fsebugoutzone.org:9999

       Post ASPYlTjghd0DpCACES by kalle@bitcoinhackers.org
 (DIR) More posts by kalle@bitcoinhackers.org
 (DIR) Post #ASPYlRmRyO1XlBRNGC by kalle@bitcoinhackers.org
       2023-02-06T18:11:02Z
       
       0 likes, 0 repeats
       
       I haven&#39;t seen this argument for RBF/full-RBF being discussed:An attacker sends a tx (T) to a merchant and at the same time sends a double-spend tx (D) to the rest of the network, hoping that D will prevail, except on the target node.If T is not replaceable, the merchant will not become aware of D until D is mined.1/n
       
 (DIR) Post #ASPYlSXFAPSE6JKkCG by kalle@bitcoinhackers.org
       2023-02-06T18:11:45Z
       
       0 likes, 0 repeats
       
       If T is replaceable, the merchant can wait X seconds before sending the good or service. If no double spend has happened within X seconds, they can be pretty sure that this particular attack isn&#39;t being pulled off.Has this been brought up as an advantage for RBF/fullRBF before? I&#39;m looking for links to such discussions?2/n
       
 (DIR) Post #ASPYlTE8avlWFLP03U by kalle@bitcoinhackers.org
       2023-02-06T18:12:48Z
       
       0 likes, 0 repeats
       
       A typical attack that utilizes RBF is to send the replacement transaction right after the good or service is delivered. This makes for a window of failure for the attacker. The longer delivery takes, the higher the risk of attack failure. The merchant can thus wait X seconds before delivery, to somewhat deter attempts at this attack.3/n
       
 (DIR) Post #ASPYlTjghd0DpCACES by kalle@bitcoinhackers.org
       2023-02-06T18:13:23Z
       
       0 likes, 0 repeats
       
       With the attack descibed above, if D is successfully propagated to miners, there is no risk of failure if T isn&#39;t replaceable. So the problem boils down to how to get D to miners, before the merchant&#39;s node propagates T to said miners. On the other hand if T is replaceable, the merchant will become aware of D within the time of normal transaction propagation.@pete @harding any thoughts on this?4/4
       
 (DIR) Post #ASPYlU9v85zD8YR97Y by pete@mastodon.petertodd.org
       2023-02-06T18:38:53Z
       
       0 likes, 1 repeats
       
       @kalle @harding The simultaneous payment attack is one really good reason why so few merchants accept unconfirmed payments. It has been exploited before and people have lost a ton of money due to it. You can&#39;t realistically stop it without the aid of a centralized payment provider that sybil attacks the network to monitor propagation.BTCPay actually turned on full-rbf recently, because you might as well: https://github.com/btcpayserver/btcpayserver-docker/pull/736
       
 (DIR) Post #ASPYqArCJyuuikunq4 by pete@mastodon.petertodd.org
       2023-02-06T18:39:45Z
       
       0 likes, 1 repeats
       
       @kalle @harding Note that it is not the case that full-rbf guarantees that you&#39;ll learn, as the double spend could have the same feerate.
       
 (DIR) Post #ASPpbZGWzFURIeNy7M by kalle@bitcoinhackers.org
       2023-02-06T21:47:35Z
       
       0 likes, 0 repeats
       
       @peteOh, that last part was a really good point. Thanks!@harding