A "Free" Relay Attack Taking Advantage of The Lack of Full-RBF In Core

In the discussion surrounding the intricacies of Core's history with relay attacks, it is highlighted that Core has encountered issues with free relay attacks and inadvertently introduced vulnerabilities through features like mempool expiration and size limits. These vulnerabilities underscore a broader concern regarding the project's approach to managing "free" relay, suggesting an ongoing struggle to balance functionality with security.

The conversation also delves into the nuances of Replace-By-Fee (RBFR) mechanisms, contrasting them with the conventional transaction relay process which typically spans seconds to tens of seconds. The critique extends to weak blocks, noting their irrelevance in preventing double-spend attacks by miners with minimal hash power — a scenario where weak blocks offer little to no benefit due to these miners' unlikely odds of finding a weak block.

Further analysis questions the feasibility of implementing measures to counteract free relay attacks, such as limiting miners' discretion in transaction selection or minimizing the default mempool size. Such strategies aim at reducing opportunities for economically unviable transactions to be broadcasted, thereby potentially mitigating relay attacks. However, the practicality of these solutions is debated, especially considering miners' preferences for maintaining larger-than-default mempools for economic reasons.

The dialogue touches on technical proposals like employing a cluster mempool to facilitate more effective fee estimation and transaction management, including handling Child-Pays-For-Parent (CPFP) scenarios. Yet, it also raises skepticism about the effectiveness of Erlay and transaction set reconciliation in addressing transaction conflicts, indicating a gap in the current technical framework to manage such issues effectively.

Mining pools' interest in implementing RBFR, driven by narrow profit margins and the potential for increased revenue through transaction replacements, reflects a pragmatic approach to blockchain economics. This underscores the complexity of aligning individual incentives with broader network health and security objectives.

The email concludes with a critical perspective on the likelihood of technical advancements resolving "free" relay attacks, likening overly optimistic expectations to "magic ponies." This metaphor serves to emphasize the challenges in developing foolproof solutions to deeply ingrained vulnerabilities within the blockchain infrastructure.

For further reading and context, visit Peter Todd's website.