pull down to refresh

Transaction Pinning Attack
413 sats \ 2 comments \ @bitcoin_devs 24 Feb bitcoin

Transaction Pinning Attack

A pinning attack exploits mempool policy to prevent a transaction from confirming. Attackers use this method to delay or block transactions from being processed by miners.

Explanation with Example

Let's take Alice, Bob, and Carol to explain the concept:
  1. Alice creates a parent transaction (Tx1)
    • Tx1 has two outputs: one for Bob and one for Carol.
    • Tx1 is sent with a very low fee, making it less attractive to miners.
    • Tx1 gets stuck in the mempool.
  1. Since miners prefer transactions with higher fees, Tx1 remains unconfirmed.
  1. Carol (the attacker) creates a child transaction (Tx2)
    • Tx2 spends Carol's output from Tx1.
    • Tx2 has a very low fee and a large size.

Mempool Rule Exploitation

  • Bitcoin’s mempool policy limits the total package size (parent + child transactions) to 101KB.
  • Carol intentionally makes Tx2 close to this limit.

Consequence for Bob

  • When Bob tries to create Tx3 (spending from Tx1), it gets rejected.
  • Even if Bob includes a higher fee, the mempool won't accept it because it would exceed the 101KB limit.

Why is it Called "Pinning"?

Since Tx1 is stuck due to Carol’s actions, it is effectively “pinned”, preventing Bob from spending his funds.
Find a complete tutorial series of bitcoin technical concepts at https://bitcoindevs.xyz/decoding/welcome
write
preview
related posts
10 sats \ 1 reply \ @jerrybature 25 Feb
Is Tx1 actually stuck due to Carol's actions or rather due to the fact that Alice actually sent Tx1 with a very low fee, considering the known fact that miners will always prefer to go for high fee transactions? In other words, who actually created the problem in the first place?
I'm curious to learn. Looking forward to your reply on this. Thank you for this wonderful piece.
reply
0 sats \ 0 replies \ @bitcoin_devs OP 28 Feb
The issue actually starts with Alice, as she sends Tx1 with a very low fee. However, Carol (the attacker) exploits this situation further by creating Tx2, a large child transaction with an extremely low fee, which brings down the fee rate of the whole package.
Without Carol's interference, Alice’s Tx1 might get confirmed if someone uses a CPFP method.
In short, Carol’s actions as the attacker are what turn this into a pinning attack.
reply