On 2023-10-21 18:49, Nadav Ivgi via bitcoin-dev wrote:
Could this be addressed with an OP_CSV_ALLINPUTS, a covenant opcode
that requires _all_ inputs to have a matching nSequence, and using `1
OP_CSV_ALLINPUTS` in the HTLC preimage branch?
This would prevent using unconfirmed outputs in the
HTLC-preimage-spending transaction entirely, which IIUC should protect
it against the replacement cycling attack.
I don't think that addresses the underlying problem. In Riard's
description, a replacement cycle looks like this:
- Bob broadcasts an HTLC-timeout (input A, input B for fees, output X)
- Mallory replaces the HTLC-timeout with an HTLC-preimage (input A,
input C for fees, output Y)
- Mallory replaces the transaction that created input C, removing the
HTLC-preimage from the mempool
However, an alternative approach is:
- (Same) Bob broadcasts an HTLC-timeout (input A, input B for fees,
output X)
- (Same) Mallory replaces the HTLC-timeout with an HTLC-preimage (input
A, input C for fees, output Y)
- (Different) Mallory uses input C to replace the HTLC-preimage with a
transaction that does not include input A, removing the preimage from
the mempool
The original scenario requires input C to be from an unconfirmed
transaction, so OP_CSV_ALLINPUTS works. The alternative scenario works
even if input C comes from a confirmed transaction, so OP_CSV_ALLINPUTS
is ineffective.
-Dave
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
