1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <pete@petertodd.org>) id 1XjZYC-0004F9-Kb
for bitcoin-development@lists.sourceforge.net;
Wed, 29 Oct 2014 20:09:00 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of petertodd.org
designates 62.13.148.108 as permitted sender)
client-ip=62.13.148.108; envelope-from=pete@petertodd.org;
helo=outmail148108.authsmtp.net;
Received: from outmail148108.authsmtp.net ([62.13.148.108])
by sog-mx-4.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
id 1XjZYA-0007No-TX for bitcoin-development@lists.sourceforge.net;
Wed, 29 Oct 2014 20:09:00 +0000
Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235])
by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s9TK8pTK035858;
Wed, 29 Oct 2014 20:08:51 GMT
Received: from savin.petertodd.org (75-119-251-161.dsl.teksavvy.com
[75.119.251.161]) (authenticated bits=128)
by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s9TK8m04019206
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
Wed, 29 Oct 2014 20:08:50 GMT
Date: Wed, 29 Oct 2014 16:08:48 -0400
From: Peter Todd <pete@petertodd.org>
To: Alex Morcos <morcos@gmail.com>
Message-ID: <20141029200848.GA3458@savin.petertodd.org>
References: <CAPWm=eXxs=AfFhaT2EeGFsR+2r96WcaOeWL_Z59-6LixH+=4AQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV"
Content-Disposition: inline
In-Reply-To: <CAPWm=eXxs=AfFhaT2EeGFsR+2r96WcaOeWL_Z59-6LixH+=4AQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 66553523-5fa7-11e4-b396-002590a15da7
X-AuthReport-Spam: If SPAM / abuse - report it at:
http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
aAdMdAsUF1YAAgsB AmIbWVReUFV7XGM7 bA9PbARUfEhLXhtr
VklWR1pVCwQmQhVl fRZDUh1ydgxEeHg+ ZEZnXHcVWkJ/cEV4
QE1JEDtXYnphaTUb TRJbfgVJcANIexZF O1F6ACIKLwdSbGoL
NQ4vNDcwO3BTJTpY RgYVKF8UXXNDJDMj QAoBHDMgVVEFSm0r
KBgnIU9UEV0NM0A7 LVomXxoTNBMfQk1Q EkwvSCJCO1gETjYm FkIy
X-Authentic-SMTP: 61633532353630.1023:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 75.119.251.161/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
-0.0 SPF_PASS SPF: sender matches SPF record
X-Headers-End: 1XjZYA-0007No-TX
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Reworking the policy estimation code (fee
estimates)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 20:09:00 -0000
--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Oct 27, 2014 at 03:33:45PM -0400, Alex Morcos wrote:
> I've been playing around with the code for estimating fees and found a few
> issues with the existing code. I think this will address several
> observations that the estimates returned by the existing code appear to be
> too high. For instance see @cozz in Issue 4866
> <https://github.com/bitcoin/bitcoin/issues/4866>.
I don't have time to look at the details of your statistical methods
unfortunately due to some deadlines, but a quick comment:
You should think about the malleability of your estimates to attackers.
For instance the current fee estimation code has a serious issue where
it'll happily estimate ludicriously high fees based on very little date.
There is a 'insane fees' failsafe, but it's IIRC set to allow
transactions with fees of less than 100mBTC/tx, roughly $50 at current
exchange rates. It's relatively easy to get a wallet into a condition
where this happens as the estimations are considered valid even based on
very little data - a simple sybil attack suffices. (e.g. the recently
published paper(1) on Tor sybil attacks comes to mind as one example of
many ways to do this) Obviously this could empty someone's wallet pretty
quickly; an exchange that makes a few dozen transactions an hour could
easily lose tens of thousands of dollars due to this exploit. Someone
correct me if I'm wrong, but last I checked in git HEAD this exploit is
still unfixed.
A user-configurable failsafe limit is a pretty obvious solution here,
albeit a crude one; it'd be interesting to see if a plausible security
argument could be made for something more sophisticated, like taking
into account coin-age of observed transactions that estimates are based
on.
1) "Bitcoin over Tor isn't a good idea",
http://arxiv.org/abs/1410.6079
--=20
'peter'[:-1]@petertodd.org
0000000000000000098d3c9095b47ff1fd692fef5ac6731340802c7c63d38bb0
--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
iQGrBAEBCACVBQJUUUlNXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAxZGM5NzRlNjc4YTdjYjY1ZDU1ZTIzNmFlYzQ5MzM3ZjRl
ZWIyOGU2ZWU5ODIxOGUvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfv//wf/QxtLEzTYc7AiwB8Km0InHqv3
ZEaMmEIjVHBC8eagecvTKP8Jhs/S10Sy0xqU+bNzp1GE7rwxnawKJuSFXqhE98EV
UHn4rO8DxReyqbOlpoqmixmAPkwHc92mw8tsCnpqZaFBohypT5Df9mXZghgfIXB6
lsA4y0cRgxZz+JKCCzcoOgkpHt9xdjc26Wj9nl17L+F49aZt3hVV9CwrU0zSN0JZ
S93ZW4IR2Q+kJ3Xox7CDoLkd6ZcUJ3qt2/PZHP1UF2j3h8vLc480E/QHjZxurC5L
Izr37FY/2y9bHKhBpkLoQC8LlKnUgnEgauAFpqYacUMga+lj8M04UxkdoU4x5A==
=zeWG
-----END PGP SIGNATURE-----
--HcAYCG3uE/tztfnV--
|