Author: Peter Todd 2022-11-07 21:17:50
Published on: 2022-11-07T21:17:50+00:00
The Bitcoin community is discussing ways to prevent a pinning attack on multi-party transactions. Specifically, they are looking at BIP-125 Rule #3, which states that the replacement transaction pays an absolute fee of at least the sum paid by the original transactions. The pinning attack involves one party broadcasting a transaction spending their input with a low fee rate transaction that's potentially quite large during high mempool demand, causing the other parties to be unable to spend their inputs unless they broadcast a transaction "paying for" the malicious party's. To address this issue, the community suggests pre-signing a transaction with nLockTime set sufficiently far into the future to ensure that the transaction can be cancelled/mined at some point after N blocks. This would allow the parties to defeat the attack by ensuring that the malicious party would have to pay the cost of getting the multi-party transaction unstuck at some point in the future. In cases where there is a central semi-trusted coordinator, such as Wasabi coinjoins, the solution could involve using a two-party punishment transaction consisting of tx1, which spends Mallory's input to a txout spendable by either CheckSig or CheckSequenceVerify and tx2, which spends tx1 output to as much fees as needed. This approach ensures that if Mallory cheated with a double-spend, it can be proven to third parties and Mallory cannot simply release tx1 on their own to frame the coordinator.
Updated on: 2023-05-22T22:48:44.149427+00:00