Skip to content

Simple replacement cycling attack #674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Simple replacement cycling attack #674

wants to merge 3 commits into from

Conversation

@a-mpch
Copy link

@a-mpch a-mpch commented Dec 10, 2024

Issue

I'm trying to replicate replacement cycling attacks from Antoine Riard's example and paper and how implementations were made.

Solution

Built heavily inspired in #422 but doing a simplification of the attack. We don't use HTLCs but we use the same condition of a "shared utxo" and assume the time sensitive. Using this simplifcation I can build a simple transaction cycling and pinning the transaction to the mempool.

Next

  • Build Stochastic scenario
  • Build current mitigations using the stochastic scenario
  • Other node topologies?

Would highly appreciate

I think doing the random_interval hack and the process of the cycling actually check mempool might be an ok approach. Any input on this would be highly appreciated

@a-mpch
feat: initial setup cycling
d6e123d 
first approach, given a shared output both defender tries to spend but attacker replaces defender transaction with his own, after attacker cycles the replacement transaction with another spending the output but not the shared, succesfully pinning a transaction in mempool. This is really basic approach to iterate over
@a-mpch
feat: random interval while mining
b56f961 
using a random interval we can simulate a cycling attack using mitigations currently implemented
@a-mpch a-mpch force-pushed the 2024-12-replacement-cycling branch from 5dfb8a5 to b56f961 Compare December 10, 2024 22:49
@mplsgrant
Copy link
Collaborator

mplsgrant commented Dec 11, 2024

This looks really cool. Thank you for putting it together. I would like to take a closer look later, but I want to quickly mention that I'm not sure it would make sense to incorporate this directly into Warnet. The original PR that you referred to may be a little misleading in the sense that it merges a scenario directly into Warnet. As more and more people start developing new scenarios, I believe the goal would be for the authors to host those scenario files in their own repository. That way, they are easier to distribute and do not rely on the Warnet maintainers approving anything.

For example, I can do a warnet init on some directory, and that will populate the directory with a scenarios folder, network folder, etc. I would then make the changes I want (add scenarios, modify the network file, etc). And then I would commit that to a repo on my own github account. That way, users can clone that repo and start running it.

@a-mpch
Copy link
Author

a-mpch commented Dec 11, 2024
edited
Loading

hey @mplsgrant, thanks for taking your time!
It makes sense what you are referring to. But I'm wondering how to gather feedback on scenarios if they live in my repo. Discussions? Issue? Happy to help how to navigate that.

Broader context, I come from delving bitcoin post and maybe misinterpreted the support / working scenario / PRs.

@a-mpch
Copy link
Author

a-mpch commented Jan 2, 2025

This was moved to https://github.com/a-mpch/replacement-cycling-attack

@a-mpch a-mpch closed this Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@a-mpch @mplsgrant