Author: Antoine Riard 2020-06-29 00:13:03
Published on: 2020-06-29T00:13:03+00:00
The Lightning Network (LN) relies on the security model of participants being able to confirm transactions unilaterally. This makes it their responsibility to enforce their balance and protect against double-spends. The propagation and confirmation of LN transactions are critical for safety. However, network mempools are not guaranteed to be convergent. The tx-relay topology can be exploited to partition network mempools and inter-layer mapping can be used to announce revoked commitment transactions and isolate honest parties.To address issues with low-fee HTLC-preimage pinning, the Anchor Output proposal aims to allow parties to unilaterally bump feerates of their HTLC-timeout transactions. Package Relay support could help address scenarios where revoked or conflicting commitments are pinned in mempools. To improve the efficiency of network mempools, RBF opt-in rules can be amended to enable mempool-convergence based on feerate. This creates an honest bid market for contracting applications.However, currently deployed Lightning Network (LN) peers are not secure against certain motivated attackers who have knowledge of both layers. Heavy and long-term work is required at the base layer to ensure scenario 3 security. Antoine suggests implementing an anchor proposal for mempool-congestion safety, working on package relay to solve commitment-level pinning, studying the best base layer mechanism for feerate package discovery, and increasing delta and deadline timelocks in the meantime.Antoine also references t-bast's piece on LN transactions and a new attack against LN payment atomicity. While these scenarios do have a setup cost involving channel opening onchain fees and rebalancing, it is orders of magnitude lower if you can steal from meaningful channels.
Updated on: 2023-06-14T02:47:55.723120+00:00