lightning-dev

OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely

OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely

Original Postby Matt Morehouse

Posted on: November 2, 2023 17:07 UTC

The email discusses a scenario involving a cycling attack on the commitment transaction in a world with package relay.

The concept of package relay is that commitment transaction fees will be zero and fees will always be paid via Child Pays for Parent (CPFP) on the anchor output.

In this scenario, there are three parties involved: Mallory1, Alice, and Mallory2. Mallory2 claims an HTLC (Hashed Time Lock Contract) from Alice off-chain using the preimage. Alice then attempts to claim the corresponding HTLC from Mallory1, but Mallory1 refuses to cooperate.

To retaliate, Alice publishes her commitment transaction along with a CPFP on the anchor output. However, Mallory1 publishes her competing commitment transaction with a higher CPFP fee on the anchor output, effectively replacing Alice's transaction in the mempool.

Furthermore, Mallory1 initiates a replacement cycle on the anchor output child transaction, causing her commitment transaction to lose its CPFP status. As a result, the package feerate drops to zero, which falls below the minimum relay fee. Consequently, Mallory1's commitment transaction is also evicted from the mempool.

Mallory1 continues this process each time Alice broadcasts her commitment, until the HTLC timeout expires. At this point, the path for the preimage becomes unspendable, allowing Mallory1 to claim the HTLC via timeout at her convenience.

This scenario highlights the vulnerability of commitment transactions to cycling attacks, specifically in the context of package relay and the use of CPFP. It demonstrates how a malicious actor can manipulate transaction fees and disrupt the transaction process, ultimately gaining an advantage in claiming the HTLC.