Amount of tips is supposed to be small
This is not necessarily the case, in the heavy load regime.
That could help to conduct a doublespend btw. A hacker accumulates a lot of PoW in legit small transactions forming huge amount of new tips, but doesn't broadcast them. Then he sends a legit transaction, waits for it to be confirmed, gets his purchase sent to him. Then he creates a doublespend (for example sends the same money back to himself) and floods the network with his precomputed legit transactions. So network hashpower now is spread over his tips and he needs much less hashpower to create enough transactions confirming his doublespend to overtake the first transaction.
The algorithm for choosing the tips to reference "prefers" tips with larger height. Those precomputed legit transactions will have much smaller cumulative weight (than other tips), and so they will probably not be referenced by others.
Correct me if I'm wrong, but what prevents the following attack?
A hacker creates two transactions, one of them will be a legit transaction, used to purchase something, another is a doublespend. Then the hacker invests a lot of PoW in confirming the second transaction. In order to do that he just creates a lot of transactions sending money between his addresses, all his trnsactions refer directly or indirectly the doublespend, so his doublespend gets huge confirmation score. Then he broadcasts the first transaction, and when it gets confirmed he broadcasts the whole doublespend branch.
Do I miss something?
If the attacker started to create his double-spending subtangle long time ago, then the initial tx's of this subtangle reference some rather old tx's, with not-so-big cumulative weight. While the attacker waits, the cumulative weight of the legit tangle continues to grow, so he won't be able to catch up.
Of course, this assumes that the attacker's max possible tx's rate is much less then the "usual" tx's rate of the rest of the network.
