You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: website/docs/guides/adversarial.md
+32-15Lines changed: 32 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,20 +13,44 @@ As long as all Bitcoin Cash miners follow the first-seen rule then you can count
13
13
The "happy case" scenario is currently the standard lifecycle for transactions on the Bitcoin Cash network, also for DeFi transactions interacting with on-chain DEXes.
14
14
:::
15
15
16
-
## Miner Bribes
16
+
## The Adversarial Case
17
17
18
-
Besides accidental race condition caused by simultaneous users, there can also be intentional double spends by adversarial actors.
19
-
In this case the adversarial attacker needs to convince the miners to abandon their first seen rule and to instead include the intentional double spend in their block.
18
+
The adversarial case is where 3rd parties intentionally double spend unconfirmed transactions in the contract system with the goal to extract value or to disrupt the experience for normal users.
20
19
21
-
To convince the miners to include the double spend transaction instead of the original, the malicious attacker will include a significantly higher mining fee than the original transaction. This can be seen as a 'miner bribe' being paid to discard the first-seen rule and to accept the double spend instead of the original.
20
+
:::caution
21
+
In an adversarial environment where double spends occur, user-created transactions interacting with public are not certain to be confirmed. This means waiting for block confirmations is required to be sure the transaction isn't cancelled.
22
+
:::
23
+
24
+
There is 2 categories to consider for adversarial double spends:
25
+
26
+
1) Race-condition double spends (no miner help required)
27
+
28
+
2) Late double spends (miner help required)
29
+
30
+
### Race-condition Double Spends
31
+
32
+
The first scenario of race-condition double spends do not benefit the adversarial 3rd party, instead the goal would just be griefing: to disrupt the flow for normal users. The double spend can cause the user-transaction to be cancelled even though from the user point-of-view it already looked like the transaction went through and achieved its goal.
33
+
34
+
:::note
35
+
For an adversarial attack to pull off this time-sensitive attack, he would require extensive monitoring on the p2p network and quickly be able to generate and broadcast competing double spend transactions.
36
+
:::
37
+
38
+
### Late Double Spends
39
+
40
+
In the case of an late double spend (which does not try to exploit a race condition) the adversarial actor need help from a miner.
41
+
Either the adversarial actor needs to convince the miners to abandon their first seen rule or he needs to be mining himself to be able to construct his own block.
42
+
43
+
To convince existing miners to include the double spend transaction instead of the original, the malicious attacker will include a significantly higher mining fee than the original transaction. This can be seen as a 'miner bribe' being paid to discard the first-seen rule and to accept the double spend instead of the original.
22
44
23
45
:::note
24
-
Intentional double spends don't require a race condition, instead they only require that the original transaction is still in the mempool and that the double spend transaction reaches the mempool of miners/mining pools.
46
+
Both race-condition and late double spends can both be used to grief the experience for normal users, however only late double spends can be used to extract economic value.
25
47
:::
26
48
49
+
## Economic Value Extraction
50
+
27
51
We will now consider what motive the adversarial actor might have to perform these bribes. The two classes of motives are either the profit motive for an economically motivated actor or causing on-chain disruption for a maliciously motivated actor.
28
52
29
-
### Extracting value from old state
53
+
### Stale-state arbitrage
30
54
31
55
If DEXes don't cleverly aggregate their prices across blocks, then it can be economical for adversarial actors to instead of building on the latest transaction in the unconfirmed transaction chain of a smart contract, to instead create a competing transaction chain building on an older state. By strategically creating a competing transaction chain they might be able to take advantage of an older price state/ratio which has not yet been confirmed in the blockchain.
32
56
@@ -36,13 +60,6 @@ Because having a more advantageous (older) price state or ratio might be very pr
36
60
Attempting a double spend in this way does not incur risk to the adversarial party, either their transaction is not included and they don't pay any fee, or they successfully perform the double spend and they pay the high fee "miner bribe".
37
61
:::
38
62
39
-
### Griefing users
40
-
41
-
When a late double-spend does make it into a block instead of the first seen relayed transaction, the original transactions will in effect be cancelled. In the case of an unconfirmed transaction chain, any competing transaction for one of the the chained unconfirmed transactions then presents a cancellation of the whole chain of dependent child transactions.
42
-
43
-
:::caution
44
-
This means that in adversarial environments user created transactions on public covenants are not certain to be confirmed so waiting for block confirmations is required to be sure the transaction isn't cancelled in this way.
45
-
:::
46
63
47
64
## Miner-Extractable-Value (MEV)
48
65
@@ -58,11 +75,11 @@ MEV works quite differently on a UTXO-model blockchain than on an account-based
58
75
59
76
What is not possible to do on UTXO chains is a "sandwich" strategy where a miner would insert a transaction in the middle of a valid transaction chain. In UTXO each transaction explicitly consumes inputs of a previous transaction and creates outputs. Because of this it is not possible to "insert" a transaction in the middle of an unconfirmed chain and thus sandwich strategies are not possible.
60
77
61
-
### The Power of BlockConstruction
78
+
### Controlling Block-Construction
62
79
63
80
The reason why block producers are better positioned than other economic actors such as on-chain traders or arbitrageurs is that they can prioritize their own transactions even if conflicting transactions exist in the mempool.
64
81
65
-
Other actors can construct double spend transactions will face great difficulty in getting their transaction to propagate and they have to pay high mining fees to bribe miners to accept the double spend over the original transaction.
82
+
Other actors who construct double spend transactions will face great difficulty in getting their transaction to propagate and in having to pay high mining fees to bribe miners to accept their double spend over the original transaction.
0 commit comments