RFID authentication protocols are susceptible to different types of relay attacks such as mafia and distance frauds. A countermeasure against these types of attacks are the well-known distance-bounding protocols. These protocols are usually designed to resist to only one of these frauds, though, behave poorly when both are considered. In this paper (i) we extend the analysis of mafia and distance frauds in recently released protocols. (ii) We introduce the concept of distance-bounding protocols based on graphs while previous proposals rely on linear registers or binary trees. (iii) We propose an instance of the graph-based protocol that resists to both mafia and distance frauds without sacrificing memory. To the best of our knowledge, this protocol achieves the best trade-off between these two frauds.