bitcoin-dev

OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely

OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely

Original Postby Peter Todd

Posted on: October 21, 2023 10:31 UTC

The email discusses a clever idea that addresses an attack called the replacement cycling attack.

However, it points out that the idea does not prevent this attack. The situation is explained using the example of a person named Carol who can perform the attack. With the proposed solution, the situation transforms into one where there is an unlimited set of Carols who can perform the attack and benefit from it if they are miners. This means that Bob, the recipient of the attack, might not learn about the preimage in time and fail to redeem the received HTLC output.

From Carol's perspective, the situation remains relatively unchanged. They can still successfully spend the offered HTLC output after the redeemed HTLC output times out, or they may fail to do so. Whether the failure occurs because Bob received their refund or someone else spent the offered HTLC output via the anyone-can-spend path is irrelevant to Carol.

The email also highlights that this solution is inferior to another solution called OP_Expire in terms of an important aspect. With OP_Expire, once the HTLC preimage branch has expired, Bob can spend the offered HTLC output at their convenience since they are the only party with the ability to do so (assuming a valid commitment transaction). However, with full-RBF (Replace-By-Fee), anyone can run the code on behalf of miners, except in certain edge cases where the replacement is not possible due to the RBF anti-DoS rules. It is mentioned that people are already using this approach to manipulate signature-less ordinal transactions.

The email ends with a link to Peter Todd's website (https://petertodd.org) and an email address (peter@petertodd.org).