[bitcoin-dev] Making OP_TRUE standard?

Rusty Russell rusty at rustcorp.com.au
Wed May 30 02:47:20 UTC 2018 

Peter Todd <pete at petertodd.org> writes:
> On Mon, May 21, 2018 at 01:14:06PM +0930, Rusty Russell via bitcoin-dev wrote:
>> Jim Posen <jim.posen at gmail.com> writes:
>> > I believe OP_CSV with a relative locktime of 0 could be used to enforce RBF
>> > on the spending tx?
>> 
>> Marco points out that if the parent is RBF, this child inherits it, so
>> we're actually good here.
>> 
>> However, Matt Corallo points out that you can block RBF will a
>> large-but-lowball tx, as BIP 125 points out:
>> 
>>    will be replaced by a new transaction...:
>> 
>>    3. The replacement transaction pays an absolute fee of at least the sum
>>       paid by the original transactions.
>> 
>> I understand implementing a single mempool requires these kind of
>> up-front decisions on which tx is "better", but I wonder about the
>> consequences of dropping this heuristic?  Peter?
>
> We've discussed this before: that rule prevents bandwidth usage DoS attacks on
> the mempool; it's not a "heuristic". If you drop it, an attacker can repeatedly
> broadcast and replace a series of transactions to use up tx relay bandwidth for
> significantly lower cost than otherwise.
>
> Though these days with relatively high minimum fees that may not matter.

AFAICT the optimal DoS is where:

1.  Attacker sends a 100,000 vbyte tx @1sat/vbyte.
2.  Replaces it with a 108 vbyte tx @2sat/vbyte which spends one of
    those inputs.
3.  Replaces that spent input in the 100k tx and does it again.

It takes 3.5 seconds to propagate to 50% of network[1] (probably much worse
given 100k txs), so they can only do this about 86 times per block.

That means they send 86 * (100000 + 108) = 8609288 vbytes for a cost of
86 * 2 * 108 + 100000 / 2 = 68576 satoshi (assuming 50% chance 100k tx
gets mined).

That's a 125x cost over just sending 1sat/vbyte txs under optimal
conditions[2], but it doesn't really reach most low-bandwidth nodes
anyway.

Given that this rule is against miner incentives (assuming mempool is
full), and makes things more complex than they need to be, I think
there's a strong argument for its removal.

Cheers,
Rusty.
[1] http://bitcoinstats.com/network/propagation/
[2] Bandwidth overhead for just sending a 108-vbyte tx is about 160
    bytes, so our actual bandwidth per satoshi is closer to 60x
    even under optimal conditions.

More information about the bitcoin-dev mailing list