bitcoin-dev

A Free-Relay Attack Exploiting RBF Rule #6

A Free-Relay Attack Exploiting RBF Rule #6

Original Postby Peter Todd

Posted on: March 19, 2024 13:46 UTC

The discussion opens by addressing the criticism of the Replace-by-Fee (RBF) rule in Bitcoin Core's mempool, specifically focusing on its path-dependent nature.

The critique is that this characteristic is not exclusive to the proposed RBF rule but is inherent to all transaction acceptance rules within Bitcoin's mempool. Essentially, because an infinite number of nearly identical transactions can be generated—with only minor differences such as transaction ID (txid) due to trivial changes—there will always be a form of path dependency in which transactions are accepted based on their order of arrival.

Further exploration into this topic reveals an interesting aspect regarding the brute-forcing of txid variations. If a rule were established where the lowest txid wins, it would encourage generating numerous variations to achieve a winning txid, effectively creating an "infinite bandwidth." An alternative rule, proposing that the txid with the most leading zeros wins, might limit the bandwidth issue by imposing a sort of proof-of-work (PoW) requirement. However, this does not solve the consensus problem in the mempool, as there could still be countless variations with the same number of leading zeros, highlighting the challenge of achieving consensus over trivial differences.

The broader implications of these discussions point towards the exploration of using bandwidth-constrained channels for transaction replacements that have meaningful yet small differences in size or fees paid. The rationale behind this approach is rooted in economic viability rather than the aim of preventing mempool consensus discrepancies. This perspective suggests a shift towards solutions that make economic sense for managing transaction acceptances and replacements within Bitcoin's network infrastructure.

For more information on these topics, Peter Todd's insights can be found at https://petertodd.org.