summaryrefslogtreecommitdiff
path: root/bd/754d9a066f30b05147aca96765c3a936e868b0
blob: d0c906a802bc5bb37e8df7d1750b0825aaab176a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
Return-Path: <alicexbt@protonmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
 by lists.linuxfoundation.org (Postfix) with ESMTP id B85F5C002D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Jul 2022 19:44:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp2.osuosl.org (Postfix) with ESMTP id 7EE664014A
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Jul 2022 19:44:32 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 7EE664014A
Authentication-Results: smtp2.osuosl.org;
 dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
 header.a=rsa-sha256 header.s=protonmail3 header.b=SDAzR5VF
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level: 
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
 autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
 by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 7PU-9Apirs2M
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Jul 2022 19:44:30 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org D8B83400FD
Received: from mail-4318.protonmail.ch (mail-4318.protonmail.ch [185.70.43.18])
 by smtp2.osuosl.org (Postfix) with ESMTPS id D8B83400FD
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri,  8 Jul 2022 19:44:29 +0000 (UTC)
Date: Fri, 08 Jul 2022 19:44:24 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1657309467; x=1657568667;
 bh=8raF3yxmfonMc67FCMorGmgM/pG1eTsbauRDfndoTtY=;
 h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To:
 References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To:
 Feedback-ID:Message-ID;
 b=SDAzR5VFl7kdgrLM5vePna5r0kS2Oc2qb2heSNeOJ2u5IrEqG3yq4tWUmngYGdWMa
 LioNrftYI7ploVFI7MBrvXPKqFeVICIvl/w0A3vIpfPfY+pcX7iqwKbh58SawuO6aL
 6/8f3pOZmciapUrQX55lP/A8KSqExbK2SLIskBWFvgeosoFtX9/ccJSLB8masPly4/
 LQBW00rZS8p0dVFar4OnF3zu9N4TYl2ndlJ5RcU4EGX8dCpQr1JDMkhwyXqoyS7Af/
 VS7SjkLplMdsEd/RP5s3U/lOlEtYdrwSU8EnJCt+SgPtMGbpmVm3nw3aIZZV/8rcwZ
 g1QhS+bcX8XQg==
To: Peter Todd <pete@petertodd.org>
From: alicexbt <alicexbt@protonmail.com>
Reply-To: alicexbt <alicexbt@protonmail.com>
Message-ID: <IAIys3gW4J8HsVfdulv9lt6x2cHaWbgZ_pUg6Mzu-ZFLr3Ys-Uz5Ivg9IDAz4FvwFPFnTaq7ELMr-F_DPHiiYElP7Llrvx915Sl5-iV6Q0A=@protonmail.com>
In-Reply-To: <YshE2QKBEVnbf+Bg@petertodd.org>
References: <CALZpt+GOh-7weEypT9JrzcwthZJqHOfj7sf9FMuqi5_FZv0g7w@mail.gmail.com>
 <gmDNbfrrvaZL4akV2DFwCuKrls9SScQjqxeRoEorEiYlv24dPt1j583iOtcB2lFrxZc59N3kp7T9KIM4ycl4QOmGBfDOUmO-BVHsttvtvDc=@protonmail.com>
 <CALZpt+FJ-R9yCoMLP=Vcxk1U7n=-LKHUGctFZj0K-vTMsz==ew@mail.gmail.com>
 <RJEFmrnjbzKQCBr4L7ebwBLzg7QHGXlaE19zj6jfkxL6xjfodgbfssZBQSYxm783Y4X5awuhL9Gj8IaBc4npE2oh3d1xoudKTrSsJ-dk0VQ=@protonmail.com>
 <CALZpt+HXB=xh3qtxJFM7yUzRu1uj-pPtLQmT=5QV0dNfVuTpfQ@mail.gmail.com>
 <Pb8H4PbeS-RaNOKfekOPdY8gQo4_Syd3HoTK26AO872f7tCKyGnty56KtcvmvrXFOJdC7nQgNHoQ37M4MNXQ6vqQ9du6BFbvGLbY3BdYVpY=@protonmail.com>
 <Yrj9N7k8osWsxhY4@petertodd.org>
 <0ikzVrbv3tA2fyv4iW7b_gPJ-qkrJS3x9HzouSqLabK3yHthgigPt9YZhGlr4_nCutAlRREfFSw1JW0k5KhBgSj1aBI2MSDTLqYHGYbqNrg=@protonmail.com>
 <YshE2QKBEVnbf+Bg@petertodd.org>
Feedback-ID: 40602938:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Fri, 08 Jul 2022 22:39:30 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Playing with full-rbf peers for fun and L2s
	security
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 19:44:32 -0000

Hi Peter,

> Point is, the attacker is thousands of UTXOs can also DoS rounds by simpl=
y
> failing to complete the round. In fact, the double-spend DoS attack requi=
res
> more resources, because for a double-spend to be succesful, BTC has to be=
 spent
> on fees.
>
> It's just a fact of life that a motivated attacker can DoS attack Wasabi =
by
> spending money. That's a design choice that's serving them well so far.


There are 2 things:

1) Based on my understanding, round will not be aborted if a threshold is m=
et for inputs and will continue irrespective of attacker trying different t=
hings in the initial phases of round. I need to confirm this by testing alt=
hough not feeling well today so it can take a few days.

2) Points mentioned by Greg Sanders are reasonable: There can be a differen=
t 'mempool view' for coordinator, users and attacker. Attacker could use mi=
nimum fee rate required for relay and this works differently when there is =
enough demand for blockspace.

Double spend attack requires only one laptop and a few UTXOs. Even if spent=
 in some cases, would pay a few sats per transaction which won't be an issu=
e for governments or competitors that normally perform such attacks.

The vulnerability reported is different from the things being discussed and=
 hopefully I will do a public disclosure this month. I observed some intere=
sting things which I wanted to discuss. Full RBF pull request is already me=
rged in bitcoin core and available in bitcoin knots if some users want to e=
xperiment.


/dev/fd0

Sent with Proton Mail secure email.

------- Original Message -------
On Friday, July 8th, 2022 at 2:53 PM, Peter Todd <pete@petertodd.org> wrote=
:


> On Tue, Jul 05, 2022 at 08:46:51PM +0000, alicexbt wrote:
>
> > Hi Peter,
> >
> > > Note that Wasabi already has a DoS attack vector in that a participan=
t can stop
> > > participating after the first phase of the round, with the result tha=
t the
> > > coinjoin fails. Wasabi mitigates that by punishing participating in f=
uture
> > > rounds. Double-spends only create additional types of DoS attack that=
 need to
> > > be detected and punished as well - they don't create a fundamentally =
new
> > > vulerability.
> >
> > I agree some DoS vectors are already mitigated however punishment in th=
is case will be difficult because the transaction is broadcasted after sign=
ing and before coinjoin tx broadcast.
> >
> > Inputs are already checked multiple times for double spend during coinj=
oin round: https://github.com/zkSNACKs/WalletWasabi/pull/6460
> >
> > If all the inputs in the coinjoin transaction that failed to relay are =
checked and one or more are found to be spent later, what will be punished =
and how does this affect the attacker with thousands of UTXOs or normal use=
rs?
>
>
> Point is, the attacker is thousands of UTXOs can also DoS rounds by simpl=
y
> failing to complete the round. In fact, the double-spend DoS attack requi=
res
> more resources, because for a double-spend to be succesful, BTC has to be=
 spent
> on fees.
>
> It's just a fact of life that a motivated attacker can DoS attack Wasabi =
by
> spending money. That's a design choice that's serving them well so far.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org