Skip to content

Commit

Permalink
Require to claim revoked local output in its own penalty tx post-anchor
Browse files Browse the repository at this point in the history 
If `option_anchor_outputs` applies, the cheating node can pin spends of its
HTLC-timeout/HTLC-success outputs thanks to SIGHASH_SINGLE malleability.
Using a single penalty transaction for all revoked outputs is thus unsafe as it
could be blocked to propagate long enough for the `_local node's main output_ 's
relative timelock to expire and the cheating party escaping the penalty on this
output.
  • Loading branch information
Antoine Riard committed Oct 8, 2020
1 parent 7e8c478 commit f079142
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions 05-onchain.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -513,7 +513,10 @@ A local node:
using the revocation private key.
- SHOULD extract the payment preimage from the transaction input witness, if
it's not already known.
- MAY use a single transaction to *resolve* all the outputs.
- if `option_anchor_outputs` applies:
- MUST *resolve* the _local node's main output_ in its own penalty transaction
- otherwise:
- MAY use a single transaction to *resolve* all the outputs.
- MUST handle its transactions being invalidated by HTLC transactions.

## Rationale
Expand All @@ -522,10 +525,12 @@ A single transaction that resolves all the outputs will be under the
standard size limit because of the 483 HTLC-per-party limit (see
[BOLT #2](02-peer-protocol.md#the-open_channel-message)).

Note: if a single transaction is used, it may be invalidated if the remote node
refuses to broadcast the HTLC-timeout and HTLC-success transactions in a timely
manner. Although, the requirement of persistence until all outputs are
irrevocably resolved, should still protect against this happening. [ FIXME: May have to divide and conquer here, since the remote node may be able to delay the local node long enough to avoid a successful penalty spend? ]
Note: if `option_anchor_outputs` applies, the cheating node can pin spends of its
HTLC-timeout/HTLC-success outputs thanks to SIGHASH_SINGLE malleability.
Using a single penalty transaction for all revoked outputs is thus unsafe as it
could be blocked to propagate long enough for the `_local node's main output_ 's
relative timelock to expire and the cheating party escaping the penalty on this
output.

## Penalty Transactions Weight Calculation

Expand Down

0 comments on commit f079142

Please sign in to comment.