1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
Delivery-date: Sat, 20 Jul 2024 07:12:29 -0700
Received: from mail-oa1-f62.google.com ([209.85.160.62])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDRYHVHZTUGRBREL562AMGQEZN7OZNY@googlegroups.com>)
id 1sVAp2-0003BY-JP
for bitcoindev@gnusha.org; Sat, 20 Jul 2024 07:12:28 -0700
Received: by mail-oa1-f62.google.com with SMTP id 586e51a60fabf-25e919618c4sf2322789fac.2
for <bitcoindev@gnusha.org>; Sat, 20 Jul 2024 07:12:28 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1721484742; cv=pass;
d=google.com; s=arc-20160816;
b=BO9ShhrgpDJqJ8tNRfOSuAkYvmn7gt2PqTK9HCz1zex5S5NrKqTlco472R8OOytSEG
LkmhuXEv5f5IDdTwH38qgkQaYEJGVJ/l1CXRRnwm7ljzIzkxaBBpl80YVufCMlCCs1MV
787KJDU4F0mSBC0cD1UR/GNvR8juPEyKm19oTfejz+Eefx9gsSoFPCuAr7Gpduv/3SCf
kTbAvCkvwoE3qqrgMTF1FtsB+a+ejbyREiTFyj+Q8GlbF1r4zFWzoXC9F0mkOmwAGEyG
ty29hRwWS+yYsjOYwtyt5pdNtLC3KhQHcBCMJuWCU7+MKIQxp8//NGbRVcahywPUn3tT
rzSg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:in-reply-to:content-disposition
:mime-version:references:message-id:subject:cc:to:from:date
:feedback-id:sender:dkim-signature;
bh=hSvvwGYFoGpN7gaOv9f2aapWBLmizKaUcgvJpp0ahb8=;
fh=aTKRs3J2htqS/4JCDqRkqP7HmsuaZAc6uz0bGGRNtDk=;
b=kV+xXxWoLi1Tcw/vtFkvAUlubkh0iKTQdLlYBLKxmLBY2umVzoFds/BBXdAoB4AMRO
XR2KK2T6A+rxnlQr7YUoglwqIJkkiUxqjnos5SExE3lrNiV4blz4XR72/y704swQpC0b
2n9Sw/mNnsvpJmcS2T2+MVfY9jeGs/xN7qpEUv9YqQCHHvymxgmnsjMp7LoqcrcrRstF
Pi6+oi0V7JTqlyt/l7QwJbxT8z7jvvf13IvR31ENW0sD7IgGdKEIlviJUiy+c8kHpv3y
0jzpjH/+ypArQlHbitEUjEFzKPSPUEYqZpAyXRyATc5xuZ4KuVbP7ZwC6CGRJh1QH5hg
ktuA==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=sU3CQ8Cu;
spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) smtp.mailfrom=pete@petertodd.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1721484742; x=1722089542; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:content-disposition:mime-version
:references:message-id:subject:cc:to:from:date:feedback-id:sender
:from:to:cc:subject:date:message-id:reply-to;
bh=hSvvwGYFoGpN7gaOv9f2aapWBLmizKaUcgvJpp0ahb8=;
b=HjV3hxssjYl0R9rocBGsdMkLcdKziDslHIgdvkW0rG7IGygUjall6Ppsp58GnUyTth
EQf0Kze5mk2nta702N8eHEqyyX3g31/2Q/ZqZcc1N2PXABqAqFyXZbTej9O2d1otii+/
o48FlkW4PBijcAs9pJ/+YNoaVxpWp0Ld3etD7KBDTP4gf+/mdU8NvtmFJvIhSvdG47YL
e/iF2QBtHCb+1k2RFuRfFZFcqSilvN4Iboc70xHekMvFPktakEHSMLeqLBKEJictvWA4
Q3tFOAi8xRYnUm6sHJTYaMRYtg6F4MT7d/Z0tJFcCXuVZPOc22O7l38ZbhY2W3Wu3/il
JbLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721484742; x=1722089542;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:content-disposition:mime-version
:references:message-id:subject:cc:to:from:date:feedback-id
:x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=hSvvwGYFoGpN7gaOv9f2aapWBLmizKaUcgvJpp0ahb8=;
b=OzWbyQQJ8m9p5NDguXYJxbRHsMnUFaZzFFm/rx+8CXRq6SspeZRSe0/HnEl63zxPkW
Rn3drDepxCe5xvg94BPYEGNBkCCDc5a6vwLjZp4UgvlXrf2EfcJLOowxC3esyz6yQv76
Ol+TXXPrdmmbVfvX6eAnNhCdRhfiwgM6gSYdp6Z9XJ6kfLYHqwFz/XyEGk5dJLd9x+3n
cwqIahivlIOEhfcaRREbzgec5fH2IDOwW8TXaOxH5f51gcwC4Cdhv7w3eaUGUaGIrYl1
fJGb/TUVd951qH2fl0NbybW7C3so2FOS30Pbqz06sayAzDJkHpwAU+rqp9bF/dWXWAsA
M2tQ==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVUHb2Wf3LROsEZ/BYzavh9gpvImFKWYC5HfMBLnoKiG1DHq0RmCwErCrdf5R/g72OXdWBIILp8ymHCwWPlD+Z+i6vfOn0=
X-Gm-Message-State: AOJu0Yw1odsgYUi+5zw9DO6V+AfUyS47RYebq8kdg9cuhjjkuwKkZZZN
6N9uBW6N9xlAcyQnWUSGvWfW4g1O/7RGn9uqBb/R46FkcPYAfbWQ
X-Google-Smtp-Source: AGHT+IEfjW2s/a3NCrULmRukyP2oH6//ETipD+PR0ti4zukrZkTxlGDXjuNOQvOaccupRPPNButtsw==
X-Received: by 2002:a05:6870:f14a:b0:260:f75c:c28b with SMTP id 586e51a60fabf-2638df895eamr1116251fac.8.1721484741920;
Sat, 20 Jul 2024 07:12:21 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6871:6188:b0:25e:160c:c90 with SMTP id
586e51a60fabf-260ec506795ls2906218fac.2.-pod-prod-08-us; Sat, 20 Jul 2024
07:12:20 -0700 (PDT)
X-Received: by 2002:a05:6870:b1c6:b0:25e:d735:3b93 with SMTP id 586e51a60fabf-261216bdc10mr120508fac.9.1721484739975;
Sat, 20 Jul 2024 07:12:19 -0700 (PDT)
Received: by 2002:a05:6808:a09:b0:3d9:2ea5:e56e with SMTP id 5614622812f47-3dadf32f947msb6e;
Sat, 20 Jul 2024 07:10:58 -0700 (PDT)
X-Received: by 2002:a05:6a21:999e:b0:1c3:b296:972f with SMTP id adf61e73a8af0-1c4285d3565mr1916721637.15.1721484657163;
Sat, 20 Jul 2024 07:10:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1721484657; cv=none;
d=google.com; s=arc-20160816;
b=zIjjx6I0f+o5lDQGz/EzM3JlIcE004/0zsUiQ8a4tz1r3YfAf6BDusaRvG34oSqMrq
tdW/E8rA4ssRzOHCh6ySN+tWRitZCHmKy2rCDK7FgIdFhrIywvBp5T1cyftREvg4rRg8
coDT8FW/qqYWcUE4hmVIzl5s1oLjetGD9+nfzC1ivf7/HYwDoLfk7KRUPpTXxkZhSVRA
/upEKuRax7ijdX4oXFyZB2iX0PmBrHs2mzWGfx47/wMVLkoUSoFOjP90Dfi38/IORkxj
tUUeDp4CqntpgTER7n9DXYyAi3M/eaMTczJdOmWbJudKPRMChvbsnN+/pdwya6JjxjtS
Jv5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=in-reply-to:content-disposition:mime-version:references:message-id
:subject:cc:to:from:date:feedback-id:dkim-signature;
bh=0NLlPn2OPJ0+Y9IrvImSrzsuPXdfxlfeW9QBvKzRtM4=;
fh=foaZ9w3C3c5ltuXRyLrsJcSZd5F+/L4e8AHpKYxjE8o=;
b=gWxRwqZt6tO+AkZQiZWJqXQFdjw02Z6bWvNCzdg3mtOaqH6IN77uofpnIjerjd9vq9
camR+jEtKnGolYFImQQVu9V1xstYSiQM2L7PXxx7XS6WvVv1ZutRv9zofbE6aLfQURNg
RNdjBH7rD98faXSxJwidMOU2Ha27ckdMpOFjmr5Ar/XzlQQVCnsq6HdqHxMkMAWLkyz+
Ry84Tv0H3xZ6JfoeOiXR2psmb3g92F+EBuN2n8boCCpLK9rilhLjQ2LUNjxUgU8lerSu
jE2FaMdZ1oWFVcJSA4CikGnYpuaY1m9R+GJYkv6L9xHc+7vZx8CCHg2V8ogTnip4rwej
gFCA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=sU3CQ8Cu;
spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) smtp.mailfrom=pete@petertodd.org
Received: from fhigh8-smtp.messagingengine.com (fhigh8-smtp.messagingengine.com. [103.168.172.159])
by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-70d130b6123si31444b3a.0.2024.07.20.07.10.56
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 20 Jul 2024 07:10:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) client-ip=103.168.172.159;
Received: from compute8.internal (compute8.nyi.internal [10.202.2.227])
by mailfhigh.nyi.internal (Postfix) with ESMTP id 05A8A11401A9;
Sat, 20 Jul 2024 10:10:56 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
by compute8.internal (MEProxy); Sat, 20 Jul 2024 10:10:56 -0400
X-ME-Sender: <xms:b8WbZtb0QksSl-_-bZaFnBgk7tiFnzlFOzfMRtfz8C4hNdf2J3WE_Q>
<xme:b8WbZkafuMSNacI-grRt-rSw-eSuoDv_DX_FTHM6pqjgKw3hpkjm4qjGXefaoPAR3
YXbdxR_c8BODxDauSo>
X-ME-Received: <xmr:b8WbZv8MnSE0XKjW6abcFCpf1zvK7B9oYlSGlRCR0j_9rqlJ7l9mYvRmfzX_hQQ1WU7PZBAJiMV9fnCBe9TKu0i1w0sW2w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrheefgdejvdcutefuodetggdotefrodftvf
curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
uegrihhlohhuthemuceftddtnecuogfuuhhsphgvtghtffhomhgrihhnucdlgeelmdenuc
fjughrpeffhffvvefukfhfgggtuggjsehgtdorredttddvnecuhfhrohhmpefrvghtvghr
ucfvohguugcuoehpvghtvgesphgvthgvrhhtohguugdrohhrgheqnecuggftrfgrthhtvg
hrnhepvedutefhffeuudduleekudejjeekleegudeiveejudeitedvtdevudeuteevheeg
necuffhomhgrihhnpehgohhoghhlvgdrtghomhdpphgvthgvrhhtohguugdrohhrghenuc
evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvghtvges
phgvthgvrhhtohguugdrohhrgh
X-ME-Proxy: <xmx:b8WbZroOg8siPhHIkWTWeRxMfSFdt37CVX4MkXDEUtvBBewbu0yPTw>
<xmx:b8WbZoolxIGEOIj0NmdsStdiLWHslVC2gfOjOwoGaE6MnWC7JQE8PQ>
<xmx:b8WbZhSUXEJTp1Lq1vu9fRZv5YzAf65BpT9_mv55f86gmVLSSR55lg>
<xmx:b8WbZgqWgrvCeIqQxIluUu63mccFX0DbjA9Q65H0BUrFvzeHZjTjyg>
<xmx:b8WbZtBiVFInbTqbDt5cgGwxZHie5t--yrjQUwLWaWLRz45iNyoqE5vu>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat,
20 Jul 2024 10:10:55 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
id 26DCB5F83F; Sat, 20 Jul 2024 14:10:49 +0000 (UTC)
Date: Sat, 20 Jul 2024 14:10:49 +0000
From: Peter Todd <pete@petertodd.org>
To: Murch <murch@murch.one>
Cc: bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack
of Full-RBF In Core
Message-ID: <ZpvFaRDoNbzSOgIq@petertodd.org>
References: <Zpk7EYgmlgPP3Y9D@petertodd.org>
<6f6177b4-4fd3-4c22-ad13-97d430d7d0bc@murch.one>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="Ktj3vlIIKXJ8qT/d"
Content-Disposition: inline
In-Reply-To: <6f6177b4-4fd3-4c22-ad13-97d430d7d0bc@murch.one>
X-Original-Sender: pete@petertodd.org
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@messagingengine.com header.s=fm3 header.b=sU3CQ8Cu; spf=pass
(google.com: domain of pete@petertodd.org designates 103.168.172.159 as
permitted sender) smtp.mailfrom=pete@petertodd.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)
--Ktj3vlIIKXJ8qT/d
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
On Fri, Jul 19, 2024 at 02:26:44PM -0400, Murch wrote:
> On 7/18/24 11:56, Peter Todd wrote:
> > # Summary
> >
> > This is a public disclosure of a vulnerability that I previously disclosed to
> > the bitcoin-security mailing list.
>
> It seems redundant to point out that some transactions are only relayed by a
> subset of a node population if there are multiple diverging mempool policies
> with significant adoption.
1) So you agree with me in general that this is just one of a large class of
"free" relay attacks?
2) You should re-read my analysis. You do _not_ need significant adoption of
the diverging mempool policy for this attack to work. Literally a single miner
is sufficient.
Indeed, as I pointed out one month ago on this mailing list, a "free" relay
"attack" was happening by accident due to good samaritans attemping to spend
Lightning anchor outputs to clean up the UTXO set, accidentally pinning
Lightning nodes in the process, and the fact that Libre Relay's RBFR was
already sufficent to get the intended transactions mined:
"Libre Relay v27.1 released with lower 1.25x replacement threshold" - Jun 20th 2024
https://groups.google.com/g/bitcoindev/c/n2GNmnz0btw/m/IemUVKBoAgAJ
> However, I concur that Bitcoin Core should match its default setting for
> `mempoolfullrbf` to the behavior of miners, and there appears to be palpable
> evidence that a supermajority of the hashrate has enabled `mempoolfullrbf`.
Thanks!
--
https://petertodd.org 'peter'[:-1]@petertodd.org
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZpvFaRDoNbzSOgIq%40petertodd.org.
--Ktj3vlIIKXJ8qT/d
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmabxVEACgkQLly11TVR
Lzcs+RAAnTcZ3xUepdr/ySzRzZS5987+PLRGt+AsDgJvVKxrMFiNSvDfRg+pB5D7
52yRMHsA0KzMFkvfj93Yi18p5fdJOWmbPV2UprQr53Lt1T8fFT9RzF98zhzDoXfm
1+IzxjWk/hY2r4mGTVm69tuHr5Ffz6Xz3IGD3ajZQ63Z5A9/iPCWqpnZElZzg8uH
9cpimJIqVNGdWjYq8++HOc737/lrjRuzTgBg++/2witU9HKkCEA+N6qqALipZ6/A
tLOUbmWeCJvKfFtSh/vto6QOax5Z790L4bPPuc3O9VKCBa/HZabVbUxvhsXXwNz+
b0XO8yyAT9G5N4l8eLn5yEXtS6zSyR0tmp36CZwlGtoMhrttNm9GKJEK89/+O6cV
4HVs7+y97PwjfbPihcT84PeMj9g7cgJ0RI+fTNDwRY0daGR6KoziQaeCLl/7ELha
nlBs5A7STI3c8CxfsQ/flpfElCFHAwHFW2bYWQKrmgUxwOqQApTuTjpXDhSZvVvq
mopNaMrx6VPj2kJ7hbN90hZr36sAzsqvODt3JeR5T8xAgE6Ay1zoFGtbDVDI2nsJ
BMJHXATJNv2bOqbLvhV23uAJMpMvbsFb1cR9iMxTpU4nydRdGmrrzr0Om7xpEN04
advag8CWAPSNekpH3QtHu1Wig4kaVqRRaFH3TWOWnEkIcrpkuNs=
=KGW7
-----END PGP SIGNATURE-----
--Ktj3vlIIKXJ8qT/d--
|
