Is "fee higher than block reward" attack possible?

1

Imagine the following scenario:

  • I send you 1000 BTC.

  • After 6 confirmations, you give me what I bought.

  • I create another transaction with 900 BTC to my own wallet and 100 BTC as transaction fee, using the same input as the previous transaction. (double spend)

  • The mining pools find that 100 BTC is higher than 6 block rewards which is 12.5 * 6 = 75 BTC, so they start to mine on the last block which doesn't contain my first transaction.

  • Those 6 confirmations are orphaned and the pools earned more money.

  • My double spending succeeded.

I know that this mining strategy is not implemented in most pools today, but nothing is preventing pools from doing this in the future.

100 BTC is a large amount of money. But after many years the block reward will be very low, so this attack may not require so much money to perform in the future.

I googled and didn't find any related questions.

I want to know whether this kind of attack is possible in practice and what we can do to prevent this.

zzh1996

Posted 2018-03-11T19:17:28.153

Reputation: 21

I think this implies that the mining pool was not aware of the previous 6 blocks (highly improbable) Usually when it's added to the chain, it's irreversible, they would not fork from an old block, because it would be computationally infeasible to catch up and generate a longer chain than the current one. And if they could rewrite the chain fast enough, there would be far more lucrative things they could do.QuantumLicht 2018-03-11T20:33:11.873

Many pools can use this strategy together for profitzzh1996 2018-03-11T20:36:51.847

1I think it's up to the receiver of the money to prevent that kind of thing by waiting for more than 6 blocks, or better, by waiting for enough blocks that the rewards are bigger than the value transferred.Osias Jota 2018-03-11T20:48:13.883

Answers

3

An attack like this is possible, it is just a way to profit off a 51% attack. However you must remember several things:

  • if a miner controls less than 51% of the hashpower, then chances are they will not be able to catch back up to the network after mining the malicious tx, so the honest network will prevail as the longest chain

  • if a miner tries the attack but fails to succeed, they will have wasted a lot of resources in doing so (opportunity cost). Compare this to a more guaranteed profit of not being malicious

  • if an attack like this succeeded and users noticed, it would hurt the security of the network, and thus coin prices should be expected to fall. So the miner has undermined their own investment.

If you hunt around online, I have seen a simple formula for determining the value of transaction vs the number of block confirmations to wait for before considering the tx ‘final’. Your line of reasoning is correct: for larger transfers of value, the wait period should be longer, so that the potential reward of malicious behaviour is outweighed by the reward of honest mining.

chytrik

Posted 2018-03-11T19:17:28.153

Reputation: 10 276

Why do you say a miner as I described is not "honest"? The miner just mines for max profit. https://bitcoin.stackexchange.com/a/26936/49906 Here is a mining strategy which only mine the tx with the highest fee among all conflict txs. It is not dishonest and every pool can do this.

zzh1996 2018-03-12T05:54:43.403

"Honest" and "dishonest" are just used here to label the miners' general behaviour (ie the miner engaged in the attack, vs not). Though I would think that a miner attempting to 51% attack the network in order to claim a doublespend could be described as "dishonest" at any rate.chytrik 2018-03-12T06:34:31.730

Asked: 2018-03-11T19:17:28.153

Viewed: 76 times

Active: 2018-03-11T23:54:58.087