Zero-fee commitments for mobile wallets

The discussion revolves around a specific vulnerability within the Lightning Network, particularly focusing on how a malicious wallet can exploit pre-signed Hashed Time-Locked Contracts (HTLC) transactions. The strategy involves a wallet opening a channel and then waiting for a high mempool feerate before sending its entire balance to another node it controls. After fulfilling the HTLCs, with potentially zero channel reserve due to some wallet providers allowing a zero-reserve policy, the malicious entity broadcasts a revoked commitment transaction where the HTLCs were still pending, along with the HTLC transactions that pay non-zero fees. This maneuver leaves the peer able to publish penalty transactions to claim the outputs of those HTLC transactions but unable to recover the transaction fees, which are instead awarded to miners. This scenario effectively shifts the burden of on-chain fees from the user to the wallet peer, contrary to the expected norm.

Despite this vulnerability, several mitigating factors diminish the risk to wallet peers. These include the initial fees earned from channel creation, routing fees from outgoing HTLCs, and the ability to decide on and cap the feerate to a certain percentage of the HTLC amount. Additionally, splice transactions prevent the publication of revoked commitments that occurred prior to the splice, and risky scenarios leading to such exploitation can be identified in advance, allowing for the failure of HTLCs instead of their relay. Moreover, wallet peers have the opportunity to limit their exposure to this risk until they have accumulated sufficient fees from the user through routing or liquidity purchases.

The conclusion drawn is that despite the potential for abuse by malicious actors through the exploitation of revoked commitments and the associated shifting of fee liabilities, the overall risk is considered manageable and worth taking for wallet providers. This stance is underpinned by the assumption that honest user behavior will prevail, thereby ensuring that the benefits of providing efficient and trustworthy lightning network services outweigh the risks involved.