V3 transaction policy for anti-pinning

V3 transaction policy for anti-pinning

Original Postby instagibbs

Posted on: January 2, 2024 20:46 UTC

The discussion centers around the potential vulnerabilities in a system where commitment transactions are broadcasted and how adversaries might exploit these.

A scenario is presented where conflicting views of which commitment transaction has been broadcasted can lead to a situation where the defender cannot effectively use their spend of the remote commit transaction anchor, due to their peers not recognizing the remote commit transaction. This issue raises the concern that the defender's ability to act is severely limited under these conditions.

Furthermore, the conversation touches upon the implications of setting reserve amounts to zero in a simplified example. It highlights a paradox where attempting to send 'all' funds results in a top feerate of zero, despite having total funds that could be recovered in a timeout scenario representing one's entire remaining liquidity. This presents a significant challenge as it suggests a limitation in the system's functionality, potentially to the point of being completely ineffective. The sender may find themselves unable to fully deplete their liquidity down to the reserve levels, indicating a reduction in the operational capability of the system.

Mitigation strategies such as capping the total HTLC (Hashed Time-Locked Contracts) exposure relative to a percentage of available liquidity are mentioned as possible solutions to this problem. However, it acknowledges that while these mitigations could help, they also represent a clear compromise on the system's intended functionality.