Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2217AC0033 for ; Mon, 5 Dec 2022 17:01:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id F366281A2B for ; Mon, 5 Dec 2022 17:01:13 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org F366281A2B Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=q32-com.20210112.gappssmtp.com header.i=@q32-com.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=px6W6HQw X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: 0.6 X-Spam-Level: X-Spam-Status: No, score=0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, PDS_OTHER_BAD_TLD=1.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fp-hGZvExkEW for ; Mon, 5 Dec 2022 17:01:11 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org EEBD581926 Received: from mail-ua1-x931.google.com (mail-ua1-x931.google.com [IPv6:2607:f8b0:4864:20::931]) by smtp1.osuosl.org (Postfix) with ESMTPS id EEBD581926 for ; Mon, 5 Dec 2022 17:01:10 +0000 (UTC) Received: by mail-ua1-x931.google.com with SMTP id q6so4103505uao.9 for ; Mon, 05 Dec 2022 09:01:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=q32-com.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=Ded4BsaqyUsgge72qF7OM6rai2Ztj7SODSmBn96b6xM=; b=px6W6HQwSYkUqeZ4mG+2EMuv+GW35cUOHusF5UR5eVwj/DZaHLDCUrN/CSof84qy1A FexqWLjKTUANeH/+pRmhJYoYo/w5VIvWPQ2onpNWNCrsDFSGaKsc3B/xQAEDCvqCoApH 13vQj207Oa4QiVrE7J3gpvqxZZWZt47UIhSW9yAMfNrgO9xgISWy5kCHoyKtkMPbYy0x HR80sbMGx7VKL+GMy7FeQzQir73GiJBhUZC0a4g1w0jbySPPqXNEDpzcuBL5P2tKaonU 6uq2TEilgFlWVebZvmdrXV9LaGcQtqutl6LisBx/saTaX8m/TA37/FKmVTXLqV1LtmT/ 7Ktw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Ded4BsaqyUsgge72qF7OM6rai2Ztj7SODSmBn96b6xM=; b=DA2H5ly0nTm2JgOJKQqOL/sUQiyFb7tlOGAcrINfdgqjWgjnNSugMGq4mtdhwrBuE5 xsv5+Tu2ZZb6KPgpV3PfrtuhKCA6s6QWKT0SyKweqGyfvU8h/6prtQMrCuVfyi6y/iUu lCfQFHgnzKqoXEZdRKFk8fUL4Wx4iJG7TS2ilFRgpUxtdQjyHkuBMGMwFEgMz8FWBntt g2zhoR1Z6W79zOTNRq2/wVk7pb2PLbhtq9fSdAZdfH/y8q3759fnXLLZhmUugeSqU+p0 mJh7jKdeSx2fLqYWvGhpQQZZXb+MEUVJhvtMEN4JcWNZ5B/+vTK1F96WLPyX6VxW4113 OGAw== X-Gm-Message-State: ANoB5pk/RH+hwmBwjAN9S9159Sx9kVMuuMme4LeMAytR49Gka/vlwhBS vv3q8VNh4aU51PkVWdBBEI7vTN5vys9NM50+XJM+H/T5nPSW X-Google-Smtp-Source: AA0mqf7vELN/xGkT5G0H1t7tHkL0dgc3aKL6ynVQxzKZi/XCWijsoyK+TEqL14ePrgmxrqy3mEWgKteBEnz0ynbksnI= X-Received: by 2002:ab0:b8e:0:b0:404:3611:fb13 with SMTP id c14-20020ab00b8e000000b004043611fb13mr44839357uak.54.1670259668010; Mon, 05 Dec 2022 09:01:08 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Erik Aronesty Date: Mon, 5 Dec 2022 12:00:56 -0500 Message-ID: To: Rijndael , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="00000000000031d3cb05ef17a2d4" X-Mailman-Approved-At: Mon, 05 Dec 2022 18:57:59 +0000 Subject: Re: [bitcoin-dev] Announcement: Full-RBF Miner Bounty X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2022 17:01:16 -0000 --00000000000031d3cb05ef17a2d4 Content-Type: text/plain; charset="UTF-8" note: if it was possible to enforce this, we wouldn't need proof of work at all. since it isn't possible, proof of work is strictly necessary. On Mon, Dec 5, 2022 at 9:53 AM Rijndael via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Good morning, > > That sounds like a very dangerous mode of operation. You can already hand > a transaction to a miner privately. I hand a transaction to a miner with > some reasonable fee, and then I go and broadcast a different transaction > with a minimal fee that spends the same inputs. The whole network > (including the miner I handed the tx to) could all be running with a strict > first-seen mempool policy, but we can still have a situation where the > miner creates a block with a different transaction from what you see in > your mempool. If anytime this happens, the nodes running your proposed rule > drop the block, then anyone can fork those nodes off the network whenever > they want. > > Even outside of adversarial settings, Bitcoin doesn't (and doesn't attempt > to) promise consistency across mempools. Making a consensus rule that > enforces mempool consistency is a recipe for (unintended?) chainsplits. > > - rijndael > > > On 12/5/22 7:20 AM, El_Hoy via bitcoin-dev wrote: > > The only option I see against the attack Peter Todd is doing to opt-in RBF > and 0Conf bitcoin usage is working on a bitcoin core implementation that > stops propagation of full-rbf replaced blocks. Running multiple of such > nodes on the network will add a risk to miners that enable full-rbf that > would work as an incentive against that. > > Obviously that would require adding an option on bitcoin core (that is not > technically but politically difficult to implement as Petter Todd already > have commit access to the main repository). > > That said, a sufficiently incentivized actor (like Daniel Lipshitz or Muun > wallet developers) could work on a fork and run several nodes with such > functionality. As far as I understand the percolation model, with 10 to 20 > nodes running such a rule would create a significant risk for full-rbf > miners. > > Regards. > > --- Eloy > > > On Tue, Nov 15, 2022 at 11:43 AM Peter Todd via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> On Tue, Nov 15, 2022 at 03:36:08PM +1000, Anthony Towns via bitcoin-dev >> wrote: >> > On Tue, Nov 08, 2022 at 01:16:13PM -0500, Peter Todd via bitcoin-dev >> wrote: >> > > FYI I've gotten a few hundred dollars worth of donations to this >> effort, and >> > > have raised the reward to about 0.02 BTC, or $400 USD at current >> prices. >> > >> > Seems like this has been mostly claimed (0.014btc / $235, 9238sat/vb): >> >> I'm turning it back on when (if) the mempool settles down. I've got more >> than >> enough donations to give another run at it (the majority was donated >> privately >> FWIW). There's a risk of the mempool filling up again of course; hard to >> avoid >> that. >> >> Right now of course it's really easy to double spend with the obvious >> low-fee/high-fee method as the min relay fee keeps shifting. >> >> > >> https://mempool.space/tx/397dcbe4e95ec40616e3dfc4ff8ffa158d2e72020b7d11fc2be29d934d69138c >> > >> > The block it was claimed in seems to have been about an hour after the >> > default mempool filled up: >> > >> > https://twitter.com/murchandamus/status/1592274621977477120 >> > >> > That block actually seems to have included two >> > alice.btc.calendar.opentimestamps.org txs, the other paying $7.88 >> > (309sat/vb): >> > >> > >> https://mempool.space/tx/ba9670109a6551458d5e1e23600c7bf2dc094894abdf59fe7aa020ccfead07cf >> >> The second is because I turned down the full-rbf reward to more normal fee >> levels. There's also another full-rbf double-spend from the Bob calendar, >> along >> the same lines: >> 7e76b351009326a574f3120164dbbe6d85e07e04a7bbdc40f0277fcb008d2cd2 >> >> I double-spent the txin of the high fee tx that got mined. But I >> mistakenly had >> RBF enabled in that double-spend, so while it propagated initially, I >> believe >> it was replaced when something (someone?) rebroadcast the high-fee 397dcb >> tx. >> >> > Timeline (utc) to me looks like: >> > >> > - 13:12 - block 763148 is mined: last one that had a min fee < >> 1.5sat/vb >> > - 13:33 - >> f503868c64d454c472859b793f3ee7cdc8f519c64f8b1748d8040cd8ce6dc6e1 >> > is announced and propogates widely (1.2sat/vb) >> > - 18:42 - >> 746daab9bcc331be313818658b4a502bb4f3370a691fd90015fabcd7759e0944 >> > is announced and propogates widely (1.2sat/vb) >> > - 21:52 - ba967010 tx is announced and propogates widely, since >> > conflicting tx 746daab9 has been removed from default >> > mempools >> > - 21:53 - murch tweets about default mempool filling up >> > - 22:03 - 397dcbe4 tx is announced and propogates widely, since >> > conflicting tx f503868 has already been removed from default >> > mempools >> >> Is that 22:03 time for 397 from your node's logs? It was originally >> announced >> hours earlier. From one of my full-rbf nodes: >> >> 2022-11-14T14:08:37Z [mempool] replacing tx >> 764867062b67fea61810c3858d587da83a28290545e882935a32285028084317 with >> 397dcbe4e95ec40616e3dfc4ff8ffa158d2e72020b7d11fc2be29d934d69138c for >> 0.00468 additional fees, -1 delta bytes >> >> > - 22:35 - block 763189 is mined >> > - 22:39 - block 763190 is mined >> > - 23:11 - block 763191 is mined >> > - 23:17 - block 763192 is mined including 397dcbe4 >> > >> > miningpool.observer reports both 397dcbe4 and ba967010 as missing in the >> > first three blocks, and gives similar mempool ages for those txs to what >> > my logs report: >> > >> > >> https://miningpool.observer/template-and-block/0000000000000000000436aba59d8430061e0e50592215f7f263bfb1073ccac7 >> > >> https://miningpool.observer/template-and-block/00000000000000000005600404792bacfd8a164d2fe9843766afb2bfbd937309 >> > >> https://miningpool.observer/template-and-block/00000000000000000004a3073f58c9eae40f251ea7aeaeac870daeac4b238fd1 >> > >> > That presumably means those pools (AntPool twice and "unknown") are >> > running with large mempools that didn't kept the earlier 1.2sat/vb txs. >> >> To be clear, you think that AntPool and that other exchange is running >> with a >> larger than normal max mempool size limit? You mean those miners *did* >> keep the >> earlier 1.2sat/vb tx? >> >> > The txs were mined by Foundry: >> > >> > >> https://miningpool.observer/template-and-block/00000000000000000001382a226aedac822de80309cca2bf1253b35d4f8144f5 >> > >> > This seems to be pretty good evidence that we currently don't have any >> > significant hashrate mining with fullrbf policies (<0.5% if there was a >> > high fee replacement available prior to every block having been mined), >> > despite the bounty having been collected. >> >> Oh, we can put much lower bounds on that. I've been running OTS calendars >> with >> full-rbf replacements for a few months without clear evidence of a >> full-rbf >> replacement. While there was good reason to think some miners were mining >> full-rbf before a few years back, they probably didn't bother to reapply >> their >> patches each upgrade. `mempoolfullrbf=1` is much simpler to use. >> >> -- >> https://petertodd.org 'peter'[:-1]@petertodd.org >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --00000000000031d3cb05ef17a2d4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
note: if it was possible=C2=A0to enforce this, we wouldn&#= 39;t need proof of work at all.=C2=A0 =C2=A0since it isn't possible, pr= oof of work is strictly necessary.


On Mon, Dec 5, 2022 at 9:5= 3 AM Rijndael via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
=20 =20

Good morning,

That sounds like a very dangerous mode of operation. You can already hand a transaction to a miner privately. I hand a transaction to a miner with some reasonable fee, and then I go and broadcast a different transaction with a minimal fee that spends the same inputs. The whole network (including the miner I handed the tx to) could all be running with a strict first-seen mempool policy, but we can still have a situation where the miner creates a block with a different transaction from what you see in your mempool. If anytime this happens, the nodes running your proposed rule drop the block, then anyone can fork those nodes off the network whenever they want.

Even outside of adversarial settings, Bitcoin doesn't (and doesn't attempt to) promise consistency across mempools. Making a consensus rule that enforces mempool consistency is a recipe for (unintended?) chainsplits.

- rijndael


On 12/5/22 7:20 AM, El_Hoy via bitcoin-dev wrote:
=20
The only option I see against the attack Peter Todd is doing to opt-in RBF and 0Conf bitcoin usage is working on a bitcoin core implementation that stops propagation of full-rbf replaced blocks. Running multiple of such nodes on the network will add a risk to miners that enable full-rbf that would work as an incentive against that.

Obviously that would require adding an option on bitcoin core (that is not technically but politically difficult to implement as Petter Todd already have commit access to the main repository).

That said, a sufficiently incentivized actor (like Daniel Lipshitz or Muun wallet developers) could work on a fork and run several nodes with such functionality. As far as I understand the percolation model, with 10 to 20 nodes running such a rule would create a significant risk for full-rbf miners.

Regards.

---=C2=A0 Eloy


On Tue, Nov 15, 2022 at 11:43 AM Peter Todd via bitcoin-dev <bitcoin-dev@lists.linuxfoundati= on.org> wrote:
On Tue, Nov 15, 2022 at 03:36:08PM +1000, Anthony Towns via bitcoin-dev wrote:
> On Tue, Nov 08, 2022 at 01:16:13PM -0500, Peter Todd via bitcoin-dev wrote:
> > FYI I've gotten a few hundred dollars worth of donations to this effort, and
> > have raised the reward to about 0.02 BTC, or $400 USD at current prices.
>
> Seems like this has been mostly claimed (0.014btc / $235, 9238sat/vb):

I'm turning it back on when (if) the mempool settles down. I've got more than
enough donations to give another run at it (the majority was donated privately
FWIW). There's a risk of the mempool filling up again of course; hard to avoid
that.

Right now of course it's really easy to double spend with the obvious
low-fee/high-fee method as the min relay fee keeps shifting.

> https://mempool.space/tx/397dcbe4e95ec40616e3dfc4ff8ffa158d2e72020b7d11= fc2be29d934d69138c
>
> The block it was claimed in seems to have been about an hour after the
> default mempool filled up:
>
> https://twitter.com/murcha= ndamus/status/1592274621977477120
>
> That block actually seems to have included two
> alice.btc.calendar.opentimestamps.org txs, the other paying $7.88
> (309sat/vb):
>
> https://mempool.space/tx/ba9670109a6551458d5e1e23600c7bf2dc094894abdf59= fe7aa020ccfead07cf

The second is because I turned down the full-rbf reward to more normal fee
levels. There's also another full-rbf double-spend from the Bob calendar, along
the same lines: 7e76b351009326a574f3120164dbbe6d85e07e04a7bbdc40f0277fcb008d2cd2<= br>
I double-spent the txin of the high fee tx that got mined. But I mistakenly had
RBF enabled in that double-spend, so while it propagated initially, I believe
it was replaced when something (someone?) rebroadcast the high-fee 397dcb tx.

> Timeline (utc) to me looks like:
>
>=C2=A0 - 13:12 - block 763148 is mined: last one that had a m= in fee < 1.5sat/vb
>=C2=A0 - 13:33 - f503868c64d454c472859b793f3ee7cdc8f519c64f8b1748d8040cd8ce6dc6e1<= br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 is announced and pr= opogates widely (1.2sat/vb)
>=C2=A0 - 18:42 - 746daab9bcc331be313818658b4a502bb4f3370a691fd90015fabcd7759e0944<= br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 is announced and pr= opogates widely (1.2sat/vb)
>=C2=A0 - 21:52 - ba967010 tx is announced and propogates widely, since
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 conflicting tx 746d= aab9 has been removed from default
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 mempools
>=C2=A0 - 21:53 - murch tweets about default mempool filling u= p
>=C2=A0 - 22:03 - 397dcbe4 tx is announced and propogates widely, since
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 conflicting tx f503= 868 has already been removed from default
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 mempools

Is that 22:03 time for 397 from your node's logs? It was originally announced
hours earlier. From one of my full-rbf nodes:

=C2=A0 =C2=A0 2022-11-14T14:08:37Z [mempool] replacing tx 764867062b67fea61810c3858d587da83a28290545e882935a32285028084317 with 397dcbe4e95ec40616e3dfc4ff8ffa158d2e72020b7d11fc2be29d934d69138c for 0.00468 additional fees, -1 delta bytes

>=C2=A0 - 22:35 - block 763189 is mined
>=C2=A0 - 22:39 - block 763190 is mined
>=C2=A0 - 23:11 - block 763191 is mined
>=C2=A0 - 23:17 - block 763192 is mined including 397dcbe4
>
> miningpool.observer reports both 397dcbe4 and ba967010 as missing in the
> first three blocks, and gives similar mempool ages for those txs to what
> my logs report:
>
>=C2=A0 =C2=A0https://miningpool.observer/template-= and-block/0000000000000000000436aba59d8430061e0e50592215f7f263bfb1073ccac7<= /a>
>=C2=A0 =C2=A0
https://miningpool.observer/template-= and-block/00000000000000000005600404792bacfd8a164d2fe9843766afb2bfbd937309<= /a>
>=C2=A0 =C2=A0
https://miningpool.observer/template-= and-block/00000000000000000004a3073f58c9eae40f251ea7aeaeac870daeac4b238fd1<= /a>
>
> That presumably means those pools (AntPool twice and "unknown") are
> running with large mempools that didn't kept the earlier 1.2sat/vb txs.

To be clear, you think that AntPool and that other exchange is running with a
larger than normal max mempool size limit? You mean those miners *did* keep the
earlier 1.2sat/vb tx?

> The txs were mined by Foundry:
>
>=C2=A0 =C2=A0
https://miningpool.observer/template-= and-block/00000000000000000001382a226aedac822de80309cca2bf1253b35d4f8144f5<= /a>
>
> This seems to be pretty good evidence that we currently don't have any
> significant hashrate mining with fullrbf policies (<0.5% if there was a
> high fee replacement available prior to every block having been mined),
> despite the bounty having been collected.

Oh, we can put much lower bounds on that. I've been running OTS calendars with
full-rbf replacements for a few months without clear evidence of a full-rbf
replacement.=C2=A0 While there was good reason to think some mine= rs were mining
full-rbf before a few years back, they probably didn't bother to reapply their
patches each upgrade. `mempoolfullrbf=3D1` is much simpler to use.

--
https://petertodd.org 'peter'[:-1]@petertodd.org
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundatio= n.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--00000000000031d3cb05ef17a2d4--