
for payees that opt-in to RBF?"
That seems like the sort of thing that's better solved by a collaboration
between wallet devs and merchant devs (and protocol devs?), rather than
just one or the other?
Is that something that we could talk about here? Or maybe it's better
done via an optech workgroup or something?
If "we'll credit your account in BTC, then work out the USD coversion
and deduct that for your purchase, then you can do whatever you like
with any remaining BTC from your on-chain payment" is the idea, maybe we
should just roll with that design, but make it more decentralised: have
the initial payment setup a lightning channel between the customer and
the merchant with the BTC (so it's not custodial), but do some magic to
allow USD amounts to be transferred over it (Taro? something oracle based
so that both parties are confident a fair exchange rate will be used?).
Maybe that particular idea is naive, but having an actual problem to
solve seems more constructive than just saying "we want rbf" "but we
want zeroconf" all the time?
(Ideally the lightning channels above would be dual funded so they could
be used for routing more generally; but then dual funded channels are
one of the things that get broken by lack of full rbf)
> > I thought the "normal" avenue for fooling non-RBF zeroconf was to create
> > two conflicting txs in advance, one paying the merchant, one paying
> > yourself, connect to many peers, relay the one paying the merchant to
> > the merchant, and the other to everyone else.
> > I'm just basing this off Peter Todd's stuff from years ago:
> > https://np.reddit.com/r/Bitcoin/comments/40ejy8/peter_todd_with_my_doublespendpy_tool_with/cytlhh0/
> > https://github.com/petertodd/replace-by-fee-tools/blob/master/doublespend.py
> Yeah, I know the list still rehashes a single incident from 10 years ago to
> declare the entire practice as unsafe, and ignores real-world data that of
> the last million transactions we had zero cases of this successfully
> abusing us.
I mean, the avenue above isn't easy to exploit -- you have to identify
the merchant's node so that they get the bad tx, and you have to connect
to many peers so that your preferred tx propogates to miners first --
and probably more importantly, it's relatively easy to detect -- if the
merchant has a few passive nodes that the attacker doesn't know about
it, and uses those to watch for attempted doublespends while it tries
to ensure the real tx has propogated widely. So it doesn't surprise me
at all that it's not often attempted, and even less often successful.
> > > Currently Lightning is somewhere around 15% of our total bitcoin
> > > payments.
> > So, based on last year's numbers, presumably that makes your bitcoin
> > payments break down as something like:
> > 5% txs are on-chain and seem shady and are excluded from zeroconf
> > 15% txs are lightning
> > 20% txs are on-chain but signal rbf and are excluded from zeroconf
> > 60% txs are on-chain and seem fine for zeroconf
> Numbers are right. Shady is too strong a word,
Heh, fair enough.
So the above suggests 25% of payments already get a sub-par experience,
compared to what you'd like them to have (which sucks, but if you're
trying to reinvent both money and payments, maybe isn't surprising). And
going full rbf would bump that from 25% to 85%, which would be pretty
terrible.
> RBF is a strictly worse UX as proven by anyone
> accepting bitcoin payments at scale.
So let's make it better? Building bitcoin businesses on the lie that
unconfirmed txs are safe and won't be replaced is going to bite us
eventually; focussing on trying to push that back indefinitely is just
going to make everyone less prepared when it eventually happens.
> > > For me
> > > personally it would be an easier discussion to have when Lightning is at
> > > 80%+ of all bitcoin transactions.
> > Can you extrapolate from the numbers you've seen to estimate when that
> > might be, given current trends?
> Not sure, it might be exponential growth, and the next 60% of Lightning
> growth happen faster than the first 15%. Hard to tell. But we're likely
> talking years here..
Okay? Two years is very different from 50 years, and at the moment there's
not really any data, so people are just going to go with their gut...
If it were growing in line with lightning capacity in BTC, per
bitcoinvisuals.com/ln-capacity; then 15% now would have grown from
perhaps 4% in May 2021, so perhaps 8% per year. With linear growth,
getting from 15% to 80% would then be about 8 years.
Presumably that's a laughably terrible model, of course. But if we had
some actual numbers where we can watch the progress, it might be a lot
easier to be patient about waiting for lightning adoption to hit 80%
or whatever, and focus on productive things in the meantime?
Cheers,
aj
|