Author: Rusty Russell 2016-05-02 05:07:22
Published on: 2016-05-02T05:07:22+00:00
Rusty, a developer, plans to modify the HTLC (Hash Time Lock Contract) scripts for the first time in a while. He intends to prepend "OP_SIZE 32 OP_EQUALVERIFY" to the scripts, which will mean that timing out an HTLC requires a 32-byte value. This change will define the length of a scriptsig that redeems a transaction, which was previously ill-defined. The wire protocol mandates a 32-byte R preimage to redeem an HTLC, but there was no such on-chain restriction. Due to this limitation, an attacker could create an HTLC that requires a different-sized preimage to redeem, then drop the commit tx to the blockchain and redeem it. Moreover, Rusty plans to drop the per-side HTLC limit from 1500 to 450 in BOLT #2. This means that a single "steal" transaction that spends all the inputs is still under 400k cost, simplifying the protocol. If the limit remained at 1500, stealing the inputs would have cost more than 1 MB, and the resulting transaction would be non-standard, meaning it may not propagate.
Updated on: 2023-05-23T23:39:37.902657+00:00