Let me ask again.
Does anyone know the average number of unconfirmed TX's that exist in mempool at any given time, the average size in MB (i know <1) and what % of them get cleared into a block every 10 minutes or so?
https://blockchain.info/en/unconfirmed-transactions2MB, not much. thus, it appears an attacker would have to construct and broadcast all his own fake or withheld tx's to try and perform this bloated block attack which, imo, is way too expensive and risky even though he would be paying himself his own tx fees.
Well to be fair, the reason why we don't see this attack is because with the 1MB limit it is not possible to pull off. If BTCGuild started to do this, they could only take 3% of the blocks to 1MB, which is immaterial.
I think it would
technically be very easy for a pool/miner to add a huge number of transactions into a block. For every address they have with 1BTC, they could create 10,000 transactions with 0.0001 fee each (which they receive back in the coinbase transaction) by simply creating a chain of transactions in rapid succession. With 100BTC, they cloud create 1M transactions at zero cost because they would only include the transactions in their own block and recover the fees.
In the real world though, a pool could only do this a few times before miners would abandon them en mass, destroying the pool's business in the process. So it seems unlikely
At large solo miner with maybe 0.1% or 0.3% of the hash rate could start to inject very large 1GB blocks every 200 or 400 blocks or so, but in that case I could very easily see the rest of the pools agreeing to ignore those massive blocks. And even if they didn't coordinate to ignore them, the large blocks would propagate so slowly they might not be included anyway. (The attack requires transmitting a full block since Gavin's IBLT wouldn't help here).
Another way to address the issue of one or two rouge pools making large blocks, is to set a floating blocksize cap that resets with each difficulty adjustment and is based on an average of the last x number of blocks plus some overhead. Now to implement the attack an attacker would need to create false transactions that everyone mines on to bring up the average, but this would become too expensive since the fees would be lost to other miners.
