Author: Antoine Riard 2022-12-14 01:41:47
Published on: 2022-12-14T01:41:47+00:00
The email discusses a potential attack on the two-party eltoo construction in the Lightning Network. The attack is known as "update overflow," and it involves an attacker creating a long chain of update transactions while punishing previous updates with delayed confirmation transactions. The purpose of the attack is to delay the confirmation of the final settlement transaction and double-spend an HTLC forwarded by a routing hop. The author suggests that the attack could be economically opportunistic if the fees saved by the attacker outweigh the value of stolen HTLCs.A mitigation strategy proposed is for a fee-bumping strategy to adopt a scorched approach when the HTLC-timeout is approaching, and there is a corresponding incoming HTLC. The idea is to burn all incoming HTLC values in update transaction fees near expiration, but the author acknowledges that this may not fully prevent the attack. The discussion also covers the possibility of an attacker aggregating update transactions across Lightning channels, changing the economy there in a way unfavorable to the victims. It is suggested that by policy, APO (V3?) transactions can only have one input, and each transaction is only allowed a single ephemeral anchor, which is attached but not committed to by the SIGHASH_SINGLE|APOAS signature. This results in a 1-input-2-output transaction that isn't malleable. Additionally, the author notes that the attack may be exacerbated by implementations of fee-bumping strategies and the possibility of miner-harvesting attacks. Finally, the author acknowledges that mistakes and confusions are their own and invites discussion on the topic.
Updated on: 2023-06-03T11:16:11.622848+00:00