Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id A585DC0032 for ; Thu, 6 Jul 2023 17:25:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id EAE8C822AD for ; Thu, 6 Jul 2023 17:25:06 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org EAE8C822AD Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=achow101.com header.i=@achow101.com header.a=rsa-sha256 header.s=protonmail header.b=Rd5cyTI1 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1_qSlkYNF-oq for ; Thu, 6 Jul 2023 17:25:05 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org E7482821F6 Received: from mail-41104.protonmail.ch (mail-41104.protonmail.ch [185.70.41.104]) by smtp1.osuosl.org (Postfix) with ESMTPS id E7482821F6 for ; Thu, 6 Jul 2023 17:25:04 +0000 (UTC) Date: Thu, 06 Jul 2023 17:24:47 +0000 Authentication-Results: mail-41104.protonmail.ch; dkim=pass (2048-bit key) header.d=achow101.com header.i=@achow101.com header.b="Rd5cyTI1" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=achow101.com; s=protonmail; t=1688664292; x=1688923492; bh=eUF1PeaeEhL/P0huDQLJzdFixx7oIWTE1PEVHoxxISs=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=Rd5cyTI1DIEAN8SHnKwuCsXF7jEEDB1PUGcRMVcG59+kolf8BO2IfcXaFcy8eICfh HaAPU4JdDX+c62OjE2VhJ6VC5sxxR5fpB5qjwSBuZQwZcII0Siqme5AXzN+/Gm8bQ9 0cUw9v/raWjEtuUJ+8jt+v1joloN5BIcpfTs/CppGR+wa6E92dPoLYVqo2DKkoHaNZ hm6ltta7yHskgbDR0FB2HSx4TCFqrVtsN/wNx7C7VZsIjP0aM8QjNNBea1PvblbZIA Zgb9w2XXOjuusQ2tcU4CXleDGDQlsgHX9DKds9dJ/2X7BWyWpnkebbTI+Rin6J04TY 09mqS9D1mCrTg== To: bitcoin-dev@lists.linuxfoundation.org From: Andrew Chow Message-ID: <67c37967-ba7d-eabe-01e7-c5a0f9ca7da8@achow101.com> In-Reply-To: References: Feedback-ID: 53660394:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 06 Jul 2023 18:26:04 +0000 Subject: Re: [bitcoin-dev] Denial of Service using Package Relay X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jul 2023 17:25:07 -0000 On 07/06/2023 12:22 PM, alicexbt via bitcoin-dev wrote: > 1) Register input in A > 2) Double spend same input with zero fee to your own address > 3) Register unconfirmed UTXO from 2 in B Why would unconfirmed inputs be accepted in a coinjoin? That seems=20 unsafe, regardless of package relay. The sender of the unconfirmed=20 transaction can already replace it thereby pinning or otherwise=20 invalidating the coinjoin, it doesn't need package relay. Furthermore, the coordinator B shouldn't accept the unconfirmed UTXO=20 from 2 because it doesn't even know about that unconfirmed transaction.=20 It has zero fee, so it's not going to be relayed. Conceivably a similar attack can already be done by simply registering=20 the same UTXO with multiple coordinators anyways. This doesn't require=20 package relay either. *** Package relay should help coinjoins since any one of the participants=20 can rebroadcast the coinjoin with a further CPFP if the coinjoin is=20 below the minimum relay fee. Some of the upcoming package RBF proposals=20 should also help by allowing other child transactions in the package to=20 RBF the entire thing, thereby resolving the need to have everyone=20 re-sign the coinjoin in order to RBF. Andrew