lightning-dev

Disclosure of a fee blackmail attack that can make a victim loose almost all funds of a non Wumbo channel and potential fixes

Disclosure of a fee blackmail attack that can make a victim loose almost all funds of a non Wumbo channel and potential fixes

Original Postby Jeremy

Posted on: June 21, 2020 22:17 UTC

A vulnerability in Lightning Protocol has been disclosed that can result in a hostage situation where funds are locked down due to unbounded commitment transaction size inflation and reliance on the update_fee mechanism.

The current solution is to not use up the max value of HTLC's. However, this won't protect against different flavors of pinning. A PR by @TheBlueMatt to bitcoin core could provide a better fix that ensures low fees and requires the person claiming their outputs to pay fees.It is suggested that dust_limit should be dynamic based on HTLC economic value, feerate of its output, feerate of HTLC-transaction, feerate estimation of any CPFP to bump it. In the future, all HTLCs may be encoded in some Taproot tree.On the Lightning-dev mailing list, the conversation revolves around the implementation of fee futures in BOLTs. ZmnSCPxj had previously written about the potential benefits of fee futures but was unable to locate the discussion. Harding provides a link to the Bitcoin-dev mailing list where ZmnSCPxj's post can be found. Antoine agrees that fee futures would be helpful and provides a link to a GitHub pull request related to the issue. The group acknowledges the lack of implementation for fee futures in BOLTs despite their presence in other systems.