Published on: 2016-11-14T04:08:27+00:00
In a mailing list discussion, David A. Harding and CJP were discussing a potential denial-of-service (DoS) attack on the Lightning Network. The attack involves an attacker sending large transactions to themselves over a long route and letting them time out, which locks up funds and causes significant loss to innocent nodes. To mitigate this vulnerability, one proposed solution is to require nodes to either commit or roll back transactions within a short amount of time (e.g., 30 seconds), or provide proof that another channel was closed.However, this proposal has drawbacks. It limits the freedom in channel design, as it requires a design space that can be understood by all nodes in the network. This interferes with the vision of a heterogeneous network where different nodes may have varying capabilities or protocols. Despite this limitation, David argues that the proposal does not necessarily require a homogeneous network. Only direct peers need to receive commit, roll-back, or channel close proofs. For example, if Zed routes through Alice who routes through Bob, Zed only needs to understand Alice's proofs, which could be for a different network or protocol than what Bob is using.Several examples were given during the discussion to highlight the difficulties and limitations introduced by this proposal. One such example is transparent routing between side chains, where nodes that are unaware of a particular side chain cannot verify a channel close on that side chain. Another example is trust-free decentralized exchange between different blockchains, which also faces challenges under this proposal. However, individual negotiation between peers about supported blockchains allows for heterogeneity among client implementations.Regarding channel design upgrades, peers can declare the protocol designs or versions they support. Peers only need to match the version among their direct peers, not along the entire route. This constraint would apply to any upgrades if compatible hashlock mechanisms are used.The proposed solution of requiring fast commit or roll-back within a short time frame, or proof of channel closure, was presented during a meeting in Milan. An alternative solution was suggested where the payer of the transaction pays transaction fees at the beginning to compensate intermediate nodes for potential damage caused by a DoS attack. There are two variations of this solution: one with a constant in-advance fee and another depending on the time it takes for the transaction to roll back. However, these fees cannot fully compensate intermediate nodes and do not significantly impact attackers. Additionally, there is an upper limit to the total fee, making this solution scale poorly with longer routes.In conclusion, currently, there is no alternative solution to address the vulnerability of the DoS mode on the Lightning Network. Peer relationships may need to become somewhat trusted to avoid exposing each other to long-duration transactions. The spreadsheet used to evaluate incentives for the proposed solution may be useful for further exploration and analysis of potential solutions.
Updated on: 2023-07-31T19:14:42.333306+00:00