Batch exchange withdrawal to lightning requires covenants

The email is a response to a previous answer and discusses the protocol for enabling batched withdrawals in the context of sending funds from an exchange directly to a list of users. The protocol involves using 2-of-2 channel funding outputs, where two lambda users or a lambda user and a LSP are involved. The concern raised is that malicious users could cooperate to re-sign a CPFP (Child Pays For Parent) from the 2-of-2 and then broadcast the batch withdrawal as a higher-feerate package, subsequently evicting out the CPFP. This attack is referred to as a replacement cycling attack.

The sender mentions a test related to non-deployed package acceptance code, with a link provided to a specific commit on GitHub. The sender wants confirmation if their understanding of the protocol and assumptions is correct, and also agrees with the assumption that the exchange does not have an incentive to double-spend its own withdrawal transactions. Additionally, it is noted that if all the batched funding outputs are shared with a LSP (Lightning Service Provider), the likelihood of malicious collusion is reduced.

Overall, the email highlights concerns about potential attacks on batch withdrawal transactions and requests clarification and confirmation regarding the protocol and assumptions involved.