> If the burn sats went directly to the miner within the same block, i.e. they were burned by giving them away as miner fees, then there is an attack that any miner - large or small - can easily do Oh yes, of course. It can't be the *same* block. I guess my initial reply made it sound like it could. > If a mining pool has 40% of hashrate, they can announce a service where you give them 10 sats and they will "fake burn" 15 sats. They'll get 6 of those sats back Right, that’s the case I was trying to think through. Is the problem here mainly that the signal is inflated, rather than that the miner is strictly better off vs normal mining? For example, with 40% hashrate: +10 sats from user -15 sats for the burn 0.4 * 15 = +6 sats recovered -> +1 sat profit So the user gets a 15-sat proof while only paying 10 sats and the miner still profits overall. But if the user had instead done a normal 10 sat burn through some other notary, that same 40% miner would expect: 0.4 * 10 = +4 sats profit So the miner seems worse off doing the "fake burn" service than just passively mining. I definitely might be missing something here 😅 just trying to understand the attack. > That's why a few of us have advocated from the start that it should be sent decades into the future, using CLTV Yeah I definitely think that sending them decades into the future would be a really cool/interesting way to help with the security budget! Though Iirc Thomas mentioned some reason why he didn't opt for CLTV over CSV, I'll have to look into that again.

Well, a proof-of-burn goes to the miners, at least that's what proposes in his paper. So it's not permanent destruction of sats. But it's still a much stronger signal than a regular zap, because no one miner is guaranteed to mine the next block.