bitcoin-dev
A Free-Relay Attack Exploiting Min-Relay-Fee Differences
Posted on: March 31, 2024 17:31 UTC
The process of executing a free-relay attack on nodes, particularly miners with larger than default mempools, involves a series of strategic transactions designed to exploit lower-than-normal minrelayfees.
The initial step in this strategy is to publish a transaction (referred to as tx A) that offers an unusually low fee-rate, deliberately set below the typical minimum relay fees. Despite its low fee-rate, tx A is characterized by a sufficient size to ensure a reasonably large absolute fee, making it not overly difficult for well-connected nodes to get such transactions mined, even without specific connections to miners.
Following the publication of tx A, the attacker publishes a second transaction (tx B), which effectively double-spends tx A. This transaction is notable for having a fee-rate high enough to be accepted by most mempools, yet the total fee attached to tx B is less than that of tx A, ensuring economic viability for the attacker. Subsequently, a third transaction (tx C) is published, spending tx B. Due to its low fee rate and large size, nodes that have processed tx A will reject tx C, as it spends an output that they do not recognize due to the earlier double-spend.
To recuperate funds used in the attack, the attacker can then double-spend tx A with another transaction (referred to as A'), setting a sufficiently high fee-rate to ensure it gets mined. Given the lack of package replacement functionality in the system, the combination of transactions C and B does not replace A in the mempool, thereby limiting the overall cost of the attack to the expense incurred from the initial spending of A. Interestingly, the attack methodology allows for subsequent double-spending of tx C at progressively higher fee-rates, or across various nodes using slightly different variants of tx C.
Mitigation efforts against such attacks could involve the implementation of package replacement strategies. However, from an economic standpoint, it is deemed irrational for miners to engage in mitigation efforts since mining the high fee-rate transaction A', with replace-by-fee-rate features, is more profitable. The discussion and disclosure of this attack mechanism are part of a responsible disclosure effort, underscoring the importance of public awareness and open discussion regarding potential vulnerabilities within the system. By bringing such issues to light, the aim is to garner widespread understanding and scrutiny, fostering a collective effort towards identifying and implementing effective solutions. Further information and discussions on this topic can be explored through Peter Todd’s website, available at https://petertodd.org, and by contacting him directly via email.