Replacing Bitcoin Transactions: Community Responses to Opt-In Replace-By-Fee
A new addition to Bitcoin Core called Opt-In Replace-by-Fee allows transactions to be flagged as replaceable, and actually replaced, until the transaction gets confirmed in the next block.
Opt-In RBF is a change to the memory pool and network relay code and gives wallets the option to add a signal to transactions that gives permission for full nodes to update the particular transaction. Bitcoin creator Satoshi Nakamoto introduced transaction replacement in his initial release of the Bitcoin Software, but removed it due to denial of service problems, which opt-in RBF solves by adding a higher fee for transaction replacement.
It is a slight variation of Replace-by-Fee, another feature included in Bitcoin Core. A full analysis of RBF, written by Aaron Van Wirdum can be found here.
Peter Todd, a Bitcoin Core developer who worked on the opt-in RBF project, publicly expressed concern in a blog post that opt-in RBF wallets are not yet ready to implement detection software for opt-in RBF transactions. He wrote that wallets without this software implemented leave users at a greater risk of being cheated by double-spenders, especially for zero-confirmation transaction (zero-confs). This can lead people to believe that the community should wait to integrate opt-in RBF.
Todd also admits that this is only a valid concern if merchants and consumer wallets were able to warn users of potential double-spend attempts before the integration of opt-in RBF. If wallets are currently unable to properly detect and warn their users, scammers would have no need to use opt-in RBF, as they would have no problem using the existing system.
Todd actually tested the current level of security of popular user wallets against double-spends attacks and posted his findings in a list, as seen below.
- Wallets not only failed to warn users that a double-spend might happen, the majority even failed to warn their users that a double-spend has happened.
- Half the wallets tested could be double-spent by an attacker with nearly zero technical sophistication with 100 percent probability of success.
- The other half could be double-spent with about 25 percent success rates, again by an attacker with nearly zero technical sophistication.
This means that opt-in RBF will not raise users’ vulnerability to double-spends, as people are already vulnerable with most wallet service providers in the current system until the transaction has been confirmed in the blockchain.
On the other hand, executives of merchant services platforms such as Stephen Pair from BitPay and Jamie Robinson from AcceptBT have been quick to integrate RBF detection software as part as their strategy to mitigate zero-conf risk.
Stephen Pair wrote in a blog post that Bitpay was “thrilled when we saw that Opt-In RBF was merged.” He explained that “both the ‘first seen’ and ‘RBF’ behaviors are useful and valuable features of the mesh network. The ‘first seen’ behavior is not being dropped and existing wallets and infrastructure that make use of the ‘first seen’ behavior will not be affected (except for minor changes needed to detect RBF transactions). This new functionality makes Bitcoin itself more valuable.”
Robinson told Bitcoin Magazine that he simply changed the user interface of AcceptBT to account for the possibility of opt-in RBF. Now, if a transaction has a possible double spend a message displays to notify the merchant that this transaction is not eligible for instant approval, and a pending transaction shows up in their merchant terminal.