Data Always

Posted on Jan 29, 2023Read on Mirror.xyz

The Economics of a Witness Stuffing Chain Stall Attack

In retrospect I think this is kind of a mid-curve take. I do think the analysis is interesting and that the perverting of miner incentives is a crucial topic to discuss, but it seems unlikely for now that the standard mining rules will be subverted to allow for larger transactions. The only way this makes sense is to bribe miners with out-of-band transactions which would have to pay a premium.

The analysis does however remain a cautionary tale should standard mining practices be changed.

The original analysis is available below.


All blockchains can become practically stalled when blockspace demand is extreme. The most prominent example of this is the Otherdeed NFT mint on Ethereum, where gas prices skyrocketed and all non-related transactions became economically unfeasible until the mint was complete four hours later.

Source: Dune Analytics

When all the transactions are small, this is a feature not a bug. The fee market works to prioritize the most important transactions, which as stupid as it sounds, at times can be tokens representing land in a metaverse designed around monkey JPEGs.


The most common way to store small pieces of data on the Bitcoin blockchain is through OP_RETURNs, which are limited to 80 bytes of data--in modern time this is usually just a snippet of text that people can immortalize on the blockchain.

With the Taproot upgrade, a series of developers found a workaround for transaction data limits. By stuffing information in the witness data, they can make transactions arbitrarily large. Dennis Porteaux recently wrote about this and I would highly recommend reading it.

https://read.pourteaux.xyz/p/illegitimate-bitcoin-transactions

In theory, one single transaction can now fill up an entire block; this drastically changes the economics of stalling the blockchain.


Traditionally, if one wanted to stall Bitcoin they would have to outbid the most expensive transaction in the mempool--and pay this cost for the entire size of a block. The mempool, visualized below, is essentially made up of tranches of bids on blockspace, where transactors outbid each other to ensure their inclusion as soon as possible.

Source: mempool.jhoenicke.de

For example, in a traditional stall attack to claim all the space in the block at 15:19 UTC today would have cost ~ 400 sat/vB (the most expensive transaction plus a buffer) multiplied by the block size. For a 4 MB block this cost becomes 1.68e9 satoshi or 16.8 bitcoin. In US Dollars, approximately $400,000.


Post-Taproot, given the ability to fill an entire bitcoin block with one witness-stuffed transaction, a spammer should now be able to force miners to make an all-or-none choice. With this change, a attacker should only have to outbid the total fees of a block (plus a buffer).

The block that arrived at 15:19 UTC did contain transactions price at over 300 sat/vB, but the sum all the transaction fees included in the block was only 0.1281 bitcoin! If an attacker wanted to stall the chain, they could have outbid the total rewards with a buffer, (let’s call it 0.15 bitcoin) and a rational economic miner would have chosen to only include their transaction.

It appears that witness-stuffing attacks have the potential to reduce the cost of a chain stall attack in the current environment by approximately 100x.


To break the stall, a motivated transactor would have to pay the cost of the buffer used by the attacker--allowing a flood of transactions from all over to become the better economic choice for a miner.

In this example above, the cost would only be $60, but the number can scale as arbitrarily high as the attacker is willing to sacrifice on average every 10 minutes. In a high stakes market driven by financial derivatives, any amount is possible.


edit: someone did a thing.

Source: https://bits.monospace.live