First I wanted to say that I got some good vibes reading the overall proposal, although I am not so deeply informed on the whole MEV research area. And I agree about the burned proposer rewards that Barnabé points out which is interesting.
However, concerning withheld attestations, the attacker is unlikely to be able to profit from withholding attestations in general, so I think this strategy would amount to a loss in expected returns. I attach a page from a paper I am writing on discouragement attacks, showing a griefing factor well below 3 when withholding attestations (consider that it is a draft and I would have wanted to go through it again). There may be some finer game-theoretical nuances to the argument based on how this proposal differs from normal operations, but generally it seems like the attacker can never burn their attestation rewards anyway and turn a profit. They are different than proposer rewards, which can be burned in this proposal since anyone has access to those through the bidding mechanism.
EDIT: Upon speaking with Barnabé he pointed out that if this adversary is certain to become the highest bidder (at a favorable price), then the game mechanics holds, and I agree. It is a probabilistic attack where the adversary must win the bidding on favorable terms in a sufficient proportion of the attempts.
When it comes to attestation inclusion, it could however probably be a good idea to have an even deeper look at adverse consequences of letting an attacker propose in many slots in a row, without necessarily having a large stake. For example, this enables censorship of source votes as part of a discouragement attack (shown in the figure below)
Such an attack boosts the griefing factor from the penalty incurred by the honest validators for a missed source vote. The equation for the griefing factor G is
G = \frac{x+x/2+(1-a-x)x}{ax+(2x-x^2)/7} = \frac{2.5-a-x}{a+(2-x)/7},
where x is the proportion of validators censored and a is the proportion of the stake held by the attacker. Still, this is not too bad, and the incentive to outbid the attacker to stop the censorship exists since such a bidder could pick up extra attestation rewards, but what are the consequences of messing up source votes here?
We also have the potential of increased sync-committee censorship which is already bad if I understand the situation correctly, and something I hope we will fix going forward. I get G = 14 for these given both missed attestation rewards and incurred penalty, attaching a figure below. With this proposal, an attacker can increase the frequency of these attacks (but we will need to fix this anyway if my understanding and assertions are correct).
