Author: Rusty Russell 2018-06-22 00:32:01
Published on: 2018-06-22T00:32:01+00:00
In a post to the lightning-dev mailing list, David A. Harding shared his thoughts on several potential denial-of-service (DoS) attacks against Lightning Network settlements with regards to issues with relative locktime and SIGHASH_NOINPUT. The first attack vector he describes involves an adversarial party stalling a cooperative close by broadcasting a trigger transaction and the first state of a channel with large vsize transactions at a low feerate, which would force the other party to wait for confirmation of all previous states before being able to confirm the final state. The second attack vector involves introducing significant settlement delays in order to compromise Hashed Time-Locked Contract (HTLC) security. In this scenario, an attacker can place a refund branch in a dishonest final state and bury it in an ancestor transaction chain that would be too costly for the victim to replace-by-fee (RBF).
Updated on: 2023-05-24T23:54:10.166473+00:00