I think I’ve found a way to economically exploit incognito, and I think that I could run this attack much more effectively if I were using CLI tools.
Here it is:
Open up your wallet, and click send from the home screen. This won’t work if you first go to your pbtc wallet and try to send from it.
Click out network and select pbtc.
Next, set the payment amount to one Satoshi.
Choose a wallet address of yours or a friend’s. Can’t be randomly firing off satoshis, they’ll be worth a dollar each before all this is over and crypto rules the world.
Then, pay your transaction fee in PRV. The wallet has quoted me fees from .00000001 - 0.00000007 PRV for this task.
So, this attack steals satoshis from… I guess the foundation. The PRV price of a BTC transaction should always be at least equal to one Satoshi per vbyte.
There’s some rate limiting. I can’t fire off these transactions rapidly, but I’ve fired them off nonetheless. They do show up in my transaction history.
I haven’t seen any of them hit the Bitcoin mempool yet. So if I’m not actually making these transactions successfully, then there’s another bug, because from the wallet, they look successful.
If I were familiar with the command line tools, I could automate this attack, and if I had a number of machines doing it at once, it could have an impact despite rate limiting.
The PRV fee for out network transactions must be equal to or greater than their cost in satoshis otherwise an economic attack is possible.
If these transactions are not actually going through, then the software is malfunctioning by reporting to me that they are going through.
For ease of diagnosis, here is a throwaway BTC address I used for this:
I am also able to pay trivial Satoshi amounts for Bitcoin transactions, which would also effectively steal satoshis from… Well, I don’t know who but…
Sometimes the wallet shows me this:
But other times it does not and I am able to complete the transaction, as you can see in the screencap of my transaction history above.
Keep in mind:
if I were sufficently motivated and equipped with enough BTC, this minimum transaction amount would be meaningless. I could shield a whole Bitcoin and make many, many transactions for free, or spread that Bitcoin over many accounts, and do the same thing. This is a bug with fee amounts, not minimum transaction sizes.
Another successful tx:
Do the CLI tools I’d need to demonstrate this attack at speed exist? Happy to show how that could work, too.
I imagine I would need either multiple incognito addresses or multiple machines to make it go really fast, but it should be possible.
Note: I disclosed this attack to @andrey before beginning, and he requested I make this post in the interests of full transparency. I do not encourage anyone to exploit this attack, and I do not know if I will ever recover the sats that I have paid fo demonstrate it. Please use this information to strengthen Incognito, not to harm it. It is likely not very difficult to resolve.
Some wallets don’t let me send a single sat transaction… but this is why we have transaction fees. From Samourai, the smallest I can send is 1000 sats. From Green Wallet, it’s the same. Electrum lets you do 1 sat transactions, if you have attached if to your own node, I think. Otherwise it’s rejected due to “dust outputs”. But just like “taint”, dust is just another made up idea.
Of course, dusting while not paying a transaction fee of 136 sats for a 1 sat transaction, that’s an actual problem.
There are various reasons for wallets and nodes not permitting “dust” I’m sure. But my thinking is: if I’m willing to pay for a transaction, my wallet should let me make it, even if it’s for a silly small amount. Maybe I’m using the transaction itself to trigger a software process… Who knows?
remove the minimum amount, because it doesn’t help anything. Let users send 1 sat transactions any time, and pay the full fee for them.
ensure that the tx fee in PRV is always higher than or equal to the equivalent fee in sats. Could even use the pdex as a reference point for this.
ensure that the tx fee in pbtc is always higher than or equal to the Bitcoin network fee in sats.
Update, and how I realized this was an issue
Yesterday I took some pbtc and sent it to a BTC wallet of mine, just to check that I could get it out, once I had put it in.
It worked, and I paid my fee in PRV, so it was next to nothing.
Well, here’s my 20,000 Satoshi transaction. Like my transaction from yesterday, I think it’s going to hit the mempool, unlike all my 1 sat transactions.
Now, imagine I wanted to harm the project. I could automate this, and do it very, very rapidly.
I just did two transactions to the address above:
**Very serious problem. You are paying 60,000 satoshis per transaction. It is far, far too much.
Paying 60,000 sats per transaction transforms this attack into something devastating. **
This one is very bad. Please look at it carefully. Incognito paid 267.9 sats/vbyte! (I did not do anything different to cause this. You’re dramatically overpaying miners somehow. I usually pay 1 sat/vbyte.
I think that these will actually arrive in my wallet. This also means that I can send them back to incognito combined with a single fee, and run the attack again, probably in 20,000 Satoshi segments.
So, there’s no issue with the minimum amount and I even suggest that you lower it to 1 Satoshi.
Be the wallet/node that fully supports Bitcoin and doesn’t censor transactions smaller than 1000 sats. Give users the full power of Bitcoin.
The only issue is with the fee pricing. It lets me spend your money.
Researching for this issue led me to discover a second and much more serious issue
My 1 Satoshi transactions never arrived at my wallet, which is a third, but not too serious issue
Except that’s kinda serious too, because I no longer have those sats and they never arrived.