52/c5c545bbbc9d16d80daa8cd2b9f10fdc4d78d9


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178

Delivery-date: Mon, 27 Jan 2025 14:19:42 -0800
Received: from mail-qt1-f186.google.com ([209.85.160.186])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBDZ3NVEJ5UFBB5MM4C6AMGQEI2CDKKY@googlegroups.com>)
	id 1tcXSI-00036j-2W
	for bitcoindev@gnusha.org; Mon, 27 Jan 2025 14:19:42 -0800
Received: by mail-qt1-f186.google.com with SMTP id d75a77b69052e-467a4f0b53bsf179714831cf.3
        for <bitcoindev@gnusha.org>; Mon, 27 Jan 2025 14:19:41 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1738016376; cv=pass;
        d=google.com; s=arc-20240605;
        b=UFqfnFDsfvGFTlcucciiJD3vmdWM3R6EkDK+Va49aVF1JDsfPAb+WQaB2lrkgsiAGU
         zSyWRnR8FYTtuDkCUtpHkdFcMiXOAXjBiXGv/u8W3FuG+q6xqmlVlM8kNnsWC7tFaB+P
         CsdCOMuJVosY1+DXxI+dPDS9HyQAvJ707CdyGkoxNmsnGFvzvhVfhd4UtRCLy/swow1+
         V1hxKhWsuJyKCohqzZdK4gORfZOtXJaU5oyapqSKs2zERSYthPbH0hFKMON6pmMJX7LJ
         3Ofp3iug+Sw6u3F4U24RnQgZ1/Yu69MSAvDQUgLUQ0E/b+zAUTIl9KA8MOancF25exIP
         +EhA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:message-id:references:in-reply-to
         :subject:cc:to:from:date:mime-version:sender:dkim-signature;
        bh=tliRThPRYpWOunnHcrniey5iarb3FdK72Q9xrFaPJmY=;
        fh=aVsMFfKt5sx+FZZWKLlknK8QxrdkuHwLVP8y41DsrEA=;
        b=Ok5IwvIG8ER3Jg8Zq11G+nxBRjucTcOpZ0kyUfN7TgBHX80dGdrXSRrO8qyCAq+0HX
         ddcPwXIsehv+f3lULPeXF5C9Dtpx7Vt4OQAMPiNd0mmm+K61xx4FRmvFvLbdYM9v7AA3
         ZBr/W+h+hFRYiBXJIE6Pp5HhPLFVTqUtJqTzrJSAfPkC+j1I8cnpd//vNfGmBIxYDWF7
         oSMrUHYD3uQIq1V4fx/FxB50xT3DLuY/VlRsFOOXg6moz69f3A/e5RkZJ5GwSA0nZW0X
         CpTMDjwBUzLn135ZXWMlrQE8gjFfnIo9iV8XWKN81qdpI3dOK0jXsav8+vib6uB/+9jn
         YRhA==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       spf=pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) smtp.mailfrom=dave@dtrt.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1738016376; x=1738621176; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:message-id:references:in-reply-to:subject:cc:to
         :from:date:mime-version:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=tliRThPRYpWOunnHcrniey5iarb3FdK72Q9xrFaPJmY=;
        b=XCg1KqjiHwKoDGhij6vjgCeclJ5u4LMuRUyqFAuz5XQJ546w+tVDWBhEmwOTSb9rUR
         DDssvPSgyOFnkzDZlzAXWQEr6gOd62L2M6277DhusNzHYo5aLtbZEt7JazH8EDMbc34p
         XlAB8hQOdDK2N/VOhlo3uULv8j7jGKQEkjtpUkUNeZeH8ulxiGI+UMS0elmuyAX6wRYD
         zM13i25kY+xA3nN3Xdb2T+oVMyLBJJo/HqfQs4c8KsVqlaDOVd6dwrb/P7XGCo+tFUZ7
         CXbXdP9lCR50eRLnrrQnQdptV1aXsH5trnwgdnQmiaAkXw4jbIeOS10cHG6e60CdIrPD
         +pRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1738016376; x=1738621176;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:message-id:references:in-reply-to:subject:cc:to
         :from:date:mime-version:x-beenthere:x-gm-message-state:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=tliRThPRYpWOunnHcrniey5iarb3FdK72Q9xrFaPJmY=;
        b=nZAPVIc1xmPWZ6zBlf2p35q6SErXe660MCgaLjehzA1yILdBoK/sRKpTDpZR8Deyxr
         2CbOdzYKn4zd9Z5jlfZ8ejWca33qSe44t3Fr/G/ZM5Zh5qHAmueZiQQCOBL3SQAkz6v+
         zQqgLMBZjs8MyTAul06RxsokqlfK0q9MeAW/vN8J8Dc5k04pa2wfDjTXjilyX7dEErDI
         6vuw9pJ/6XuNiO4USz4R2h+nYMi6ez0lCeUO1UDhw4GUhsZYwU/4F7dOIgO3w1oe4AaY
         wXSCCEJm6CayAnipYzd0XEgjDw76oXGufaV8yo0SS+YbtBysunYkXdS7ouuRv4cRLdKr
         QfOQ==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCXlCW32zkg5FtGGCWhONhrDMPSrbuQG56ZlcxPyYWSlSa9Uh5tFpfhtrJKLdlKkZZkWylMr+4Zu1Cnl@gnusha.org
X-Gm-Message-State: AOJu0Yw2YgG8MZE/O7KqYcE0oK9Vx9PR4u+/B5HwUnq+jZHKmCW4ngxN
	QZa1Fn9DvkJEoqQkABpQWF+v3Y3JmMsVtWlUu5rAESA1uMBbdK/b
X-Google-Smtp-Source: AGHT+IEeKTtEHDtbY9uh5DEGf6jAiYqnx+bOl8de/MwjkeDXv+h9b7bXYsUzCiLLL7H1x7n0HmQplg==
X-Received: by 2002:a05:622a:24c:b0:46c:71f6:819b with SMTP id d75a77b69052e-46e12bdd346mr601453761cf.49.1738016376072;
        Mon, 27 Jan 2025 14:19:36 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:ac8:7cc:0:b0:467:5016:57f9 with SMTP id d75a77b69052e-46e5b3d5c52ls84531141cf.0.-pod-prod-04-us;
 Mon, 27 Jan 2025 14:19:33 -0800 (PST)
X-Received: by 2002:a05:620a:4894:b0:7b6:ecaa:9633 with SMTP id af79cd13be357-7be631e6c02mr7828908485a.7.1738016373095;
        Mon, 27 Jan 2025 14:19:33 -0800 (PST)
Received: by 2002:a05:620a:319c:b0:7b6:67a8:4fcd with SMTP id af79cd13be357-7bff5151275ms85a;
        Mon, 27 Jan 2025 14:17:14 -0800 (PST)
X-Received: by 2002:a05:620a:f03:b0:7be:3d2f:16fc with SMTP id af79cd13be357-7be6325dc8emr6710313185a.51.1738016232460;
        Mon, 27 Jan 2025 14:17:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1738016232; cv=none;
        d=google.com; s=arc-20240605;
        b=lOiW4RTVfdqqYoLDA8yGBRO6pawKNJSh0bmoJrlkNeA8i1Wd4urbObW6vxnNi/LheT
         +wYP3ahT0BsWQf1/7j006RbbqoMr38zGStyb3eeMNERNT4sSIRBeW3UA+DznVIfR4shD
         MzQmjT8fIuA1ad3eznTAga9TBxCcD20dEngRl0on/n3Waoz6gWzz4tljYqqFi6sAIgI6
         z2zwvKcJCVGtOdDPfjCPnUcps4rsuVLfPgm3olPCS5mY0T1IehwnUkRM9nqnrMDCAh+r
         DbR/BTYLfIZKPUtyboUMgq13gYo3nJ47I82qrT9AziDgun+wSdhN93Ud+fx/DnhfGiLj
         j7jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:message-id:references:in-reply-to:subject
         :cc:to:from:date:mime-version;
        bh=hWZldVEaSZXXtTSHjoJmaWkHKrh0YGXh2oW27BGupl8=;
        fh=1vJhtMnp845xQ5y34NlluuSEazdOjP1alCP9NGNZjsI=;
        b=GdONP/iku9D5TWnEmOMaICP+kuB4GEsxNJl/fc3aGNZZkNFD+DEC/z+zbBwBmIePnn
         re1YoLzNjx250w2zplGKP5IKKKif9dHx/7zc2ExwKzIRELd3KIedNNrlJJFxQu1jSysN
         p8fqU0eY1SVbAtMwmywF1AANcqhwJZ8oxO8DkSv3w9BYPEruZxoQdHrkuFLW8NSmh4Bj
         gAo97T2KCR24wzS8Hf7Hb6jTb7bI30c9Y920ecJhTgVwSmUe5QH3Th+3uDcIxW1v+xdf
         a3GbYwur+13B/Ysoxb86OnKaDBqf4CcbK638BWjCaEvD+8CbNqgnF0HFiJwj5LUzrlp+
         S20w==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) smtp.mailfrom=dave@dtrt.org
Received: from smtpauth.rollernet.us (smtpauth.rollernet.us. [208.79.240.5])
        by gmr-mx.google.com with ESMTPS id af79cd13be357-7be9ae7caacsi37613685a.2.2025.01.27.14.17.12
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 27 Jan 2025 14:17:12 -0800 (PST)
Received-SPF: pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) client-ip=208.79.240.5;
Received: from smtpauth.rollernet.us (localhost [127.0.0.1])
	by smtpauth.rollernet.us (Postfix) with ESMTP id 94DE1280004F;
	Mon, 27 Jan 2025 14:17:05 -0800 (PST)
Received: from webmail.rollernet.us (webmail.rollernet.us [IPv6:2607:fe70:0:14::a])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(Client did not present a certificate)
	by smtpauth.rollernet.us (Postfix) with ESMTPSA;
	Mon, 27 Jan 2025 14:17:05 -0800 (PST)
MIME-Version: 1.0
Date: Mon, 27 Jan 2025 12:17:05 -1000
From: "David A. Harding" <dave@dtrt.org>
To: Antoine Riard <antoine.riard@gmail.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>,
 security@ariard.me
Subject: Re: [bitcoindev] [FULL DISCLOSURE]: Replacement Cycling Attacks on
 Attacks on Bitcoin Miners Block Templates
In-Reply-To: <CALZpt+EnDUtfty3X=u2-2c5Q53Guc6aRdx0Z4D75D50ZXjsu2A@mail.gmail.com>
References: <CALZpt+EnDUtfty3X=u2-2c5Q53Guc6aRdx0Z4D75D50ZXjsu2A@mail.gmail.com>
Message-ID: <7aa8b4bd7c2d475ad07efb90d770fbd8@dtrt.org>
X-Sender: dave@dtrt.org
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Rollernet-Abuse: mailto:abuse@rollernet.us https://www.rollernet.us/policy
X-Rollernet-Submit: Submit ID 2921.679805e1.75e36.0
X-Original-Sender: dave@dtrt.org
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
 (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted
 sender) smtp.mailfrom=dave@dtrt.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)

On 2025-01-27 05:22, Antoine Riard wrote:
> As soon as Alice's batch transaction starts to propagate, Mallet
> consumes its 2 outputs with 2 chain of junk transactions to reach max
> package limits (25 descendants) and block the carve-out. The junk
> transactions are of size 150 bytes and feerates 2 satoshis per virtual
> byte and they have 2 parents: one Alice's payout UTXO and one Mallet's
> UTXO.
> 
> Starting from this point, Alice's exchange server logic should either
> (a) attempts a CPFP or (b) attempts a RBF on the batch transaction. As
> there is no global mempool, Alice is uncertain on the explanation for
> the lack of propagation of her batch transaction [...]

Do I understand correctly that this attack only applies if Alice
attempts to fee bump her batch transaction?  In short, is this the
attack:

- Alice broadcasts a transaction.
- Mallet pins Alice.
- Alice doesn't realize she's been pinned and bumps the fees.
- The bump doesn't propagate due to the pin, but Mallet receives it
   anyway somehow.
- Mallet mines the fee bump, but nobody else mines it because it didn't
   propagate.  Mallet thus makes more money than other miners.

Thanks,

-Dave

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/7aa8b4bd7c2d475ad07efb90d770fbd8%40dtrt.org.