[Bitcoin-development] replace-by-fee v0.10.0rc4

Peter Todd pete at petertodd.org
Sun Feb 22 17:12:22 UTC 2015 

On Sun, Feb 22, 2015 at 08:36:01AM -0800, Tom Harding wrote:
> On 2/11/2015 10:47 PM, Peter Todd wrote:
> >My replace-by-fee patch is now available for the v0.10.0rc4 release:
> >
> >     https://github.com/petertodd/bitcoin/tree/replace-by-fee-v0.10.0rc4
> >
> 
> This patch immediately simplifies successful double-spends of
> unconfirmed transactions.  But the idea that it "gives a path to
> making zeroconf transactions economically secure" is quite dubious.
> 
> * You don't provide sufficient means to detect and relay
> double-spends, which is necessary to trigger a scorched-earth
> reaction.  Not all double-spends will conform to your replacement
> rules.

No, OTOH if they don't then the situation is no difference from what we
have now, and replace-by-fee does no harm. Meanwhile, relaying of bare
double-spend signatures can be implemented in the future, as I suggested
last year for your/Andresen's double-spend relaying patch.

Did you notice the even more obvious way to defeat ANYONECANPAY scorched
earth with that patch?

>   * Maybe XT nodes would help to overcome this.  But meanwhile, in
> the ANYONECANPAY design, Bob's replacement is a triple-spend.  Even
> XT nodes won't relay it.

So? RBF nodes will.

> * It's unclear when, if ever, any senders/receivers will actually
> try to use scorched-earth as a double-spend deterrent.

I suspect many won't, because few people need to rely on unconfirmed
transactions anyway.

> Also, this patch significantly weakens DoS protections:
> 
> * It removes the early conflict check, making all conflict
> processing more expensive

If you're going to consider replacement, conflict processing will
definitely be more expensive. :)

An actual DoS attacker would do their DoS attack in a way where conflict
processing has nothing to do with it, so this change does no actual
harm.

>   * There is no attempt to protect against the same transaction
> being continually replaced with the fee bumped by a minimal amount.

What exact git commit were you looking at? I did have an early one that
did have a bug along those lines, now fixed.

The current version ensures every replacement pays at least as much
additional fees as would normally cost to broadcast that much data on
the network, and additionally requires the fees/KB to always increase;
under all circumstances it should be no more of a DoS threat than
low-fee transactions are otherwise. I'd like to know if there is a flaw
in that code however!

-- 
'peter'[:-1]@petertodd.org
000000000000000017c2f346f81e93956c538531682f5af3a95f9c94cb7a84e8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150222/b1369056/attachment.sig>

More information about the bitcoin-dev mailing list