[Bitcoin-development] New attack identified and potential solution described: Dropped-transaction spam attack against the blocksize limit

Raystonn . raystonn at hotmail.com
Mon Jun 8 21:40:17 UTC 2015 

> the only way a transaction can be removed from a Bitcoin Core mempool is 
> through it getting mined, double-spent, or the node restarting.

Right.  And that results in some transactions with insufficient fees getting 
dropped today after many hours.

> The protection that we have against that attack is that you need access to 
> a lot of bitcoins to pay enough fees.

That's no protection against a well-funded private and/or public entity. 
Without the block size limit, this attack doesn't exist.  It would simply 
result in a transfer of wealth from spammer to miners, which is a nicely 
antifragile response for the Bitcoin network.


-----Original Message----- 
From: Peter Todd
Sent: Monday, June 08, 2015 2:33 PM
To: Raystonn .
Cc: Patrick Mccorry (PGR) ; Bitcoin Dev
Subject: Re: [Bitcoin-development] New attack identified and potential 
solution described: Dropped-transaction spam attack against the blocksize 
limit

> > there is no memory pool cap currently
>
> Real hardware does not have an infinite amount of RAM.  Memory pool sizes
> cannot grow unbounded.  Some transactions with insufficient fees do get
> dropped today after many hours.

Actually they don't, which is an unfortunate problem with the existing
mempool implementation; the only way a transaction can be removed from a
Bitcoin Core mempool is through it getting mined, double-spent, or the
node restarting.

The protection that we have against that attack is that you need access
to a lot of bitcoins to pay enough fees. With the 0.01mBTC/KB minimum
relay fee and $230 USD/BTC that works out to about $2.3kUSD/GB of ram
consumed, and furthermore, actually getting that many transactions to
propagate over the network is non-trivial. (no, I'm not going to tell
you how)

The obvious solution is to cap the size of the mempool and evict
transactions lowest fee/KB first, but if you do that they you (further)
break zeroconf security. On the other hand, if you don't break zeroconf
security an attacker can prevent reasonable fee transactions from
propagating.

I probably should get around to fixing this...

More information about the bitcoin-dev mailing list