Author: Jeremy Rubin 2022-10-19 15:43:28
Published on: 2022-10-19T15:43:28+00:00
In a Bitcoin development thread, Sergej Kotliar, CEO of Bitrefill, warns of the dangers of Replace-by-Fee (RBF) as a default policy. RBF allows a user to replace an unconfirmed transaction with another one that has higher fees, which can lead to abuse in scenarios with high volatility and many transactions in mempools. Specifically, a user can make a low-fee transaction and wait to see if BTCUSD moves. If it does, they can cancel their initial transaction and make a new, cheaper one, putting merchants at risk of FX loss. This is a bigger danger than zero-conf risk, which is easily managed. The risk of losing X% on many payments that are easy to systematically abuse is more concerning than a rare risk of losing 100% of one payment. Bitrefill processes 1500-2000 on-chain payments daily and would likely turn off the BIP21 model for on-chain payments if Bitcoin becomes de facto RBF by default. This option isn't available to typical BTCPayServer/CoinGate/Bitpay/IBEX/OpenNode users. Currently, Lightning represents around 15% of Bitrefill's total Bitcoin payments.Sergej Kotliar argues that while he's aware of the reason for this policy being suggested and the potential pinning attack vector for LN and other smart contracts, the risks/costs need to be weighed against each other first and thoroughly discussed because the costs are non-trivial on both sides. On the efficacy of RBF to unstuck stuck transactions, most users don't have access to this functionality, and even those who do, only power users understand how RBF works. Therefore, explaining RBF to non-power-users is too complex, and rolling it out to the broad market would cause more confusion. CPFP is somewhat more viable but also not perfect due to abuse vectors. In the end, a risk-based approach to decide on which payments are non-trivial to reverse is the easiest, taking account user experience and such.
Updated on: 2023-06-16T00:58:55.620902+00:00