Analysis of Replacement Cycling Attacks Risks on L2s (beyond LN)

Analysis of Replacement Cycling Attacks Risks on L2s (beyond LN)

Original Postby Antoine Riard

Posted on: May 24, 2024 23:54 UTC

Antoine's email sheds light on the complexities and potential vulnerabilities within the CoinSwap protocol, specifically through an example of a routed multi-transaction CoinSwap topology involving participants Caroll, Alice, and Bob.

He details how Bob, after initiating a contract transaction and ensuring its confirmation, could exploit the system by initiating a replacement cycling attack. This type of attack involves creating a child transaction that spends from the preimage path—accessible only with Bob's private key—and then continuously replacing this transaction with another that conflicts with a UTXO not related to the coinswap. The discussion highlights a significant flaw where, upon the expiration of the relative timelock between Caroll and Alice (C-A link), Caroll can reclaim the swapped UTXO using the timeout path.

The email further critiques the CoinSwap protocol, drawing parallels to the risks found in the Lightning Network, notably the loss of funds and denial-of-service (DoS) attacks. While acknowledging these critical issues, Antoine suggests possible mitigation strategies to counteract such vulnerabilities. He proposes scaling up timelocks or enhancing local mempool monitoring for preimage as practical, albeit imperfect, solutions to strengthen the protocol against these exploitations. Through this analysis, Antoine underscores the necessity for continuous scrutiny and adaptation of cryptocurrency protocols like CoinSwap to safeguard against sophisticated attacks and ensure their robustness and reliability in real-world applications.