What is for-profit attack? | Bitcointalksearch.org

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: FP91G on August 18, 2023, 02:35:54 PM

Quote from: ?? on ??

--snip--

The pool can add any transaction to the block, but I don't understand how the mining pool can include double-spend transactions if it's not a 51% attack. There were commercial attacks in Ethereum, because the order of transactions was important there and Maximal extractable value (MEV) appeared.

Theoretically miner could perform double attack with less than 51% hashrate. It's just that 51% hashrate ensure 100% success, while less than that have lower chance depending on hashrate percentage and how many confirmation needed requested by receiver. You can use tool such as https://jlopp.github.io/bitcoin-confirmation-risk-calculator/ to perform such chance.

Quote from: Accardo on August 18, 2023, 07:22:39 AM

--snip--

Your answer is good, moving people away from a suspected mining pool controlled by tricky operators can help reduce such threat by diminishing the hashrate of the pool, yet it's written that if it's been done carefully they'll go unnoticed. So, I'm wondering if no method exist that can bench or stop for-profit attackers even though a mining pool does that secretly. Or its centralized nature keeps the for-profit attack operators immune from sanction or restriction?

As @kano said, double spend by rollback/overwrite few blocks would be noticed. In addition mempool.space have block health feature[1] which compare expected block (based on TX with highest fee rate) and actual block. With such feature, it's very easy to find miner/pool which intentionally exclude certain transaction. They also show average health of all blocks which mined by pool[3] which currently shows almost all pool have >99% health. IMO it's not something to worry about since potential damage (while doing it stealthily) is rather small.

[1] https://mempool.space/docs/faq#what-is-block-health
[2] https://mempool.space/graphs/mining/pools

philipma1957

legendary

Activity: 4326

Merit: 8914

'The right to privacy matters'

I explained a method of for profit attack which a large pool that keeps fees can do it is in a sticky thread.

https://bitcointalksearch.org/topic/why-all-miners-need-to-mine-on-a-pool-that-pays-them-the-tx-fees-2634505

The only way to prevent this attack is for miners to not use pools that keep fees.

kano

legendary

Activity: 4592

Merit: 1851

Linux since 1997 RedHat 4

The 'double spend' comment is wrong.

The consensus rules disallow it.
If a pool or miner starts double spending, they will be off on their own fork and not mining Bitcoin any more.

The only option with 'double spending' is to effectively roll back the block chain and cancel the spend with a new spend to a different address.

However, this would also be blatantly obvious that the pool did it, so they would be crucifying themselves.

FP91G

legendary

Activity: 1834

Merit: 1136

Quote from: ?? on ??

I also haven't heard this term before. But i did quick search and found out term "for profit attack" was mentioned on first edition of Mastering Bitcoin. Specifically it's located at chapter 8, page 217.

Quote from: First edition of Mastering Bitcoin

The massive increase of total hashing power has arguably made bitcoin impervious to attacks by a single miner. There is no possible way for a solo miner to control even 1% of the total mining power. However, the centralization of control caused by mining pools has introduced the risk of for-profit attack by a mining pool operator. The pool operator in a managed pool controls the construction of candidate blocks and also controls which transactions are included. This gives the pool operator the power to exclude transactions or introduce double-spend transactions. If such abuse of power is done in a limited and subtle way, a pool operator could conceivably profit from a consensus attack without being noticed

Since Bitcoin consensus doesn't force miner to include all or certain transaction, there's nothing Bitcoin community could do aside from asking miner switch to pool which doesn't perform such attack.

The pool can add any transaction to the block, but I don't understand how the mining pool can include double-spend transactions if it's not a 51% attack. There were commercial attacks in Ethereum, because the order of transactions was important there and Maximal extractable value (MEV) appeared.

Accardo

hero member

Activity: 1274

Merit: 561

Leading Crypto Sports Betting & Casino Platform

Quote from: ?? on ??

I also haven't heard this term before. But i did quick search and found out term "for profit attack" was mentioned on first edition of Mastering Bitcoin. Specifically it's located at chapter 8, page 217.

Quote from: First edition of Mastering Bitcoin

The massive increase of total hashing power has arguably made bitcoin impervious to attacks by a single miner. There is no possible way for a solo miner to control even 1% of the total mining power. However, the centralization of control caused by mining pools has introduced the risk of for-profit attack by a mining pool operator. The pool operator in a managed pool controls the construction of candidate blocks and also controls which transactions are included. This gives the pool operator the power to exclude transactions or introduce double-spend transactions. If such abuse of power is done in a limited and subtle way, a pool operator could conceivably profit from a consensus attack without being noticed

Since Bitcoin consensus doesn't force miner to include all or certain transaction, there's nothing Bitcoin community could do aside from asking miner switch to pool which doesn't perform such attack.

Yeah, I've read through this, but didn't know how to share a clickable link that'll lead to the exact place where I saw the term, however, regarding the double spending, a mining pool (not saying their operators are into such practice) control about 28-31% of the total mining hashrate according to mempool stats, and I just figured that it doesn't really have to be 51% of the hashrate to perform a double spend, that 30% can also execute such an attack. Hence, if that's possible I think I'm clear about the double spending capability of for-profit attack. As you can see the term wasn't explained in details, that's why I asked here to know more about it, the techniques and what can be done about it. Your answer is good, moving people away from a suspected mining pool controlled by tricky operators can help reduce such threat by diminishing the hashrate of the pool, yet it's written that if it's been done carefully they'll go unnoticed. So, I'm wondering if no method exist that can bench or stop for-profit attackers even though a mining pool does that secretly. Or its centralized nature keeps the for-profit attack operators immune from sanction or restriction?

Accardo

hero member

Activity: 1274

Merit: 561

Leading Crypto Sports Betting & Casino Platform

I know it's common amongst some mining pool operators, which is centralized and they can decide what transaction gets to the block and some other sort of manipulations. But, I can't in details understand how this attack works, for or against the consensus rules. How can they take advantage of the consensus rules or how vulnerable is the consensus to such attack? is there any technique or means whereby the bitcoin community tries to stop such attack, lastly can they perform double spending too?

I'm new to this term, pls help. Cheers!

Topic: What is for-profit attack? (Read 118 times)