-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Electrum lacks a clear way to handle dust attacks #6960
Comments
Was this dust sent to an address that has had other larger UTXOs at that time? workaround.
I am trying to come up with an automatic solution. EDIT:
This was the original point of error -- that the dust UTXO was chosen to be spent. |
Yeah, we used Electrum command line to process the withdrawals, so the coin-chooser must have selected the dust inputs for spending. We only trust Electrum for our production systems and also run our own ElectrumX node. The dust transaction at the time of writing is still unconfirmed: I assume that it will get dropped at some point, but they have chosen a fee to maximise the time it will hang around in the mempool for. EDIT: Btw, we load a wallet with a single address, rather than a mnemonic. Not sure if that affects the coin selection |
Main motivation is that I often use wallet.remove_transaction from the Qt console, and would find this behaviour more intuitive. Note that previously if one were to call this on a tx with children, the crash reporter would appear with "wallet.get_history() failed balance sanity-check". related: #6960 (comment)
Note that there are two issues here:
|
how about providing an option to user to ignore / auto freeze any UTXOs < some value during sending or at all times. |
Yes, that is pretty naive but it could work. Note that we need something that works by default. It should not need explicit enabling by the user. EDIT: EDIT2: |
@SomberNight if I select "only spend confirmed coins" then it limits the address to a single withdrawal per block when using a singular address. This is workable for some applications, but unfortunately not if you expect to be processing potentially hundreds of transactions from an address every hour. The naive approach you outlined above would be great IMO, because it puts the onus back on the attacker to spend larger amounts of funds if they want to dust you. For an address that processes withdrawals and only has large incoming transactions you can just set the threshold at 0.1 BTC (for example), and rest assured that no-one will dust you. |
So are most of your UTXOs usually unconfirmed? |
isn't it already what we do? EDIT: In |
@ecdsa yes, exactly that is what I was thinking about. |
Unfortunately neither solution is without faults.
So, I believe
|
I do not like the threshold approach. it is fragile, as you pointed out. if it is set too high it becomes useless. And it adds another parameter, that will raise thousands of questions such as "how to set it?", and "why can't I spend my bitcoins?". And the inevitable reddit experts are going to create threads about it.
so what? we are not supposed to fix bugs back in time... |
note: @ecdsa pointed out on IRC that another weakness of the threshold approach is that the problematic UTXO might have a value above |
Yes, it's not uncommon for us to push 10+ transactions in a single block, all chaining off previous ones. One thing I think worth adding to this discussion is that the majority of these incidents aren't "attacks" per se, rather just spammers advertising things. So while there are workarounds for "attackers" to create threshold+ transactions with unconfirmed chains of parents that are all large low-fee transactions, this is a very rare occurrence, whereas advertising spam is not that rare - probably happening many times a day. It might be worth considering simple measures to eliminate these spam situations causing grief, as a seperate concern to dealing with a dedicated attacker who is trying to get past your threshold values. Lastly, I am not an expert here like you guys, but I assume an attacker who creates a chain of low fee transactions, followed by a high fee transaction to breach your wallets threshold, is taking a huge risk. After all, what if a miner decides to confirm all the transactions for some reason? They could have just deposited many thousands of dollars for free in the wallet of their intended victim. |
#6962 was merged, which implements a variant of option (1) You can configure the threshold: Line 1356 in 27cd078
|
Add documentation to the docstring of the appropriate function explaining how to disable the spesmilo#6960 test for dusting transactions TODO: it may make sense to document passing this option on the command line as well, since editing the config file by hand is a recipe for trouble. Unfortunately this is not as simple as doing: ``` electrum --unconf_utxo_freeze_threshold=0 ``` and I can't find how electrum takes config arguments on the command line. Maybe someone else knows?
Add documentation to the docstring of the appropriate function explaining how to disable the spesmilo#6960 test for dusting transactions TODO: it may make sense to document passing this option on the command line as well, since editing the config file by hand is a recipe for trouble. Unfortunately this is not as simple as doing: ``` electrum --unconf_utxo_freeze_threshold=0 ``` and I can't find how electrum takes config arguments on the command line. Maybe someone else knows?
Recently our hot wallet was dusted with an output from an advertisement transaction. The advertisement transaction remains in the mempool unconfirmed, assumably for a couple days before being dropped.
The hot wallet continues processing withdrawals, which are all unconfirmed on the blockchain, until finally crashing with the mempool too long error.
At this point we are in an "all hands on deck situation".
A developer loaded the hot-wallet private key into the Electrum GUI and attempted a cancellation for the transaction immediately after the dust input arrived (spending the dust input) with a very high transaction fee, almost $200 USD.
This cancelled the 20+ unconfirmed tx's, leaving just the RBF transaction. However, because the dust attack never confirms the RBF never confirms, despite the huge fee. Another RBF is attempted with a $400 USD transaction fee, but this likewise never confirms.
Unfortunately at this point it doesn't seem like Electrum has any effective way to fix the situation. Freezing inputs is only allowed for inputs which are not currently part of a transaction, so the coins tab does not show the dust inputs or otherwise allow you to freeze them.
Also, modifying with RBF doesn't allow you to drop an input, nor does Electrum GUI seem to allow a custom transaction while selecting inputs from transactions you want to replace.
What can we do in these situations to free coins that have been dusted? The ability to freeze inputs only helps you if a dust input has arrived in your wallet, not in a situation where your wallet has already attempted to spend the dust input.
Lastly, is it possible to implement functionality in Electrum to easily stop this kind of attack? For example, automatically disabling the use of dust inputs in new transactions would prevent this from happening.
Thanks
The text was updated successfully, but these errors were encountered: