[Lightning-dev] Breach tx vulnerability & CPFP attack

Rusty Russell rusty at rustcorp.com.au
Mon Mar 28 23:47:24 UTC 2016


Jérôme Legoupil <jjlegoupil at gmail.com> writes:
> Alice has a channel with Bob, lets say 50BTC on each side, and after some time, the channel ends up with 100BTC in Bob’s favour (so Alice has 0BTC in that channel)
>
> Alice broadcasts the obsolete 50/50BTC commitment tx as well as her revocable tx : Multisig tx -> Alice 50BTC, OP_CSV.
>
> When Bob sees that, he broadcasts his breach tx, put it’s not being picked up in blocks. Why ? Alice followed up by broadcasting (or privately sending to major pools) the tx : Alice 50BTC -> Alice 25BTC. She is offering miners to share Bob’s 50BTC with her. 

Hi Jerome!

        Nasty.  Fortunately, this attack doesn't work very well without
a mining cartel (though it's a very acute demonstration of why
censorship avoidance is important!).

        For miner M, Alice's tx is worth 25BTC * P(M mines block) *
P(nobody else mines Bob's tx).  If we assume everyone is locally
profit maximizing, that last term depends on how many small miners
there are (a 0.1% miner might see Alice's tx as worth 0.025 BTC, but
they're individually not likely to get a block in the 36-block CSV
window).

Peter Todd once said small miners are more important than big miners
(maybe it was in person; I can't find it with a quick google).  This
is why.

Cheers,
Rusty.


More information about the Lightning-dev mailing list