Author: Bastien TEINTURIER 2020-06-22 08:25:09
Published on: 2020-06-22T08:25:09+00:00
In an email exchange between Bastien and ZmnSCPxj, they discussed the possibility of an attack on off-chain constructions that rely on absolute timeouts. ZmnSCPxj suggested using independent pay-to-preimage transactions as a technical solution to this problem. However, Bastien raised concerns about the incentives issues involved in such a solution, where miners who hide the preimage transaction in their mempool would have to be accomplices with the attacker. ZmnSCPxj argued that it is technically possible to execute this attack without the cooperation of miners. The attacker can release two transactions with near-equal fees - the preimage transaction near miners and the timelock transaction near non-miners. Nodes at the boundaries between those receiving the preimage and timelock transactions will receive both, but will keep and reject one or the other first, based on which one they receive first. Because they reject the other transaction, they do not propagate it, making neither transaction able to get past the boundary. While ZmnSCPxj admits to not being a mempool expert and acknowledges his understanding may be incorrect, Bastien hopes that executing such an attack is hard to achieve without cooperation from a subset of miners.
Updated on: 2023-06-03T00:50:07.834036+00:00