Return-Path: <user@petertodd.org>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id DC18BC002D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Jul 2022 14:53:22 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id 73610613DD
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Jul 2022 14:53:22 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 73610613DD
Authentication-Results: smtp3.osuosl.org;
 dkim=pass (2048-bit key, unprotected) header.d=petertodd.org
 header.i=@petertodd.org header.a=rsa-sha256 header.s=fm1 header.b=RlwmLnqv; 
 dkim=pass (2048-bit key,
 unprotected) header.d=messagingengine.com header.i=@messagingengine.com
 header.a=rsa-sha256 header.s=fm3 header.b=CbZ73/O5
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
 RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 5d9aeBeL-BHW
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Jul 2022 14:53:21 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5FF56613DC
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
 [66.111.4.28])
 by smtp3.osuosl.org (Postfix) with ESMTPS id 5FF56613DC
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Jul 2022 14:53:21 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 863245C01C5;
 Fri,  8 Jul 2022 10:53:19 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Fri, 08 Jul 2022 10:53:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=petertodd.org;
 h=cc:cc:content-type:date:date:from:from:in-reply-to
 :in-reply-to:message-id:mime-version:references:reply-to:sender
 :subject:subject:to:to; s=fm1; t=1657291999; x=1657378399; bh=as
 T+G1v6k8/0ltek8BNyczHSa5ZVyYDN8GO7U0AceBw=; b=RlwmLnqv9D0/e7kkGi
 5Pg8tx1sBVHKjsmbtWNQ6Xqswfbo9job7ZUv5g9mrcoLVRGptou4CNZvQb22H6Qv
 4QImR/GP3IBhj2giRB9LUcm69CPkTsGvA3QGFanvTmXRzM+AJ8Dt+Ag2o3BJCQwn
 sFug4nV39LN2vI9iGfODsGJjYMuNcuBvQwxvWJrzuMmdmqJeUcXnSKZguFWzqY4y
 WlCNzdhA8y9agnO2Us0swGAh9Pd/DxnYOtNqnQp3tbagbtYyAdROpmYS+e6p/Qj1
 KU7uox9YkSt8ibHIHRPlIFnYkrpUHgqWZji6Ik76jDIffBOa0jLkpiKMnxkc/Uzw
 tPLg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:date:date:feedback-id
 :feedback-id:from:from:in-reply-to:in-reply-to:message-id
 :mime-version:references:reply-to:sender:subject:subject:to:to
 :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm3; t=1657291999; x=1657378399; bh=asT+G1v6k8/0ltek8BNyczHSa5ZV
 yYDN8GO7U0AceBw=; b=CbZ73/O5lJDJeQRzcbqWWEndfooFREofLjLYA1OiSWNC
 rucRLQ2oIQH9DW/Cxw0kN/8seG0oiDFu19bEuyMTDaf9Pcdn7kJT7zfktVdC8oGw
 DmxGJ5B0wGbFp1aRhqJ6uTcCA5CDur7cWZXiKy+uIaI5MbvgrBqpmY3HzzIrDNkR
 mtpvsOujW7opQqCLthSGCCzpUV8e7ViEPHaDaKlqIS8rAJxAT1X7uXHPDRXXiqBj
 v3Ocw8TQxYP5RzKhpBSqEMNkFUlCcy/sivnIq2rMEQ1qa9x/64au41Y0k0QIfi2K
 dBW6GZUY8PBNXqeEyVFWkJX0yWQDt1o+LxB621ajDg==
X-ME-Sender: <xms:30TIYkunPQ4SFwDBWT_FXrMNAivRmyGWWv2uWWTiTQKwSdpk77xPqQ>
 <xme:30TIYhe5p_-Ipospj_HHefupKY9XZSXu9saMBoT6QBAtKQfDwWnmjw_A4_C81aqNU
 adRc-ZCKYbwhU6Zk34>
X-ME-Received: <xmr:30TIYvzQSBU0hPtneGIgoYqfQtxIg7J7euxEChbs_DmFITC5JKouJq0zU0XxshiIFxkUNX-Jhf-dFX75qeWmtUp34EOE5Vzi6qBo-w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudeijedgkedvucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgvthgv
 rhcuvfhougguuceophgvthgvsehpvghtvghrthhouggurdhorhhgqeenucggtffrrghtth
 gvrhhnpedttdegtdffteeukeffhfffkeekiefhteduvdetjeeujeffgeevgefhudetjefh
 veenucffohhmrghinhepghhithhhuhgsrdgtohhmpdhpvghtvghrthhouggurdhorhhgne
 cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuhhsvghr
 sehpvghtvghrthhouggurdhorhhg
X-ME-Proxy: <xmx:30TIYnPP9vDHBLyCO4-3OeqFWr8sgJtrRoVTKnhpp2pWW3XwHezihQ>
 <xmx:30TIYk9qv4tSIoQmMXvewBIjqWspvnJyKFfH1wqb4PJN43kjNxDWfg>
 <xmx:30TIYvXZvX2oOZR1BqkAbYN706tx_jmN-Llv6ltndp8Oj6KYdxRUnw>
 <xmx:30TIYik2n94zoMaCAdmbpnWF8e4g5btAYbljTZK1ZwIC-GGklsW4CQ>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri,
 8 Jul 2022 10:53:19 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
 id 09FDA5F87C; Fri,  8 Jul 2022 10:53:13 -0400 (EDT)
Date: Fri, 8 Jul 2022 10:53:13 -0400
From: Peter Todd <pete@petertodd.org>
To: alicexbt <alicexbt@protonmail.com>
Message-ID: <YshE2QKBEVnbf+Bg@petertodd.org>
References: <CALZpt+GOh-7weEypT9JrzcwthZJqHOfj7sf9FMuqi5_FZv0g7w@mail.gmail.com>
 <gmDNbfrrvaZL4akV2DFwCuKrls9SScQjqxeRoEorEiYlv24dPt1j583iOtcB2lFrxZc59N3kp7T9KIM4ycl4QOmGBfDOUmO-BVHsttvtvDc=@protonmail.com>
 <CALZpt+FJ-R9yCoMLP=Vcxk1U7n=-LKHUGctFZj0K-vTMsz==ew@mail.gmail.com>
 <RJEFmrnjbzKQCBr4L7ebwBLzg7QHGXlaE19zj6jfkxL6xjfodgbfssZBQSYxm783Y4X5awuhL9Gj8IaBc4npE2oh3d1xoudKTrSsJ-dk0VQ=@protonmail.com>
 <CALZpt+HXB=xh3qtxJFM7yUzRu1uj-pPtLQmT=5QV0dNfVuTpfQ@mail.gmail.com>
 <Pb8H4PbeS-RaNOKfekOPdY8gQo4_Syd3HoTK26AO872f7tCKyGnty56KtcvmvrXFOJdC7nQgNHoQ37M4MNXQ6vqQ9du6BFbvGLbY3BdYVpY=@protonmail.com>
 <Yrj9N7k8osWsxhY4@petertodd.org>
 <0ikzVrbv3tA2fyv4iW7b_gPJ-qkrJS3x9HzouSqLabK3yHthgigPt9YZhGlr4_nCutAlRREfFSw1JW0k5KhBgSj1aBI2MSDTLqYHGYbqNrg=@protonmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="CBfDTdh8b5nl7rXJ"
Content-Disposition: inline
In-Reply-To: <0ikzVrbv3tA2fyv4iW7b_gPJ-qkrJS3x9HzouSqLabK3yHthgigPt9YZhGlr4_nCutAlRREfFSw1JW0k5KhBgSj1aBI2MSDTLqYHGYbqNrg=@protonmail.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s
 security
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 14:53:23 -0000


--CBfDTdh8b5nl7rXJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 05, 2022 at 08:46:51PM +0000, alicexbt wrote:
> Hi Peter,
>=20
> > Note that Wasabi already has a DoS attack vector in that a participant =
can stop
> > participating after the first phase of the round, with the result that =
the
> > coinjoin fails. Wasabi mitigates that by punishing participating in fut=
ure
> > rounds. Double-spends only create additional types of DoS attack that n=
eed to
> > be detected and punished as well - they don't create a fundamentally new
> > vulerability.
>=20
> I agree some DoS vectors are already mitigated however punishment in this=
 case will be difficult because the transaction is broadcasted after signin=
g and before coinjoin tx broadcast.
>=20
> Inputs are already checked multiple times for double spend during coinjoi=
n round: https://github.com/zkSNACKs/WalletWasabi/pull/6460
>=20
> If all the inputs in the coinjoin transaction that failed to relay are ch=
ecked and one or more are found to be spent later, what will be punished an=
d how does this affect the attacker with thousands of UTXOs or normal users?

Point is, the attacker is thousands of UTXOs can also DoS rounds by simply
failing to complete the round. In fact, the double-spend DoS attack requires
more resources, because for a double-spend to be succesful, BTC has to be s=
pent
on fees.

It's just a fact of life that a motivated attacker can DoS attack Wasabi by
spending money. That's a design choice that's serving them well so far.

--=20
https://petertodd.org 'peter'[:-1]@petertodd.org

--CBfDTdh8b5nl7rXJ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmLIRNYACgkQLly11TVR
LzdaPBAAswImBlS8wRRrd9sJxxFtKAL+QTxR/SM3OIwaTYPcF1XH/2x9EZ6As4VO
Dqjj3eqi2ERr0yKiomRyAfmyVlT/YwzRBqu/KhwegJb1LToltjGPK20NG4Ba5Og4
gffgPhPvlfD3Ova7TXUslCx//T/bqc9AMr/cl/nFrHJIA+jvKwQo3TF48q/tQVWw
0SQOqy9iwi4mq3IBpwUk6DLFWCwx7pj9pFASzxVUaEcq5bK7c9aGmcuORPqyqa1Z
5gu+MAqoYQrEotTVDaHD/kS/mmZCPWvh8Alf1tZqm5z6+xGYK/2ZPxvQox47G2yF
8KiHGybUxo4tRsvstTUmS1jPDY5mOXUGFMZImnpqMgAi6961YF/nnAwa0I59OCZg
l+z4smQUdsKvdJLyfHd2Hhd2Ed8hEd+ezH78twPPfHT4tGfBWO9LRGjpj80xl4/K
aC5dS7rK02qB+qlPWY+yq1BLzXQzMkfaHy5KiPRqj4q+QJWUzTWYMN/vMN2KCgjS
Zn594Ce4PQUwJy/0zm/wd+NKCz1woVU/vKlnaUugNzHffvwhH1V4sQ9yeRExZLo6
TjrK+PoX45gqlIEfdtYkl5do7gaOqfY16dRRRYjV38nwmhTl4RMxG17s52ZOIJCO
g8YymI5YcxWNLcrjyoQcrr8f6i/xFv87t1AFr1uiCPsz2h83MBw=
=gSUw
-----END PGP SIGNATURE-----

--CBfDTdh8b5nl7rXJ--