At Coinbase Custody we recognize this obstacle and continuously innovate to give our customers an edge when they need it the most. One obvious solution is to calculate transaction fees immediately before broadcasting it to the Bitcoin network — knowing the current network conditions enables us to predict an optimal fee. Unfortunately, Cold Storage security requirements make it difficult to estimate the fee right before the broadcast.
The Cold Storage security model requires that complete transaction payload (including amounts and destinations) is fully known beforehand, guarding against any changes to the payload after the key restore procedure is initiated. On the flip side, since the transaction fee is encoded in the payload, it means that the fee must be calculated long before the transaction is broadcast. If during that time gap the network suddenly becomes congested, the calculated fee may become inadequate for the transaction to be confirmed in a timely manner.
One interesting property of Bitcoin’s UTXO model is that transactions can be chained together creating a “bundle” that miners evaluate as a whole with respect to the fees. For example, if one (child) transaction spends an output of another (parent) transaction, the child transaction can pay fees for both — miners have no choice but to include the parent transaction if they want to collect the excess fees from the child transaction. This approach is commonly known as Child-Pays-For-Parent (CPFP).
The Coinbase Consumer platform has been successfully using CPFP to accelerate withdrawals for quite some time and you can learn more about it in the blog post. However, Custody’s unique challenges forced us to rethink the approach and come up with a different design.
In Custody we use CPFP to shift the fee estimation to immediately before the broadcast. In addition, we use a special Gas Station service to cover the transaction fees. Here’s how it works step-by-step:
- When a withdrawal from a cold address is initiated we do an initial fee estimate and use the Gas Station service to send 10x estimated fees to that address.
- When constructing the withdrawal (parent) transaction in addition to the destination and change outputs we add an output that moves the pre-gassed amount (10x the fees) to a special “fee” address (this address is generated for each withdrawal and is used only once). Let’s call this output a “CPFP link”.
- Once the main transaction is signed at the end of the key restore ceremony and right before the broadcast, the fees get re-estimated again based on the current network conditions.
- The fee address generates a child transaction spending the CPFP-link output, paying the fees for both transactions and sending the remainder of the pre-gassed amount back to the Gas Station.
Let’s work through an example to better understand the mechanics of the solution. Note that some minor details are omitted for simplicity. Let’s say we have a customer who has a balance of 15 BTC and they would like to withdraw 12 BTC from their Custody account into an external Bitcoin address. Here are the steps that will happen (note that ‘satoshi’ or ‘sat’ is the smallest unit in Bitcoin and equals to 0.00000001 BTC):
- Custody estimates the fee to complete this transaction to be 10,000 sat.
- Gas Station sends 10x that amount or 100,000 sat to the cold address (the address which holds the funds to be withdrawn).
- Custody generates the withdrawal transaction with two main outputs: 12 BTC goes to the destination address, 3 BTC “change” is returned to Cold Storage.
- We add a third “CPFP-link” output that moves the 100,000 sat to a newly generated fee address — this amount will later be used to pay the fee.
- The “key restore” ceremony commences. The result of it is a signed transaction payload ready to be broadcasted to the network.
- Right before the broadcast we estimate the fee again. As it turns out, the network suddenly became congested and now the fees are 2x what we initially estimated — 20,000 sat instead of the original 10,000 sat.
- We create a child transaction that spends the “CPFP link” output, pays 20,000 sat fee and moves the remaining 80,000 sat back to the Gas Station.
- We broadcast both transactions to the network.
Note that the destination address receives the clean 12 BTC amount. From the user perspective neither fees nor child transaction exist s— they are abstracted away and work behind the scenes to enable reliable zero-fee Bitcoin withdrawals.
This is just one example of interesting technical problems that Coinbase Custody engineers have an opportunity to work on. If you’re interested in joining the Coinbase Custody team, check out open roles here.