Nice find!
How do we avoid the risk for BCH? The maximum rate of change is chosen such to stay under original BIP-101 (What if too fast?) which is a good estimate for Bitcoin-tech growth of deployable capacity. Another blockchain like Zcash would need their own variant of BIP-101 with lower base and maybe lower rate.
Fees are the 1st line of defense against irrational use of the network, and I think Zcash / Pirate Chain simply had it too low. On BCH, one can not just run a “Free And Unscheduled Scalability Audit” (FAUSA)" as they did on Pirate Chain, because 1 satoshi / byte is not free. It is cheap for regular use, but it is not free, meaning introducing an artificial TX load at scale will still cost any single actor too much.
I’ll add some good numbers specific to BCH, which Jonathan Toomim laid out here. For those going to the original comment, his remarks about the algo are referring to an older iteration with 4x/yr rate limit at the extreme, which was deemed too fast, as it could more easily intercept the original BIP-101 curve.
The BCH network currently has enough performance to handle around 100 to 200 MB per block. That’s around 500 tps, which is enough to handle all of the cash/retail transactions of a smallish country like Venezuela or Argentina, or to handle the transaction volume of (e.g.) an on-chain tipping/payment service built into a medium-large website like Twitch or OnlyFans.
If you mine a 256 MB block with transactions that are not in mempool, the block propagation delay is about 10x higher than if you mine only transactions that are already in mempool. This would likely result in block propagation delays on the order of 200 seconds, not merely 20 seconds. At that kind of delay, Gorilla would see an orphan rate on the order of 20-30%. This would cost them about $500 per block in expected losses to spam the network in this way, or $72k/day. For comparison, if you choose to mine BCH with 110% of BCH’s current hashrate in order to scare everyone else away, you’ll eventually be spending $282k/day while earning $256k/day for a net cost of only $25k/day. It’s literally cheaper to do a 51% attack on BCH than to do your Gorilla spam attack.
If you mine 256 MB blocks using transactions that are in mempool, then either those transactions are real (i.e. generated by third parties) and deserve to be mined, or are your spam and can be sniped by other miners. At 1 sat/byte, generating that spam would cost 2.56 BCH/block or $105k/day. That’s also more expensive than a literal 51% attack.
Currently, a Raspberry Pi can keep up with 256 MB blocks as a full node, so it’s only fully indexing nodes like block explorers and light wallet servers that would ever need to be upgraded. I daresay there are probably a couple hundred of those nodes. If these attacks were sustained for several days or weeks, then it would likely become necessary for those upgrades to happen. Each one might need to spend $500 to beef up the hardware. At that point, the attacker would almost certainly have spent more money performing the attack than spent by the nodes in withstanding the attack.
