A withdrawal limit is exactly what it sounds like, a limit set on addresses dictating the maximum number of coins which can be withdrawn from an address in a certain amount of time. The main downside is that a few extra fields need to be added to the account structure to enable the withdrawal limit system.
The limit would be self-set by account owners using a special transaction and the default value for new accounts would be unlimited. The purpose of such a system is to help prevent double spending, so that merchants can have more faith in transactions with zero or a small number of confirmations.
How it works
A brief outline of how withdrawal limits work:
- Send the network a special transaction to modify the withdrawal limit of your account. Limit is specified as number of coins per block, and is saved into queue field. Such change will take effect in eg. 100 blocks and after that time the queued value overwrites the actual withdrawal limit value.
- Network accepts the special transaction and after 100 blocks it will reject any transaction that would cause newly specified limit to be exceeded.
A merchant can ensure he will receive funds by:
- Checking that there is no queued withdrawal limit change on sending account.
- Check that sending account balance is high enough so it can't be emptied too fast.
- Ensure transaction is not low priority and has propagated enough in network.
Why it works
Double spending is possible because you can send one transaction to a merchant while simultaneously sending another one to miners which moves all your coins to another address. But with withdrawal limits you cannot send all your coins at once and this can help secure merchant transactions.
Suppose you have 100 coins in your account with a withdrawal limit of 1 coin per block. To send a secure 0-confirmation transaction of 1 coin you sign a transaction to send 1 coin to the merchant and it's considered valid if included in one of next 10 blocks (or whatever amount is deemed secure).
If an attacker tries to double spend his coins in an alternative blockchain he would only be able to move 1 coin from his account per block, so even if his network branch is accepted as the longest, the merchant transaction will still be valid and included in a later block. To successfully make a double spend the attacker would need to exclude the merchants transaction from the next 10 blocks.
However, if the double-spender issues a very large number of transactions, there's a chance that the legitimate transaction could get excluded from all 10 blocks. There are ways this could potentially be solved, but with the right rules in place there's very little chance an attacker could actually keep a transaction out of the blockchain so long due to the way transactions are prioritized based on age.
However it is important to keep in mind that this withdrawal limit system is not perfect and should not be trusted absolutely by merchants. Cryptonite uses this simple type of withdrawal limit system, so while it is much safer to accept 0-confirmation transactions in Cryptonite, it's not totally secure and it may be possible to double spend given enough effort on the part of the attacker.