Published on: 2022-11-11T03:00:58+00:00
In a recent email thread on the bitcoin-dev mailing list, Peter Todd proposed a solution to address Rule #3 pinning in multi-party transactions. The attack involves one party broadcasting a low fee transaction that ties up funds from other parties, making it difficult for them to spend their inputs unless they pay for the malicious party's transaction. Todd's solution involves pre-signing transactions with nLockTime set far into the future and spending one or more inputs of the transaction with a high enough fee to replace any attempts to exploit the rule.However, there are several open questions and challenges associated with this solution. One issue is determining the high fee needed to guarantee replacements with high odds. Since the sat/vb (satoshi per virtual byte) is unknown at the time of signature exchange among participants, overshooting and adopting a historical worst-case mempool feerate may be necessary. This introduces economic lower bounds on the funds involved in a contract, creating a griefing vector where a participant could deliberately pin to inflict asymmetric damage without entering into any fee competition.To address these challenges, participants may consider unilaterally spending after a protocol/implementation timepoint to save the time value of their contributed UTXOs over operation success. Additionally, a proposed more workable solution is to rely on package-relay, an ephemeral anchor output, and a special replacement regime (e.g., nVersion=3). This would allow the multi-party funded transaction coordinator to unilateral fee-bump, step-by-step, without relying on assumptions about the knowledge of network mempools and burning excessive fees.The email exchange between Antoine and Peter Todd also highlights the issue of incentive compatibility when considering miner harvesting attacks as part of the threat model. It remains unclear if the v3 rules that depend on miners arbitrarily rejecting transactions from their mempools are sufficiently incentive compatible to work effectively.Overall, the Bitcoin community is actively discussing ways to prevent pinning attacks on multi-party transactions. Implementing pre-signed transactions with nLockTime set in the future and utilizing a combination of package-relay, an ephemeral anchor output, and a special replacement regime could potentially address this issue. However, there are still challenges to be addressed, such as determining the appropriate fee and ensuring incentive compatibility in the face of potential miner harvesting attacks.
Updated on: 2023-08-02T08:26:22.532496+00:00