delvingbitcoin

Disclosure: irrevocable fees---stealing from LN using revoked commitment transactions

Disclosure: irrevocable fees---stealing from LN using revoked commitment transactions

Original Postby ariard

Posted on: December 12, 2024 06:42 UTC

The discussion revolves around the introduction and implications of an upper limit on accepted feerate in the Lightning Development Kit (LDK), highlighting specific versions where these limits were applicable.

The initial implementation was aimed at mitigating vulnerabilities related to "irrevocable fees" by introducing a cap on the feerate from a channel counterparty. This strategy was part of broader efforts in 2021 to address issues arising from excessive trimmed HTLCs and dust HTLC exposure, facilitating easier calculation of the msat denominated worst-case scenarios for dust HTLCs exposure through various considered scenarios. Notably, this feature was embedded into the system following a commit, marking a significant development in LDK's approach to enhancing security and operational efficiency.

Furthermore, the conversation extends to the Validating Lightning Signer (VLS) and its role in reinforcing security against fee-related vulnerabilities. Since its pre-production release and notably as of a certain commit, VLS incorporated a validate_fee() function, which scrutinizes the counterparty’s proposed feerate against a predefined maximum feerate per kiloweight unit (max_feerate_per_kw). This mechanism was specifically designed to thwart "miner-fee-siphoning attacks," a type of vulnerability discussed within the context of VLS since early 2023. The set value for max_feerate_per_kw typically stands at 100 satoshi per virtual byte, albeit with provisions for adjustment by operators to suit their operational requirements. This aspect underscores the proactive measures taken by developers to safeguard transactions against evolving threats by implementing configurable limits that adapt to the network's dynamics.