Published on: 2021-05-06T15:00:36+00:00
In an email conversation between Antoine Riard and Jasan, the issue of Denial of Service (DoS) attacks against multi-party Bitcoin protocols during their funding phases was discussed. Specifically, two types of attacks were highlighted: timevalue DoS and fee inflation. Timevalue DoS occurs when non-compliant witness data succeeds consensus checks but fails to propagate and confirm, causing transaction finalization to fail. Fee inflation, on the other hand, exploits Replace-By-Fee (RBF) policy rules and can result in conflicts and double-spending.The post presents a model that applies to various Layer 2 (L2) bitcoin protocols, including Discreet Log Contracts (DLC), Coinjoin, Payjoin, dual-funded Lightning Network (LN) channels, and swaps. However, it excludes single-party funded, multi-party transactions. To mitigate the timevalue DoS attack, participants should verify the absence of standardness malleability in contributed witnessScripts. As for the fee inflation attack, there is currently no mitigation against it, as it takes advantage of the first-seen mempool behavior.While these attacks may not be a significant concern at present due to the early stages of design and deployment for these protocols, they have the potential to disrupt users and service providers in the future. Multi-party bitcoin protocols offer a broader attack surface compared to simpler bitcoin applications, considering current mempool acceptance and tx-relay rules.The discussion also references Jasan's experience with a crash in their C-Lightning node after attempting to open a dual-funded channel. They provided logs on GitHub that could be related to the mentioned DoS attack and offered further details if needed. The conversation between Antoine Riard and Jasan highlights the importance of understanding and mitigating against these attacks in multi-party Bitcoin protocols to ensure the security and stability of the network.
Updated on: 2023-07-31T23:27:28.505067+00:00