In a video from 2018, Peter Rizun shares some of his work on the success probability of a double spend, which seems to lie between 10-20%, depending on the setup.
I think this is very concerning and needs to be addressed, especially since the cost of executing these attacks are all very close to 0.
If someone develops a wallet that just always attempts to double-spend coins and that one becomes popular, it would completely break 0-conf and might damage BCH substantially.
And Peter Rizun‘s different attack scenarios could be improved by combining them into one attack. Consider the following setup:
Before the attack, figure out beforehand which nodes are miners & payment providers by repeatedly sending each node in the network a unique tx (conflicting with all other transactions) and measure which confirm/which the payment processors receive. Also figure out if there are any differences in acceptance policies (fee level, standardness, ...)
Then, at the merchant:
Propagate a non-standard reverse transaction to the miners first.
Send all the nodes that you previously found to be from a payment provider a valid but low fee (1sat/B) transaction paying the merchant, and make that transaction very slow (large, max sigchecks, lots of NUM2BIN + HASH256).
Immediately broadcast a high fee (100sat/B) transaction to the miner nodes, reversing the payment.
I think this could push the success probability of a double-spend attempt quite high, and would be possible today.
This definitely needs to be addressed.