In essence, a low fee-rate transaction, referred to as A, is initially broadcast without opt-in for RBF, reaching all nodes across the network. Subsequently, a full-RBF double-spend transaction, dubbed A2, is broadcast. Nodes with full-RBF enabled relay A2 even to those nodes that do not support full-RBF, which subsequently reject A2 due to its nature as a full-RBF replacement. This strategy does not aim to restrict A2's broadcast to a single miner nor requires a simultaneous broadcast to be effective. The critical aspect highlighted is that the success of the attack does not hinge on the proportion of miners or nodes accepting transaction B but rather targets the inefficiencies and vulnerabilities within nodes that have disabled full-RBF, inadvertently causing them to expend bandwidth.

Further insights are shared regarding the intricacies of transaction fees and their implications in the context of these attacks. Notably, A2 can be transmitted with a fee rate marginally higher than A but still below the minimum economic threshold for mining, leaving room for a subsequent higher fee-rate double-spend transaction that would be economically viable for mining. This reveals a strategic exploitation of the RBF protocol’s sixth rule, which prevents the replacement of a transaction if the incoming transaction's fee rate is lower than that of the transaction being replaced. Moreover, the timing between the broadcasts of transactions A, B, and A2 is not constrained by specific latency requirements, emphasizing the flexibility and feasibility of launching such attacks under varying conditions.

The disclosure of this attack method serves as a critique of Core's apparent disregard for addressing this vulnerability, pointing out the absence of a response or remedial action to previously disclosed variants of similar attacks. Riard's experience with the security protocols and response mechanisms, particularly surrounding the handling of his full-RBF pull request, underscores a systemic issue within the response framework to security threats. His narrative reveals a broader concern regarding the stewardship and prioritization of security enhancements within the Bitcoin Core development community.

Riard's decision to publicize the attack after experiencing non-responsiveness from Core developers is framed as an effort to highlight the oversight and negligence towards securing the network against known vulnerabilities. The publication timeline and interactions with Core members reveal a disconnect between the disclosure of significant security risks and the corresponding acknowledgment and action from those responsible for maintaining the network's integrity. The entire episode raises questions about the commitment to proactive security measures and the openness to implement straightforward fixes, such as enabling full-RBF by default, which has garnered substantial support from the technical community and aligns with practices adopted by a majority of the hashing power.

For further information and insights from Antoine Riard, visit Peter Todd's website.