Author: Jochen Hoenicke 2020-07-15 15:23:37
Published on: 2020-07-15T15:23:37+00:00
The conversation on the bitcoin-dev mailing list discusses potential risks associated with the use of Lightning Network, specifically regarding HTLCs. One concern is that a person could lose money if their HTLC does not get confirmed in time or if an older HTLC gets confirmed first. The purpose of Lightning Network is to move transactions off the blockchain and reduce pressure onchain to improve settlement speeds and reduce the risk of economic loss due to delay. Conflicting HTLCs cannot be created, but multiple pending HTLCs can exist as long as there are enough funds. The discussion also mentions a recent attack technique called "flood and loot," which involves routing medium-sized HTLC payments from an attacker's node to their own node via a victim node such as Alice's node. When Alice claims her HTLC by presenting the hash, the attacker ignores the claim, forcing Alice to close the channel to prevent the HTLC from timing out. This puts Alice at a disadvantage, and the attacker can claim all the still-pending HTLCs using an RBF transaction. The fee for the on-chain force-close transaction is paid by whoever opened the channel, while the fee for the HTLC resolving transactions is paid by whoever claims the HTLC. In this scenario, it is paid from Alice's money, making her vulnerable to economic loss.
Updated on: 2023-06-03T01:46:33.166400+00:00