Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id C2EABC002D for ; Wed, 2 Nov 2022 13:33:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id A991741626 for ; Wed, 2 Nov 2022 13:33:04 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org A991741626 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=WUzmXsJw X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.848 X-Spam-Level: X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNzxXhbXJhUq for ; Wed, 2 Nov 2022 13:33:02 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 7A4B341621 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by smtp4.osuosl.org (Postfix) with ESMTPS id 7A4B341621 for ; Wed, 2 Nov 2022 13:33:02 +0000 (UTC) Received: by mail-ed1-x52c.google.com with SMTP id z18so21463244edb.9 for ; Wed, 02 Nov 2022 06:33:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jHFAmX7UngdKyooHP5toYd51Ywma3v51WwT3jy7CPho=; b=WUzmXsJwpVqNhWMUFnomzTxsqs1Tien01POmJ4kAcPMUbbYEA9si5bCSdZbPyAJZ5h 0nMoTOABuS00/k7K4y3pl4EyG+WwdQeHpTlpFyf9lh6flpF44Cww7Xyh55wvIG92r8vB 0uiS0Ufq5y7Cz5UVYCIZMWzrQGNF5/y5INfJIvxNhKDAbDWEerA26J8Ie9GhWv3L5iQ9 p27rNMFLzgzwyIn1DhJPS7d0cDglU9NWqlpKCizCxbZwfkJLRq8r68euCYUYRI2Qp103 Wgyo0a+tK+hc9lHkg30O/NZEObXX18gwwzQf3/UzCIzZQ3W4jUFM5TBbKovo72JDV7XQ gOsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jHFAmX7UngdKyooHP5toYd51Ywma3v51WwT3jy7CPho=; b=GpBG4boqjn7AdA+kFXR1kjMdYg/Fm2vER5QQH4Uyid6jN82ClJeA4J6IBRGSVf5955 p1oBvs/NlIpcK+YuW5VEs+dKKhdDGQ2eP386rHNMNjKFJwBKFZCOGsTAnHw6awlLqM35 2gOXiC1ANcIRxS5u53nwosVnCADlOKD2/fD3N0UoAG4pmSvCpcfLQFtji24l7IyOxUb0 SeQ+Lhhmq7N4WipVgfoYzjMX3RlCaUHNDN3kSBmg/83tuldOCh1BcIVQMyo1Y7ekqFST 8J20tQWeXo3IdagX3aO6JWBIVgHLROS0OO3adWXgLWWg3ar6vQWJf7tbSde+x1b+Smpu Zy7w== X-Gm-Message-State: ACrzQf3oNtlrHX0onmTkytm3QdbtOyn9u28WhWbj6UcehgblXEZdqthH s804Mlmv12aIPdRycRTKHSZ0VZtAmx3IR6paKQrmGg4MLcg= X-Google-Smtp-Source: AMsMyM4f7j0B1DEqXhOfi9/23445J0bz+dx+c7ECxHUFpwYH6FDVOHNSD2vz9gpOhSJXpJqE72JkWeBnLZBdujOarXA= X-Received: by 2002:a05:6402:3487:b0:463:9585:ae40 with SMTP id v7-20020a056402348700b004639585ae40mr11925918edc.31.1667395980278; Wed, 02 Nov 2022 06:33:00 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Greg Sanders Date: Wed, 2 Nov 2022 09:32:49 -0400 Message-ID: To: Anthony Towns Content-Type: multipart/alternative; boundary="0000000000001ac0cf05ec7ce152" Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] On mempool policy consistency X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Nov 2022 13:33:04 -0000 --0000000000001ac0cf05ec7ce152 Content-Type: text/plain; charset="UTF-8" > I think that's a huge oversimplification of "rational" -- otherwise you might as well say that deliberately pinning txs is also rational, because it allows the person doing the pinning to steal funds from their counterparty by forcing a timeout to expire. To be clear, a pinner is attempting to *not* pay the most fees, by definition. If we're somehow sure something is a pin, we should not allow it, because miners rationally do not want it vs an "honest" bid for fees. V3 design is one attempt to carve out a safe space for fee bidding. Carving out a safe space for *non-bidding* is not the same thing. I think this mostly boils down having knobs or not. I'm fine with knobs with paternalistic defaults, especially when a non-zero percentage of users disagree with a value in either direction. Greg On Tue, Nov 1, 2022 at 11:07 PM Anthony Towns wrote: > On Mon, Oct 31, 2022 at 12:25:46PM -0400, Greg Sanders via bitcoin-dev > wrote: > > For 0-conf services we have potential thieves who are willing > > to *out-bid themselves* to have funds come back to themselves. It's not a > > "legitimate" use-case, but a rational one. > > I think that's a huge oversimplification of "rational" -- otherwise > you might as well say that deliberately pinning txs is also rational, > because it allows the person doing the pinning to steal funds from their > counterparty by forcing a timeout to expire. > > There's no need for us as developers, or us as node operators, to support > every use case that some individual might find rational at some point in > time. After all, it might be individually rational for someone to want the > subsidy to stop decreasing, or to include 8MB of transactions per block. > > Note that it's also straightforwardly rational and incentive compatible > for miners to not want this patch to be available, under the following > scenario: > > - a significant number of on-chain txs are for zeroconf services > - fee income would be reduced if zeroconf services went away > (both directly due to the absence of zeroconf payments, and by > reducing mempool pressure, reducing fee income from the on-chain txs > that remain) > - miners adopting fullrbf would cause zeroconf services to go away, > (and won't enable a comparable volume of new services that generates > comparable transaction volume) > - including the option in core would make other miners adopting > fullrbf more likely > > I think the first three of those are fairly straightforward and objective, > at least at this point in time. The last is just a risk; but without > any counterbalancing benefit, why take it? > > Gaining a few thousand sats due to high feerate replacement txs from > people exploiting zeroconf services for a few months before all those > services shutdown doesn't make up for the lost fee income over the months > or years it might have otherwise taken people to naturally switch to > some better alternative. > > Even if fullrbf worked for preventing pinning that likely doesn't directly > result in much additional fee income: once you know that pinning doesn't > work, you just don't try it, which means there's no opportunity for > miners to profit from a bidding war from the pinners counterparties > repeatedly RBFing their preferred tx to get it mined. > > That also excludes second order risks: if you can't do zeroconf with BTC > anymore, do you switch to ERC20 tokens, and then trade your BTC savings > for ETH or USDT, and do enough people do that to lower the price of BTC? > If investors see BTC being less used for payments, does that lower their > confidence in bitcoin's future, and cause them to sell? > > > Removing a > > quite-likely-incentive-compatible option from the software just > encourages > > miners to adopt an additional patch > > Why shouldn't miners adopt an additional patch if they want some unusual > functionality? > > Don't we want/expect miners to have the ability to change the code in > meaningful ways, at a minimum to be able to cope with the scenario where > core somehow gets coopted and releases bad code, or to be able to deal > with the case where an emergency patch is needed? > > Is there any evidence miners even want this option? Peter suggested > that some non-signalling replacements were being mined already [0], but > as far as I can see [1] all of those are simply due to the transaction > they replaced not having propagated in the first place (or having been > evicted somehow? hard to tell without any data on the original tx). > > [0] > https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-October/021012.html > [1] https://github.com/bitcoin/bitcoin/pull/26287#issuecomment-1292692367 > > > 2) Forcing miners to honor fees left on the table with respect to 0-conf, > > or forcing them to run a custom patchset to go around it, is a step > > backwards. > > As you already acknowledged, any miner that wants this behaviour can just > pick up the patch (or could run Knots, which already has the feature > enabled by default). It's simply false to say miners are being forced > to do anything, no matter what we do here. > > If the direction you're facing is one where you're moving towards making > life easier for people to commit fraud, and driving away businesses > that aren't doing anyone harm, without achieving anything much else; > then taking a step backwards seems like a sensible thing to do to me. > > (I remain optimistic about coming up with better RBF policy, and willing > to be gung ho about everyone switching over to it even if it does kill > off zeroconf, provided it actually does some good and we give people 6 > months or more notice that it's definitely happening and what exactly > the new rules will be, though) > > Cheers, > aj > --0000000000001ac0cf05ec7ce152 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
> I think that's a huge oversimplification of = "rational" -- otherwise
you might as well say that delib= erately pinning txs is also rational,
because it allows the person doing= the pinning to steal funds from their
counterparty by forcing a timeout= to expire.

To be clear, a pinner is attempting to *not*= pay
the most fees, by definition. If we're somehow sure some= thing is a pin,
we should not allow it, because miners rationally= do not want it vs
an "honest" bid for fees. V3 design = is one attempt to carve out a safe
space for fee bidding. Carving= out a safe space for *non-bidding* is not the
same thing.
<= div>
I think this mostly boils down having knobs or not. I= 9;m fine with knobs with paternalistic defaults, especially when a non-zero= percentage of users disagree with a value in either direction.
<= br>
Greg

On Tue, Nov 1, 2022 at 11:07 PM Anthony Towns <<= a href=3D"mailto:aj@erisian.com.au">aj@erisian.com.au> wrote:
On Mon, Oct 31, 2022 a= t 12:25:46PM -0400, Greg Sanders via bitcoin-dev wrote:
> For 0-conf services we have potential thieves who are willing
> to *out-bid themselves* to have funds come back to themselves. It'= s not a
> "legitimate" use-case, but a rational one.

I think that's a huge oversimplification of "rational" -- oth= erwise
you might as well say that deliberately pinning txs is also rational,
because it allows the person doing the pinning to steal funds from their counterparty by forcing a timeout to expire.

There's no need for us as developers, or us as node operators, to suppo= rt
every use case that some individual might find rational at some point in time. After all, it might be individually rational for someone to want the<= br> subsidy to stop decreasing, or to include 8MB of transactions per block.
Note that it's also straightforwardly rational and incentive compatible=
for miners to not want this patch to be available, under the following
scenario:

=C2=A0- a significant number of on-chain txs are for zeroconf services
=C2=A0- fee income would be reduced if zeroconf services went away
=C2=A0 =C2=A0(both directly due to the absence of zeroconf payments, and by=
=C2=A0 =C2=A0reducing mempool pressure, reducing fee income from the on-cha= in txs
=C2=A0 =C2=A0that remain)
=C2=A0- miners adopting fullrbf would cause zeroconf services to go away, =C2=A0 =C2=A0(and won't enable a comparable volume of new services that= generates
=C2=A0 =C2=A0comparable transaction volume)
=C2=A0- including the option in core would make other miners adopting
=C2=A0 =C2=A0fullrbf more likely

I think the first three of those are fairly straightforward and objective,<= br> at least at this point in time. The last is just a risk; but without
any counterbalancing benefit, why take it?

Gaining a few thousand sats due to high feerate replacement txs from
people exploiting zeroconf services for a few months before all those
services shutdown doesn't make up for the lost fee income over the mont= hs
or years it might have otherwise taken people to naturally switch to
some better alternative.

Even if fullrbf worked for preventing pinning that likely doesn't direc= tly
result in much additional fee income: once you know that pinning doesn'= t
work, you just don't try it, which means there's no opportunity for=
miners to profit from a bidding war from the pinners counterparties
repeatedly RBFing their preferred tx to get it mined.

That also excludes second order risks: if you can't do zeroconf with BT= C
anymore, do you switch to ERC20 tokens, and then trade your BTC savings
for ETH or USDT, and do enough people do that to lower the price of BTC? If investors see BTC being less used for payments, does that lower their confidence in bitcoin's future, and cause them to sell?

> Removing a
> quite-likely-incentive-compatible option from the software just encour= ages
> miners to adopt an additional patch

Why shouldn't miners adopt an additional patch if they want some unusua= l
functionality?

Don't we want/expect miners to have the ability to change the code in meaningful ways, at a minimum to be able to cope with the scenario where core somehow gets coopted and releases bad code, or to be able to deal
with the case where an emergency patch is needed?

Is there any evidence miners even want this option? Peter suggested
that some non-signalling replacements were being mined already [0], but
as far as I can see [1] all of those are simply due to the transaction
they replaced not having propagated in the first place (or having been
evicted somehow? hard to tell without any data on the original tx).

[0] https://lists.li= nuxfoundation.org/pipermail/bitcoin-dev/2022-October/021012.html
[1] https://github.com/bitcoin/= bitcoin/pull/26287#issuecomment-1292692367

> 2) Forcing miners to honor fees left on the table with respect to 0-co= nf,
> or forcing them to run a custom patchset to go around it, is a step > backwards.

As you already acknowledged, any miner that wants this behaviour can just pick up the patch (or could run Knots, which already has the feature
enabled by default). It's simply false to say miners are being forced to do anything, no matter what we do here.

If the direction you're facing is one where you're moving towards m= aking
life easier for people to commit fraud, and driving away businesses
that aren't doing anyone harm, without achieving anything much else; then taking a step backwards seems like a sensible thing to do to me.

(I remain optimistic about coming up with better RBF policy, and willing to be gung ho about everyone switching over to it even if it does kill
off zeroconf, provided it actually does some good and we give people 6
months or more notice that it's definitely happening and what exactly the new rules will be, though)

Cheers,
aj
--0000000000001ac0cf05ec7ce152--