"coinselect" always expose the largest UTXO no matter how small the payment is because it sorts by descending value. #74
Comments
Transisto
changed the title
|
@Transisto I noticed this also, but I think it has to do with minimizing the final fee, since more UTXO = higher fee? I'm about to use this in production so I'd greatly appreciate if you have more opinions around this. For context: as a service, privacy isnt a goal for ourselves, but reduced fee costs are. |
|
There's more details in the Bluewallet issue above.
I've stopped using bluewallet mostly for that reason.
It's not using less fee if it's using a 10btc vs a 1btc utxo to send 0.1
…On Tue, Aug 29, 2023 at 8:26 PM nostitos ***@***.***> wrote:
There's more details in the Bluewallet issue above.
I've stopped using bluewallet mostly for that reason.
—
Reply to this email directly, view it on GitHub
<#74 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAC643DHAJX5G5I6K22STX3XX2CDXANCNFSM6AAAAAAQ5CV6DE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@Transisto what I meant was, if it were the other way around, maybe it'd use many small UTXOs - but yeah, obviously there are ways to use "the least largest, satisfactory utxo". Maybe it's more effective to use the largest UTXO as many times as possible before using the small ones? It's hard to say. @Overtorment what do you think or know about this? |
|
Sure, if you're running an exchange you might not care at all about
privacy, go ahead and use this.
Pay 100$ with a 10,000$ utxo in a third world country and you have a high
chance of getting robbed.
Then spend 3 months spending from the same UTXO, creating a long and
obvious peel chain,
Privacy is already bad enough in Bitcoin, this coin selection algo just
make it much worst.
…On Wed, Aug 30, 2023 at 8:46 AM LeeKorbisCa ***@***.***> wrote:
@Transisto <https://github.com/Transisto> what I meant was, if it were
the other way around, maybe it'd use many small UTXOs - but yeah, obviously
there are ways to use "the least largest, satisfactory utxo". Maybe it's
more effective to use the largest UTXO as many times as possible before
using the small ones? It's hard to say. @Overtorment
<https://github.com/Overtorment> what do you think or know about this?
—
Reply to this email directly, view it on GitHub
<#74 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAC643B7ONTQ2KGCSTZ2SGLXX4YZRANCNFSM6AAAAAAQ5CV6DE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Yes I completely agree. For an individual the current algorithms are not
suitable. It seems though they are very open to accepting PRs that could
remedy this problem :D.
Not only code is needed, but more documentation around usage. Otherwise
people won't know what to use.
Thank you for further explaining things :)
…On Wed, Aug 30, 2023 at 1:21 PM Transisto ***@***.***> wrote:
Sure, if you're running an exchange you might not care at all about
privacy, go ahead and use this.
Pay 100$ with a 10,000$ utxo in a third world country and you have a high
chance of getting robbed.
Then spend 3 months spending from the same UTXO, creating a long and
obvious peel chain,
Privacy is already bad enough in Bitcoin, this coin selection algo just
make it much worst.
On Wed, Aug 30, 2023 at 8:46 AM LeeKorbisCa ***@***.***>
wrote:
> @Transisto <https://github.com/Transisto> what I meant was, if it were
> the other way around, maybe it'd use many small UTXOs - but yeah,
obviously
> there are ways to use "the least largest, satisfactory utxo". Maybe it's
> more effective to use the largest UTXO as many times as possible before
> using the small ones? It's hard to say. @Overtorment
> <https://github.com/Overtorment> what do you think or know about this?
>
> —
> Reply to this email directly, view it on GitHub
> <
#74 (comment)>,
> or unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AAC643B7ONTQ2KGCSTZ2SGLXX4YZRANCNFSM6AAAAAAQ5CV6DE>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
—
Reply to this email directly, view it on GitHub
<#74 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A4TDOITPDIMB7REQD7GRRUTXX5ZAPANCNFSM6AAAAAAQ5CV6DE>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a huge privacy issue.
It's exposing a larger balance than required to the recipient.
Why is it sorting by descending?
Unless it's doing something more advanced to solve that "knapsack' like problem.
It should first try to find the smallest single UTXO that is bigger than the sent amount by going up the list (asending)
If it didn't find any it should take the largest one and go back from to smallest until it finds one that is larger than what's missing. If not take 1st + 2nd largest and keep adding to it until total it's enough.
The text was updated successfully, but these errors were encountered: