Good Morning Weiji,
> Hi ZmnSCPxy, > > As the network is pseudonymous, an anonymous attacker can flood the > > fullnode mempool network with large numbers of non-aggregated transactions, > > then in cooperation with a miner confirm a single aggregated transaction > > with lower feerate than what it put in the several non-aggregated > > transactions. > > Arguably this is hardly a feasible attack. Let's suppose the attacker creates > 1000 such transactions, and attaches each transaction with a small amount of > transaction fee X. The total fee will be 1000*X collectible by the > aggregation vendor, who pays the miner a fee Y. We can reasonably assume that > 1000*X is much larger than Y, yet X is much smaller than Y. Note that Y is > already much larger than the regular fee for other transactions as the > aggregated transaction should contain many inputs and many outputs, thus very > large in size. > > Now, the attacker will have to generate proofs for these 1000 transactions, > which is non-trivial; and pay for 1000*X upfront. The aggregation vendor has > to spend more computing power doing the aggregation (or recursive > verification) and take (1000*X - Y) as profit. Miner gets Y. The entire point is that there has to be a separate, paid aggregator, in order to ensure that the free mempool service is not overloaded. Basically, keep the aggregation outside the mempool, not in the mempool. If aggregation is paid for, that is indeed sufficient to stop the attack, as you noted. Regards, ZmnSCPxj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev