Open Transisto opened 1 year ago
LeeKorbisCa
commented
1 year ago @Transisto I noticed this also, but I think it has to do with minimizing the final fee, since more UTXO = higher fee?
I'm about to use this in production so I'd greatly appreciate if you have more opinions around this.
For context: as a service, privacy isnt a goal for ourselves, but reduced fee costs are.
Transisto
commented
1 year ago There's more details in the Bluewallet issue above.
I've stopped using bluewallet mostly for that reason.
It's not using less fee if it's using a 10btc vs a 1btc utxo to send 0.1
On Tue, Aug 29, 2023 at 8:26 PM nostitos @.***> wrote:
There's more details in the Bluewallet issue above.
I've stopped using bluewallet mostly for that reason.
— Reply to this email directly, view it on GitHub https://github.com/bitcoinjs/coinselect/issues/74#issuecomment-1698315515, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC643DHAJX5G5I6K22STX3XX2CDXANCNFSM6AAAAAAQ5CV6DE . You are receiving this because you were mentioned.Message ID: @.***>
LeeKorbisCa
commented
1 year ago @Transisto what I meant was, if it were the other way around, maybe it'd use many small UTXOs - but yeah, obviously there are ways to use "the least largest, satisfactory utxo". Maybe it's more effective to use the largest UTXO as many times as possible before using the small ones? It's hard to say. @Overtorment what do you think or know about this?
Transisto
commented
1 year ago Sure, if you're running an exchange you might not care at all about privacy, go ahead and use this.
Pay 100$ with a 10,000$ utxo in a third world country and you have a high chance of getting robbed. Then spend 3 months spending from the same UTXO, creating a long and obvious peel chain,
Privacy is already bad enough in Bitcoin, this coin selection algo just make it much worst.
On Wed, Aug 30, 2023 at 8:46 AM LeeKorbisCa @.***> wrote:
@Transisto https://github.com/Transisto what I meant was, if it were the other way around, maybe it'd use many small UTXOs - but yeah, obviously there are ways to use "the least largest, satisfactory utxo". Maybe it's more effective to use the largest UTXO as many times as possible before using the small ones? It's hard to say. @Overtorment https://github.com/Overtorment what do you think or know about this?
— Reply to this email directly, view it on GitHub https://github.com/bitcoinjs/coinselect/issues/74#issuecomment-1699103228, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC643B7ONTQ2KGCSTZ2SGLXX4YZRANCNFSM6AAAAAAQ5CV6DE . You are receiving this because you were mentioned.Message ID: @.***>
LeeKorbisCa
commented
1 year ago Yes I completely agree. For an individual the current algorithms are not suitable. It seems though they are very open to accepting PRs that could remedy this problem :D.
Not only code is needed, but more documentation around usage. Otherwise people won't know what to use.
Thank you for further explaining things :)
On Wed, Aug 30, 2023 at 1:21 PM Transisto @.***> wrote:
Sure, if you're running an exchange you might not care at all about privacy, go ahead and use this.
Pay 100$ with a 10,000$ utxo in a third world country and you have a high chance of getting robbed. Then spend 3 months spending from the same UTXO, creating a long and obvious peel chain,
Privacy is already bad enough in Bitcoin, this coin selection algo just make it much worst.
On Wed, Aug 30, 2023 at 8:46 AM LeeKorbisCa @.***> wrote:
@Transisto https://github.com/Transisto what I meant was, if it were the other way around, maybe it'd use many small UTXOs - but yeah, obviously there are ways to use "the least largest, satisfactory utxo". Maybe it's more effective to use the largest UTXO as many times as possible before using the small ones? It's hard to say. @Overtorment https://github.com/Overtorment what do you think or know about this?
— Reply to this email directly, view it on GitHub < https://github.com/bitcoinjs/coinselect/issues/74#issuecomment-1699103228>,
or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAC643B7ONTQ2KGCSTZ2SGLXX4YZRANCNFSM6AAAAAAQ5CV6DE>
. You are receiving this because you were mentioned.Message ID: @.***>
— Reply to this email directly, view it on GitHub https://github.com/bitcoinjs/coinselect/issues/74#issuecomment-1699566924, or unsubscribe https://github.com/notifications/unsubscribe-auth/A4TDOITPDIMB7REQD7GRRUTXX5ZAPANCNFSM6AAAAAAQ5CV6DE . You are receiving this because you commented.Message ID: @.***>
This is a huge privacy issue.
It's exposing a larger balance than required to the recipient.
Why is it sorting by descending?
Unless it's doing something more advanced to solve that "knapsack' like problem. It should first try to find the smallest single UTXO that is bigger than the sent amount by going up the list (asending) If it didn't find any it should take the largest one and go back from to smallest until it finds one that is larger than what's missing. If not take 1st + 2nd largest and keep adding to it until total it's enough.