Author: René Pickhardt 2023-01-01 11:29:35
Published on: 2023-01-01T11:29:35+00:00
Dear fellow Lightning Network Developers, A potential attack on the Lightning Network protocol has been identified and explained in a recent post. The attack involves combining `negative fees` and `upfront fees`, which could result in a potentially lucrative attack for the attacker. In this scenario, Malory, the attacker, sets the routing fees of her channel(s) sufficiently negative, making her the cheapest route for all possible payment pairs on the network. Malory accepts any incoming HTLC but fails to forward the payment shortly after it is locked in, effectively creating a DoS attack on her own node while redirecting the entire traffic of the network through her node. Malory can collect the tiny unconditional upfront fees, depending on the size of the network, the base load of payments per second, and if she has enough channel partners or collaborates with them. The post suggests that progressing with either negative fees or upfront fees will stop this particular problem from happening. However, forcing channels with negative fees to set the upfront fee negative will not work as it hands out free money to the channel partner. Allowing `channel_updates` only to be relayed from connections that maintain a channel so that Mallory cannot quickly inform the entire network about being the most central node by connecting to everyone may help in combination with rate limiting of payments and reputation ideas. The author also discusses natural congestion resulting from the selfish behavior of both sending and routing nodes, which will be a huge challenge for the network. This is amplified by uncertainty, such as liquidity, creating an upper boundary of how many payments per second the participants of the network will be able to conduct. The weighted betweenness centrality of the most central node and the routing throughput that this node can handle determines this boundary. The author concludes by stating that allowing negative fees tends to increase centralization effects and thus the price of anarchy and natural congestion. Yet, he cannot quantify this at this time and does not know if this fundamentally speaks against negative fees. However, in combination with upfront fees, there seems to be an economic incentive to abuse both together. The post ends by thanking Christian Decker for spotting an error in an edge case when he initially presented him with a similar argument for review.
Updated on: 2023-06-01T19:12:05.056521+00:00