bitcoin-dev
A Free-Relay Attack Exploiting RBF Rule #6
Posted on: March 22, 2024 23:18 UTC
The email from Nagaev Boris to Peter delves into the intricacies of potential vulnerabilities and strategies within Bitcoin's transaction and Lightning Network (LN) protocols, presenting several nuanced points of discussion.
Firstly, it challenges the assumption that an attacker needs to possess a UTXO (Unspent Transaction Output) of significant size to exploit the LN by suggesting an alternative method where attackers could leverage old LN states with ascending feerate balances that favor their counterparty. This implies a lower threshold for attacker resources, requiring only past allocation of a shared UTXO.
Another critical insight discussed is the relationship between the size of the mempool and the effectiveness of certain types of attacks. The larger the mempool, the more potent these attacks could potentially become. This signals an unintentional incentive for miners to increase their mempool size limits due to the uncertainty of future block space demand, thereby amassing a cache of non-mined, low-feerate transactions that could be exploited.
The conversation also revisits bandwidth-wasting attacks facilitated by asymmetries in Replace-By-Fee (RBF) propagation, a concern highlighted back in 2021 with the proposal of an automatic mempool rebroadcasting implementation in Bitcoin Core. Additionally, the email touches on how mempool partitioning could amplify the success rate of pinning attacks, especially against time-sensitive nodes like those in the LN, which typically rely on a single local mempool.
A novel attack variant is proposed where an attacker, with sufficient visibility over the transaction-relay network, could utilize propagation asymmetries and targeted re-injection of traffic to exploit these vulnerabilities. This is compared to parallelization tactics, indicating a broad spectrum of attack methodologies that could be explored further.
Furthermore, the economic implications of replace-by-fee policies in scenarios where local mempools are empty are questioned, highlighting a need for optimization strategies that consider both absolute fee maximization and transaction size constraints.
Finally, the email references a past study on utilizing proof-of-UTXO ownership as a peer-to-peer denial-of-service mitigation technique, inviting further exploration of this concept as a potential safeguard against bandwidth DoS attacks. A link to the discussion led by Gleb Naumenko is provided for deeper insight (link). This comprehensive analysis underscores the multi-faceted nature of network security and efficiency within Bitcoin and LN protocols, urging ongoing vigilance and innovation in addressing these challenges.