1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
Delivery-date: Fri, 19 Jul 2024 11:27:34 -0700
Received: from mail-qv1-f63.google.com ([209.85.219.63])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABBDPA5K2AMGQEBYC5OJI@googlegroups.com>)
id 1sUsKL-0007hm-US
for bitcoindev@gnusha.org; Fri, 19 Jul 2024 11:27:34 -0700
Received: by mail-qv1-f63.google.com with SMTP id 6a1803df08f44-6b79810e326sf38119396d6.3
for <bitcoindev@gnusha.org>; Fri, 19 Jul 2024 11:27:33 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1721413647; cv=pass;
d=google.com; s=arc-20160816;
b=zfoPCDO85B/DtFLu6aWzFInjtVFbuJe0HFQrFaEkw+VVvLcRY0lJJCM2ihdrqyv3g4
TSY1vDEwIQq+ji8DEbPqsJkUwE6L2Dt4V5rPZCyr6rSS3jM3pDnRBuT9jz8ueYnupRQ+
6tFMkcNlOFDmqAiVCgIbSIsmJw0yvd0XS11h+mmrgPgmSofsGZy3f5GDdZFM5LXB/vhG
dlsfueqq0urFXQZpziKaRIy3QafuDcG/4g4Bbxf9IEi7g4F/+v6ZXe31faf+Kc7+mpvS
n6JdoLmncW6dS8s3CFO/1M2gpbwf8tNnYruxL/CGmlFmVau/1N3eyKlFFVGO+LV3Btoq
9sWA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:in-reply-to:from:content-language
:references:to:subject:user-agent:mime-version:date:message-id
:sender:dkim-signature;
bh=x8IKgeGW5IESWu6PhAH9jqILTA6dSJZQrshlRW96Bu0=;
fh=yveEIfW0mrz/HL113B5JijMbkPac7YEJZY8jgu6DCsc=;
b=Wxwvha3wv3In1rum+qogs34qdXs0IOajFCjwYNWzVhJMdVdMpEoIO+IsDKElEpp9R0
mCfnQmsM3K1y6foRGAbTwUoGSNeXLL080B9PhCWhGBAHfdOmUOuPLb0UH3IPFw+t6E4N
A3qg9Rb7JdWJfkIy9tJZeRX62i4w++Xnqap6qVNK+F2hK7Eizd5sN/N/utA/Szf8g+2h
IfTaFVxwiu8mZJdJ5wgxGQ5e2+hznrg8AuMLurKsQn8cCPhn9CgccpV+UHoaBJhq798p
tKWaNaG128we2Vc+8ZoY2bFvIS6u9N5PddCcPItMrBKjJdLriBse2AZ+e04nOJ6anw3P
+Gag==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@murch.one header.s=uberspace header.b=Mojkrpvz;
spf=pass (google.com: domain of murch@murch.one designates 185.26.156.235 as permitted sender) smtp.mailfrom=murch@murch.one
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1721413647; x=1722018447; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:from:content-language:references:to
:subject:user-agent:mime-version:date:message-id:sender:from:to:cc
:subject:date:message-id:reply-to;
bh=x8IKgeGW5IESWu6PhAH9jqILTA6dSJZQrshlRW96Bu0=;
b=EI2ZkD3S6TtWbtg6dMdS8zyupMlTVGP3DdjK6bhaCG4rNVTgHUQWih91vj6k8ISfHE
3sZinMz+EGtl7b00vcxMQ8dc+4LBqPv9nCLOjpBgeOdV3ngSnYryH41bkkmnUSd0iWxr
01z/RUq1wPTya3SltZJv6o/l+kheZ82KjCM/+4llPrpofYGX7vmLBbpqceHdcxTLr9lr
T7XfNPfuKeoL0qJfgRlR8HkhAue6gF5AznRVPZwtI1oFTw9uMTrFYogaqOsMKSfuJx7s
EQkxfrhYH42KzNnKiJiDh3bSoz5gWYEHCNYJlca0qCOzfJguze2xyKkQKn4wITyJGDqH
i92g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721413647; x=1722018447;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:from:content-language:references:to
:subject:user-agent:mime-version:date:message-id:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=x8IKgeGW5IESWu6PhAH9jqILTA6dSJZQrshlRW96Bu0=;
b=RDRFnsZrnjq0LexnW94+WoRujNmqT14zYCccu0P/J8DpjfoFsBe5uEP7xRKeHTzTI3
RdrOq000rDCVfjB7UMPEecF4YPsibgrOwD8wla05RgOJwM30lRQSsHrsHqEu/6GqcyPN
2cFJbrh3nyW2LIwIOhcq45E9Cu+rrqHItOPbE3RQfh1PfIvkiEmU1wIAqzxUSL+YEAkQ
LweVsMWPPc54JXoSxE0zn6Rxi0MOrmi+QqW9/Ok1z296MwKZ7H5Ig8aOz1f8iJou2h/w
6JoDD7GWu/vagUed9Fqnrlom00/aYmgs1lg6eUnLWoqQHYBerLhUSNLXY6yzzkk3JrrA
X1mA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCUeBk+0D7UhiyQohc0CHqJoM2BYO1RRz8pEkmdLC0fUcanW6ymiR4pOOB0Fg1TOPfsed8yys1cFZEC7MWlDWYx1SMOBdkM=
X-Gm-Message-State: AOJu0YxtCnm483bRbcm6GnMdmIbmZhgd10l46OFBJouaccCyPDs8q/H2
pPNK0l3pS1OENYweoBSUwjK0lcy1doct3nrIkFLyQoz/siSo0HOn
X-Google-Smtp-Source: AGHT+IGGNUPONM0KBTmtmCDLfOIppPIh8qCmdevS+8JhWESZ7hs6Po6cPkhvLYAi9ueZgXuwDvKVgg==
X-Received: by 2002:a05:6214:21ca:b0:6b7:ae86:e33e with SMTP id 6a1803df08f44-6b95a7ce470mr10724986d6.37.1721413647271;
Fri, 19 Jul 2024 11:27:27 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6214:400e:b0:6b0:9433:af46 with SMTP id
6a1803df08f44-6b79b3b111dls49569846d6.0.-pod-prod-03-us; Fri, 19 Jul 2024
11:27:25 -0700 (PDT)
X-Received: by 2002:a05:6214:1d23:b0:6b5:3c69:ee4d with SMTP id 6a1803df08f44-6b94efd9c06mr550766d6.8.1721413645634;
Fri, 19 Jul 2024 11:27:25 -0700 (PDT)
Received: by 2002:a05:620a:5a6b:b0:79f:1828:5134 with SMTP id af79cd13be357-7a196ced96cms85a;
Fri, 19 Jul 2024 11:26:47 -0700 (PDT)
X-Received: by 2002:a05:6512:b22:b0:52e:9f7a:6e6 with SMTP id 2adb3069b0e04-52ee5433efemr8293045e87.41.1721413606050;
Fri, 19 Jul 2024 11:26:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1721413606; cv=none;
d=google.com; s=arc-20160816;
b=J5bP75mDCqfOoK3aZdVH2D/M1u9hxMbtXPrVdOpeipOqPOtBcRrbUYjhQV0I4Xwdvz
kaUgEnQ5kmFiL4QUAFOQqd+vq7mIM8NP7aCU3v8tz7PrtmO5pKnwiEbktcu57V5jGTzl
C9NnQLbkKQlypalkmY5sxNNqgE3sZuwDzXTf+6lloBvv3WvjsVUiv1bi+69m6bAqVEKq
N4DWABnLEIcP4Ndcmz+qTm/hCvz68l+CH0bfkb5qZ7UvxG4QwzgzKnbiKEpu9ntEZurX
LkBemVWNdwabyT7/jrPYpFGetqNn9fTydg0vA4ZmCy6lJ+HoUHexQAFwzBzK5+0d3bTE
0IzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=dkim-signature:content-transfer-encoding:in-reply-to:from
:content-language:references:to:subject:user-agent:mime-version:date
:message-id;
bh=0quT59cpe4tHMhA+7kXXp+TiYgQRehtVV5D8LwRm3o4=;
fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=;
b=C+lcaCBJpZ0gNLEWAgs2QiTP1z+hO92Hjr6kAF2w6cyookfTghJYjcmCUuLLHgp7rm
vv1ti52UjQd8Y9WgLHCBhGhQagK1BcwQ82IJW39dyABx3bxcXYb+UfdGgfXefMabYXc3
DWO6PLuX+Dgs0osfejXGj0veRYQQHGGDjMR4YuVDT+tgeyYpa+Qt09b9yVOhOgKS0b1P
1pzZERP9wx1n9e6vFpZo/vjTub4n3O6kOPtmA280VKr0AUmkMi4YPofb5As39yuF6j88
0X0Hxvumed6lzc2nEZPGvQX1fXx6VwwYRBazu4VzuWl+ND//Usf2FhxgFLQNJMkQuji8
sJrg==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@murch.one header.s=uberspace header.b=Mojkrpvz;
spf=pass (google.com: domain of murch@murch.one designates 185.26.156.235 as permitted sender) smtp.mailfrom=murch@murch.one
Received: from farbauti.uberspace.de (farbauti.uberspace.de. [185.26.156.235])
by gmr-mx.google.com with ESMTPS id a640c23a62f3a-a7a3c8bd9b4si2429366b.2.2024.07.19.11.26.45
for <bitcoindev@googlegroups.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 19 Jul 2024 11:26:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of murch@murch.one designates 185.26.156.235 as permitted sender) client-ip=185.26.156.235;
Received: (qmail 25984 invoked by uid 989); 19 Jul 2024 18:26:45 -0000
Received: from unknown (HELO unkown) (::1)
by farbauti.uberspace.de (Haraka/3.0.1) with ESMTPSA; Fri, 19 Jul 2024 20:26:45 +0200
Message-ID: <6f6177b4-4fd3-4c22-ad13-97d430d7d0bc@murch.one>
Date: Fri, 19 Jul 2024 14:26:44 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [bitcoindev] A "Free" Relay Attack Taking Advantage of The Lack
of Full-RBF In Core
To: bitcoindev@googlegroups.com
References: <Zpk7EYgmlgPP3Y9D@petertodd.org>
Content-Language: en-US
From: Murch <murch@murch.one>
In-Reply-To: <Zpk7EYgmlgPP3Y9D@petertodd.org>
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Rspamd-Bar: --
X-Rspamd-Report: BAYES_HAM(-2.700022) XM_UA_NO_VERSION(0.01) MIME_GOOD(-0.1)
X-Rspamd-Score: -2.790022
X-Original-Sender: murch@murch.one
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@murch.one header.s=uberspace header.b=Mojkrpvz; spf=pass
(google.com: domain of murch@murch.one designates 185.26.156.235 as permitted
sender) smtp.mailfrom=murch@murch.one
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)
On 7/18/24 11:56, Peter Todd wrote:
> # Summary
>
> This is a public disclosure of a vulnerability that I previously disclosed to
> the bitcoin-security mailing list.
It seems redundant to point out that some transactions are only relayed
by a subset of a node population if there are multiple diverging mempool
policies with significant adoption.
However, I concur that Bitcoin Core should match its default setting for
`mempoolfullrbf` to the behavior of miners, and there appears to be
palpable evidence that a supermajority of the hashrate has enabled
`mempoolfullrbf`.
Murch
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/6f6177b4-4fd3-4c22-ad13-97d430d7d0bc%40murch.one.
|
