lightning-dev
OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely
Posted on: November 7, 2023 15:44 UTC
The email from Antoine highlights a technical issue with commitment transactions in the context of Bitcoin transaction fees and mempool policies.
Antoine points out that commitment transactions are single-input transactions requiring a signature only from the attacker, which raises concerns about security. He explains the process of replacement cycling and notes that it occurs on the commitment transaction spend, not on the subsequent stage. The explanation goes on to describe how Bob can manipulate the Child-Pays-For-Parent (CPFP) output by replacing the child transaction to make the package feerate effectively zero satoshis per virtual byte (sat/vb), causing the commitment transaction to be potentially removed from the mempool.
Antoine references a specific scenario tested in a new, yet-to-be-deployed mempool policy branch 'nversion=3' on GitHub, providing a link to the commits for further inspection at https://github.com/ariard/bitcoin/commits/2023-10-test-mempool-2. This example illustrates a potential risk where commitment transactions might fail to propagate due to dynamic mempool minimum fees being higher than the pre-signed commitment transaction fee, which he deems unsafe.
Additionally, Antoine expresses his concern that attackers could currently exploit this behavior and that such exploitation could compromise the dynamic fee-bumping mechanism designed for pre-signed transactions in the future. The concept of "replacement cycling attacks" is identified as particularly worrisome since it could disrupt the intended functioning of transaction fee adjustments.