Note to self from Greg For v3, where we can ask the exact miner score, use that instead of individual, otherwise absurd brutal fee when replacing child + switching sponsees. https://github.com/bitcoin/bitcoin/pull/26403/files#diff-d18bbdec91d0f4825b512a31f34666b000c7b7e2e05a3d43570c4b971532616fR415

I don't think this is necessary. `get_utxos` already filters for mature coinbases, and you're making 60 of those above.

```suggestion // For example, the mempool contains a large, low-feerate transaction A (99,000vB, 1sat/vB feerate). // Transaction A has a small, high-feerate child B (1,000vB, 101sat/vB). The user wants to ``` or maybe ```suggestion // For example, the mempool contains a large, low-feerate transaction A (99,000vB, 1sat/vB feerate) // which has a small, high-feerate child B (1,000vB, 101sat/vB). The user wants to ```

Missing assertions for the replaced-tx checks: ```suggestion assert submitres2["replaced-transactions"] == [tx.rehash() for tx in package_txns1] self.assert_mempool_contents(expected=package_txns2, unexpected=package_txns1) submitres3 = node.submitpackage(package_hex3) assert submitres3["replaced-transactions"] == [tx.rehash() for tx in package_txns2] ```

Seems like this is not used anywhere: ```suggestion ```

```suggestion coin = self.coins.pop(0) ```

```suggestion // Parent + child with v3 in the mempool. Child is allowed as long as it is under V3_CHILD_MAX_WEIGHT. ```

```suggestion * 2. The tx must be within V3_CHILD_MAX_WEIGHT ```

Do you ever discuss what will happen in the 2-block-reorg case? A chain of txs could end up being not-re-added to the mempool (due to rules 2/3), and then something becomes insecure. I think I should bring a concrete example here.

>too low to fee-bump B through CPFP I don't get this sentence. Nobody wants to fee-bump B, no? Alice would want to replace B, what does it have to do with fee-bumping?

Question about this and sorry if it's already been addressed: Does this require extra logic for reorg handling? I'm thinking of a chain of v3 TXs: tx1 (confirmed in block 100) -> tx2 (confirmed in block 101) -> tx3 (unconfirmed, currently in mempool) if block 101 is disconnected, that potentially puts tx2 back in the mempool meaning tx3 is now invalid and should be evicted.

After this check, we know it's a mixture(?) and therefore illicit, making hitting https://github.com/bitcoin/bitcoin/pull/25038/commits/000facb0460372cc320158189090e4d36862eb0e#diff-a19c07329799a164e1e3bd89e7cd07f1a8e5e97b88f2b24c9bef17df04479c74R51 impossible and the below loops a only useful for returning an example illicit tuple. Perhaps just grab one v3 example and one non-v3 example and return those to simplify the rest of the code?

Also, I think this could be a minor issue for LN implementation. If some of your counterparties have not upgraded their software to support V3 transactions you might have a subset of your channel transaction still under V2 during the transition period. If you have a common child for batched fee-bumping shared between a V2 commitment transaction and V3 commitment transaction, the whole operation is likely to fail. Of course, batch fee-bumping should be considered harmful for time-sensitive commitment transactions (i.e ones with HTLC outputs) though we might have further silent issues even when it's not time-sensitive. In my opinion, this is a potential issue LN devs should be aware of, processing between V2 and V3 channels should be well isolated.

I think this implies that any 0conf acceptance softwares should be upgraded to tread V3 transactions by default as replaecable. I would say it could be valuable to notify the operators of such services.

I think it could be precised if those rules are still applied in case of reorg and a V2 ancestor transaction comes back in the mempool, if the V3 child package should be evicted or conserved. In the case it's evicted, you have to consider LN V3 package being evicted and as a LN node you should resuscitate the V2, fee-bump it again, wait for confirmation and then re-broadcast your V3 package.

If we would like to add more rational to the design of the rules, we could explain why a scorched earth approach would solve the Lightning case really imperfectly (discussed recently here: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-November/021176.html). Indeed, Lightning implementation could just blindly replace-by-fee the pinning transactions, paying up to the channel value. This wouldn't work at all against an attacker pinning with one single malicious transaction multiple channel from different parties where the malicious transaction fee is above the value of each channel. E.g channel A 10000 sats, channel B 25000 sats and channel C 8000 sats. If the malicious pinning transactions fee equals 26000 sats, none of the honest party will rationally fee-bump more than their own channel value. Feerate-only replacement rules scales up to the maximum package size and worst historical mempool reduce consideraly the fee-bumping reserves requirement for a LN node, which is a notable advantage I think.

This should precise if the mempool conflicts are required to be V3 themselves. From my memory of the mailing list discussions and elsewhere, I think the current state of thinking, directly conflicting transactions versions number are not considered. For the Lightning use-case, this is a significant security advantage as the ~80k of public channels, with all pre-signed revoked commitment transactions V2 can be replaced with newer version=3 package. Revoked commitment transactions, even if the honest counterparty is in knowledge of the revocation secret, are still consensus and policy valid transactions, and as such can be leveraged as pinning means. On the other hand, I think allowing V3 to replace V2 chain of transactions lead to the consequence than V2 users are implicitly subscribing to this new replacement regime. A receiver of a V2 transaction could apply the BIP125 rules to estimate the replacement odd of the transaction, and the application logic be broken when the actual rule 3 of minimum between package feerate and ancestor feerate is applied. I don't know if we're significantly interfering with any Bitcoin application here.

some related discussion on estimating mining score of the replacement: https://github.com/bitcoin/bitcoin/pull/26451#issuecomment-1303889425

no results are being pushed here, which seems to mean we'll hit `NONFATAL_UNREACHABLE` in the switch statement in `submitpackage` RPC with a tx that doesn't hit the above two conditions. e.g., a non-standard script

(just noting to remember) This lets through un-paid-for RBFs for single tx packages, as well as bypasses conflict set creation, leading to internally-inconsistent mempool

the idea being, carveouts are only useful in the individual tx scenario, not package context? i.e., you wouldn't need to propagate *both* anchor spends on a commit tx in a package, which busts original limits?

note: a test that this commit fixes the purported future bug would be a good idea

thought: do we just want to make the version check a thing in `SignalsOptInRBF`?

why bother with the loop vs one huge tx?

I was wondering whether this could be a pinning vector when used with v3 transactions, but it's not :tada: Packages are by default restricted to 25 elements, so in theory we're safe, but since this value is configurable, we cannot completely rely on this protection. However, the size restriction on the v3 child ensures that it cannot be bumping 100 parent transactions, so this ensures that we're really safe (unless I'm missing something)!

Maybe this is a naive question, but is there a way we can make that value configurable instead of using a protocol hard-coded value? Informally, any v3 transaction would include a _descendant_max_weight_ somewhere (handwave, handwave), covered by signatures. This lets L2 contracts decide what values are acceptable for each tx type. For example, in the anchor outputs LN-penalty case, we know that commit txs only need an anchor child that can be constrained to be quite small, so commit txs could use a low value here, that can take into account the maximum weight of a commit tx. Or would this be adding too much complexity for only a marginal improvement? If so, we should probably bikeshed the protocol hard-coded value and use the lowest value we can to minimize the harm a malicious child tx can do.

I believe this falls short in that the parent V3 transaction can be just south of 101kvB, even in ANYONECANPAY and SIGHASH_SINGLE like scenarios where additional inputs cannot be excluded by the presigning parties. In imprecise language, this is what I expect to be required to solve it: "When evaluating a V3 transaction, if its total mempool package size after entry into the mempool would exceed 4000 virtual bytes, it is rejected."

Since we are introducing a new form of RBF that doesn't currently exist, now might be the best time to at least improve the BIP 125 rules to be incentive compatible in all situations (though this comes at the cost of making replacements potentially more expensive). In particular what I have in mind is that we require the ancestor feerate of the child transaction to be higher than the actual feerate of all transactions that would be evicted. This is conservative but I think would ensure that we don't have any situations where there are transactions being replaced that might appear in the next block, while the new transactions do not. Would this be too conservative for the use cases that we have in mind?

My head hurts :laughing: I'm not 100% sure I'm understanding this rule correctly, can you let me know if the following example makes sense? Let's imagine we have `{commitTxAlice, anchorTxAlice}` in the mempool that we want to replace. What we really want to do is to replace `commitTxAlice` by `commitTxBob` (the child is just a tool to achieve that). We ask `bitcoind` to `fundrawtransaction` to ensure our `anchorTxBob` adds enough funds. `bitcoind` adds an unconfirmed (but safe) wallet input: ``` +-------------+ | commitTxBob |---------+ +-------------+ | +-------------+ | | | +------------------+ +----->| anchorTxBob | | previousWalletTx |---------->| | +------------------+ +-------------+ ``` If we include `previousWalletTx` in the package, this package-rbf would work, right? But if we don't include `previousWalletTx` in the package, this would be rejected? But what if `previousWalletTx` itself has an unconfirmed parent? We cannot include this grand-parent in the package (since packages are only parents-with-single-child). This isn't directly bringing an unconfirmed input, but it is indirectly bringing one. Is that ok? If that's ok, why wouldn't it be ok to just allow adding new unconfirmed inputs in the first place?

Depending on the design of p2p packages, we might relay the "full-non-dedup" version of the package as our peers might not have the same mempool composition. So the additional fees might have to be paid on the non-dedup package. I don't think we have to settle the question now though we might have to rework package-RBF in function of p2p design ?

IIUC given that `PackageMempoolChecks` happens after package dedup there should not be remaining already-in-mempool transactions at that stage in `txns` ? So no descendants that could be `to-be-replaced mempool entries` to subtract or are you thinking to something else ?

Reason to not turn `PackageTestAccept` as `true` too ?