Published on: 2020-07-15T15:23:37+00:00
The conversation on the bitcoin-dev mailing list revolves around the potential risks associated with the use of Lightning Network, specifically concerning Hash Time-Locked Contracts (HTLCs). One concern raised is the possibility of losing money if an HTLC fails to get confirmed in time or if an older HTLC gets confirmed first. The Lightning Network aims to alleviate these risks by moving transactions off the blockchain, thereby reducing pressure onchain, improving settlement speeds, and minimizing the risk of economic loss due to delays.Regarding conflicting HTLCs, it is clarified that they cannot be created. However, multiple pending HTLCs can coexist as long as there are sufficient funds available. The discussion also touches upon a recent attack technique known as "flood and loot." This technique involves routing medium-sized HTLC payments from an attacker's node through a victim node, such as Alice's node, ultimately leading back to the attacker's node. When Alice tries to claim her HTLC by presenting the hash, the attacker intentionally ignores the claim, forcing Alice to close the channel to prevent the HTLC from timing out. This puts Alice at a disadvantage, allowing the attacker to claim all the still-pending HTLCs using a Replace-By-Fee (RBF) transaction. Importantly, the fee for the on-chain force-close transaction is paid by the party who opened the channel, while the fee for the HTLC resolving transactions is borne by the party claiming the HTLC. In this scenario, the fees would be deducted from Alice's funds, making her vulnerable to economic loss.The email conversation primarily focuses on the Lightning Network, a system designed to move transactions off the blockchain. The author expresses concerns about potential losses if their HTLCs fail to confirm in time or if there is competition from conflicting HTLCs. Additionally, they inquire about the possibility of denial-of-service attacks impeding the sending of settlement HTLCs. The author mentions a recent attack technique called "flood and loot" but seeks clarification on whether it can be employed in the Lightning Network. Lastly, they ask if channel factories would address their concerns. In response, it is explained that while channel factories could help reduce blockchain bloat by creating multiple channels, there are security costs involved when transacting with potentially untrustworthy entities, and one must be prepared to bear those expenses.The author of the email expresses a lack of full understanding about the Lightning Network and requests to be CC'd in any replies since they are unable to access the mailing list directly.
Updated on: 2023-07-31T22:57:40.757660+00:00