1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
Return-Path: <lf-lists@mattcorallo.com>
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 10956C0175;
Wed, 22 Apr 2020 22:53:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by fraxinus.osuosl.org (Postfix) with ESMTP id 0CC6186722;
Wed, 22 Apr 2020 22:53:43 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ua0EZpRjiCq6; Wed, 22 Apr 2020 22:53:42 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail.as397444.net (mail.as397444.net [69.59.18.99])
by fraxinus.osuosl.org (Postfix) with ESMTPS id DFC7F865E0;
Wed, 22 Apr 2020 22:53:41 +0000 (UTC)
Received: from [IPv6:2620:6e:a007:235::1] (unknown [IPv6:2620:6e:a007:235::1])
by mail.as397444.net (Postfix) with ESMTPSA id 3850F232FBD;
Wed, 22 Apr 2020 22:53:39 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Matt Corallo <lf-lists@mattcorallo.com>
Mime-Version: 1.0 (1.0)
Message-Id: <52DA8104-3E4E-450F-92A4-3970D1A31281@mattcorallo.com>
Date: Wed, 22 Apr 2020 15:53:37 -0700
To: "David A. Harding" <dave@dtrt.org>
X-Mailer: iPhone Mail (17E262)
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
lightning-dev <lightning-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] RBF Pinning with Counterparties and Competing
Interest
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2020 22:53:43 -0000
=EF=BB=BFHmm, that's an interesting suggestion, it definitely raises the bar=
for attack execution rather significantly. Because lightning (and other sec=
ond-layer systems) already relies heavily on uncensored access to blockchain=
data, its reasonable to extend the "if you don't have enough blocks, aggres=
sively query various sources to find new blocks, or, really just do it alway=
s" solution to "also send relevant transactions while we're at it".
Sadly, unlike for block data, there is no consensus mechanism for nodes to e=
nsure the transactions in their mempools are the same as others. Thus, if yo=
u focus on sending the pinning transaction to miner nodes directly (which is=
n't trivial, but also not nearly as hard as it sounds), you could still pull=
off the attack. However, to do it now, you'd need to
wait for your counterparty to broadcast the corresponding timeout transactio=
n (once it is confirmable, and can thus get into mempools), turning the whol=
e thing into a mempool-acceptance race. Luckily there isn=E2=80=99t much cos=
t to *trying*, though it=E2=80=99s less likely you=E2=80=99ll succeed.
There are also practical design issues - if you=E2=80=99re claiming multiple=
HTLC output in a single transaction the node would need to provide reject m=
essages for each input which is conflicted, something which we=E2=80=99d nee=
d to think hard about the DoS implications of.
In any case, while it=E2=80=99s definitely better than nothing, it=E2=80=99s=
unclear if it=E2=80=99s really the kind of thing I=E2=80=99d want to rely o=
n for my own funds.
Matt
> On 4/22/20 2:24 PM, David A. Harding wrote:
>> On Mon, Apr 20, 2020 at 10:43:14PM -0400, Matt Corallo via Lightning-dev w=
rote:
>> A lightning counterparty (C, who received the HTLC from B, who
>> received it from A) today could, if B broadcasts the commitment
>> transaction, spend an HTLC using the preimage with a low-fee,
>> RBF-disabled transaction. After a few blocks, A could claim the HTLC
>> from B via the timeout mechanism, and then after a few days, C could
>> get the HTLC-claiming transaction mined via some out-of-band agreement
>> with a small miner. This leaves B short the HTLC value.
>=20
> IIUC, the main problem is honest Bob will broadcast a transaction
> without realizing it conflicts with a pinned transaction that's already
> in most node's mempools. If Bob knew about the pinned transaction and
> could get a copy of it, he'd be fine.
>=20
> In that case, would it be worth re-implementing something like a BIP61
> reject message but with an extension that returns the txids of any
> conflicts? For example, when Bob connects to a bunch of Bitcoin nodes
> and sends his conflicting transaction, the nodes would reply with
> something like "rejected: code 123: conflicts with txid 0123...cdef".
> Bob could then reply with a a getdata('tx', '0123...cdef') to get the
> pinned transaction, parse out its preimage, and resolve the HTLC.
>=20
> This approach isn't perfect (if it even makes sense at all---I could be
> misunderstanding the problem) because one of the problems that caused
> BIP61 to be disabled in Bitcoin Core was its unreliability, but I think
> if Bob had at least one honest peer that had the pinned transaction in
> its mempool and which implemented reject-with-conflicting-txid, Bob
> might be ok.
>=20
> -Dave
|
