mempool – What is the problem with the recent “One-Shot Replace-by-Fee-Rate” Proposal?

TL;DR: Due to the two asymmetric sets of rules for replacement, a total of five transactions is sufficient to make a cycle of replacements that beat each other in turn. This allows an attacker to rebroadcast the same transactions over and over while at most paying for one small transaction per block.

You have two confirmed UTXOs C1 and C2. Let’s say 20 s/vB is the bottom of the first block.

1. You create a large low-feerate transaction tx_LL with 100,000 vB at 1 s/vB (fee: 100,000 s). It spends the confirmed output C1 and has an output tx_LL:0.
2. You attach a small low-feerate transaction tx_LS as a child with 100 vB at 1 s/vB (fee: 100 s) by spending tx_LL:0.

3. You RBF tx_LS with a high-feerate transaction that spends C2 and tx_LL:0 in a new transaction tx_HS. tx_HS has 5000 vB and pays 21 s/vB, but since it spends an output from a low-feerate parent, its mining score is only 1.95 s/vB.

4. You RBF tx_LL and tx_HS with tx_LM that has 100,000 vB and pays 3.05 s/vB (fee: 305,000 s) by spending the outputs C1 and C2. This is permitted, since only tx_LL is a direct conflict, so the feerate of tx_HS does not have to be beat directly.

5. You use the new RBFr rules to replace tx_LM with a small high feerate transaction tx_RBFr with 100 vB paying 20 s/vB (fee: 2000 s) that spends C2 and makes it into the top block of the mempool. tx_LM was not going to be in the next block, and tx_RBFr pays more than 1.25× the feerate of tx_LM. So this is permitted under the new rules.

6. You then rebroadcast tx_LL and tx_LS because C1 is no longer being spent.

7. You immediately replace both tx_LS and tx_RBFr with tx_HS. tx_HS has a feerate of 21 s/vB which is higher than tx_RBFr (20 s/vB) and tx_LS (1 s/vB), and pays more absolute fees than both (105,000 s vs 2000 s + 100 s). But since it’s a child of tx_LL it only has a mining score of 1.95 s/vB.

Repeat 4.–7. to make every node on the network cycle the same five transactions ad nauseam. Roll the locktimes or sequences to make the transaction have a new TXIDs in each iteration, while spending the same UTXOs. The only transaction that is ever in any danger of getting mined is tx_RBFr which costs you 2000 s. If it it does get included in a block, just start over with a new confirmed UTXO as your c2'.