lightning-dev

Disclosure of a fee blackmail attack that can make a victim loose almost all funds of a non Wumbo channel and potential fixes

Disclosure of a fee blackmail attack that can make a victim loose almost all funds of a non Wumbo channel and potential fixes

Original Postby David A. Harding

Posted on: June 22, 2020 14:19 UTC

In an email thread discussing the vulnerability of Lightning Network, Dave has explained how an attacker can force a victim to pay for 483 P2WSH outputs or a total of about 20,000 vbytes (plus regular overhead).

With a 5x multiplier, this becomes worse. Dave suggested that lowering the max number of HTLCs in-flight is an easy and effective solution to turn a ~$200 downside into a ~$20 downside. However, Olaoluwa Osuntokun believes that this isn't a solution as it makes it easier to jam a channel. Additionally, anchor commitments allow second-level HTLC aggregation which means several HTLCs with the same expiry height are batched into a single transaction, saving on fees. The attacker doesn't need outbound bandwidth, they just need to route a payment through any of the victim's other channels. If the attacker does that, the victim needs to pay onchain fees to recover any remaining value in those HTLCs, potentially making this attack two or three times more costly for the victim.