Author: alicexbt 2023-07-06 16:22:44+00:00
Published on: 2023-07-06T16:22:44+00:00
Hello Bitcoin Developers,I wanted to bring to your attention a potential vulnerability in coinjoin that could be exploited for a Denial of Service (DoS) attack. This vulnerability is related to the use of the package relay feature. It is important to note that this proposal introduces new P2P messages, transaction relay, and other functionalities, making it just as significant as any soft fork.To illustrate the vulnerability, let's consider two coinjoin implementations, A and B. The attack begins by registering an input in implementation A. Then, the attacker double-spends the same input with zero fees to their own address. Next, the attacker registers the unconfirmed UTXO from step 2 in implementation B. At this point, implementation B relays a package containing a coinjoin transaction (child) that pays for the double-spent input (parent).Both users and implementation B have incentives to engage in this type of attack. Additionally, there is an alternative approach where the attacker registers the same input in both implementations A and B. However, this approach presents some tradeoffs. If the input gets included in a coinjoin transaction broadcasted by A, there is little that B can do about it. Implementing RBF with multiple users is not straightforward and can be costly. Furthermore, implementations with fewer users participating in a round would have an advantage in this scenario.It is crucial to address this vulnerability promptly to ensure the security and integrity of coinjoin transactions. Please review the details provided in the [package relay proposal][0] and let me know if there are any aspects that I may have overlooked.Best regards,/dev/fd0floppy disk guySent with Proton Mail secure email.
Updated on: 2023-07-13T17:25:46.693054+00:00