Author: Greg Sanders 2022-12-13 14:47:32
Published on: 2022-12-13T14:47:32+00:00
The post discusses a potential attack vector against eltoo-based Lightning channels, which involves double-spending HTLC (Hash Time-Locked Contract) forwarded by a routing hop. The attacker can delay the confirmation of the final settlement transaction and use pre-signed update transactions to double-spend. While there are network-level games that can be played, adopting an adequate fee-bumping strategy can mitigate this concern. A scorched approach when the HTLC-timeout is approaching could also be adopted, where 100% of the HTLC value should be burnt in update transaction fees. However, there is a concern that opening Lightning channels to miner-harvesting attacks might trigger a hypothetical security risk, but it would still be an improvement.Moreover, the author highlights that if the update transaction is malleable, the attacker can change the economy in a way that is unfavorable to the victims. However, the current eltoo design assumes that APO transactions can only have one input and are not malleable.The author expresses concern about the potential implications of variants playing with mempool descendant limits. They suggest that the issue may lie in the way fee-bumping is implemented by Lightning software rather than directly on eltoo-based constructions. In conclusion, the post provides insight into potential security risks associated with eltoo-based Lightning channels and offers strategies to mitigate the concerns. The author acknowledges that any mistakes or confusions are their own and provides a link to relevant code for further context.
Updated on: 2023-06-03T11:13:48.548824+00:00