Protocol – How possible is a double spend attack?

Each information source covering this issue states that this type of fraud is at best basically impossible and, at worst, highly improbable. From my (very limited) understanding, the success of this attack really depends on timing and luck, not requiring 51% control of the hashing compute. Here’s the scenario I’ve been thinking about:
Initial states and assumptions:
- All nodes are at block height đť‘›
- Fork does not exist. All nodes are in consensus
- Each new block takes 10 minutes to check the overall normal distribution.
- In the case below, the ‘fraud block’ contains a transaction signed by a malicious actor to himself or a colluding partner in order to consume unspent inputs, preventing the ‘real’ transaction from verifying the ‘real’ recipient. Yes – advise the ‘real’ recipient to wait until enough block confirmations have occurred, making the attack pointless. But let’s say someone scams you into handing over goods/services/digital assets based on a ‘real’ transaction being submitted. On hold. I want to focus more on how technology explains the possibility of problems rather than human intuition and intervention.
Fraudulent block submission:
- The attacker successfully mines the fraudulent block đť‘›+1 and propagates it through the network. This block contains a double-spend attack transaction, leaving the ‘real’ transaction in the mempool where it is rejected because it is considered a spent transaction and excluded from the new block.
- Within a minute or two, most networks will receive and verify this block.
- The node recognizes đť‘›+1 as the longest chain and switches to mining on it.
Mined block đť‘›+2:
- Assume that after đť‘›+1 is approved, the next block đť‘›+2 takes a full (normally distributed) 10 minutes to mine.
- Given that propagation times are typically less than 2 minutes, within the first 5 minutes, almost all nodes would have received block đť‘›+1, verified it, and started working on it.
Given these conditions, here’s how the scenario unfolds:
Propagation of block đť‘›+1:
- Once block đť‘›+1 is propagated throughout the network and verified, all honest nodes switch to the chain ending with đť‘›+1.
Mined block đť‘›+2:
- When all nodes work on the new longest chain, block đť‘›+2 is mined on top of đť‘›+1.
- The network reaches a consensus that block đť‘›+1 is part of the main chain, so all new blocks (including đť‘›+2) are built on top of đť‘›+1.
In this scenario, assuming that the fraudulent block đť‘›+1 propagates and is accepted as the longest chain by most networks, all subsequent blocks (e.g. đť‘›+2) are actually built on this chain. to sum up:
- Propagation and Verification: Block đť‘›+1 is propagated and verified quickly (within 2 minutes), causing all nodes to switch to this chain.
- Network consensus: From a 10-minute block interval to 5 minutes, all nodes will mine on the đť‘›+1 chain, which is approved as the longest chain.
- Subsequent blocks: The next block đť‘›+2 is likely to be mined above đť‘›+1 because the entire network considers đť‘›+1 to be part of the longest chain.
So, assuming the above case is true, it seems like a double spend attack is quite possible, at least under the right conditions. So what are the other safeguards?
- Prevent this from happening
- Released if there are multiple block confirmations afterward