> minrelaytxfee setting proposed in the 0.11.0 release notes

my guess, he is talking about this 
https://bitcoin.org/en/glossary/minimum-relay-fee 
<https://bitcoin.org/en/glossary/minimum-relay-fee> - slam dunk technique for 
doublespend



> Related: is there somewhere a chart that plots `estimatefee` over
> time? Would be interesting to see how the fee market evolved over
> these past weeks.

I find this useful
https://bitcoinfees.github.io/ <https://bitcoinfees.github.io/>





> On Jul 16, 2015, at 7:30 AM, Arne Brutschy via bitcoin-dev 
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> Hello,
> 
> What are these pre- and post-Hearn-relay drop rules you are speaking
> about? Can anybody shed some light on this? (I am aware of the
> minrelaytxfee setting proposed in the 0.11.0 release notes, I just
> don't see what this has to do with Mike Hearn, BitcoinXT, and whether
> there's a code change related to this that I missed).
> 
> Related: is there somewhere a chart that plots `estimatefee` over
> time? Would be interesting to see how the fee market evolved over
> these past weeks.
> 
> Regards
> Arne
> 
> On 15/07/15 05:29, simongreen--- via bitcoin-dev wrote:
>> With my black hat on I recently performed numerous profitable 
>> double-spend attacks against zeroconf accepting fools. With my
>> white hat on, I'm warning everyone. The strategy is simple:
>> 
>> tx1: To merchant, but dust/low-fee/reused-address/large-size/etc. 
>> anything that miners don't always accept.
>> 
>> tx2: After merchant gives up valuable thing in return, normal tx
>> without triggering spam protections. (loltasticly a Mike Hearn
>> Bitcoin XT node was used to relay the double-spends)
>> 
>> Example success story: tx1 paying Shapeshift.io with 6uBTC output
>> is not dust under post-Hearn-relay-drop rules, but is dust under 
>> pre-Hearn-relay-drop rules, followed by tx2 w/o the output and not 
>> paying Shapeshift.io. F2Pool/Eligius/BTCChina/AntPool etc. are all 
>> miners who have reverted Hearn's 10x relay fee drop as recommended
>> by v0.11.0 release notes and accept these double-spends.
>> Shapeshift.io lost ~3 BTC this week in multiple txs. (they're no
>> longer accepting zeroconf)
>> 
>> Example success story #2: tx1 with post-Hearn-relay drop fee,
>> followed by tx2 with higher fee. Such stupidly low fee txs just
>> don't get mined, so wait for a miner to mine tx2. Bought a silly
>> amount of reddit gold off Coinbase this way among other things. I'm
>> surprised that reddit didn't cancel the "fools-gold" after tx
>> reversal. (did Coinbase guarantee those txs?) Also found multiple
>> Bitcoin ATMs vulnerable to this attack. (but simulated attack with
>> tx2s still paying ATM because didn't want to go to trouble of good
>> phys opsec)
>> 
>> Shoutouts to BitPay who did things right and notified merchant
>> properly when tx was reversed.
>> 
>> In summary, every target depending on zeroconf vulnerable and lost 
>> significant sums of money to totally trivial attacks with high 
>> probability. No need for RBF to do this, just normal variations in
>> miner policy. Shapeshift claims to use Super Sophisticated Network
>> Sybil Attacking Monitoring from Blockcypher, but relay nodes !=
>> miner policy.
>> 
>> Consider yourself warned! My hat is whiter than most, and my skills
>> not particularly good.
>> 
>> What to do? Users: Listen to the experts and stop relying on
>> zeroconf. Black hats: Profit!
>> 
>> _______________________________________________ bitcoin-dev mailing
>> list bitcoin-dev@lists.linuxfoundation.org 
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> 
> -- 
> Arne Brutschy <abruts...@xylon.de>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Reply via email to