51 sats \ 0 replies \ @abetusk 21 Sep 2021 \ on: A Deep Dive Into Lightning as a Bitcoin Scaling Solution bitcoin
There's an interesting section on "Attack Vectors":
- Griefing
- An attack can do an effective 'denial of service' attack by sending 483 micropayments, the maximum number of in-flight payments currently, to lock funds for up to two weeks
- A solution is proposed to have a maximum per peer in flight HTLCs (called circuitbreaker)
- Eclipse Attack
- A Sybil attack where a bad actor creates a swarm of nodes surrounding ("eclipsing") a node so that the victim now has 'truth' dictated by the attacker, including the ability of the attacker to steal funds
- "lightweight" nodes are especially vulnerable
- The solution is be more vigilant on the node operator side, making sure to have higher connectivity and maybe even implement "watchtowers"?
- Pinning
- The attacker sends a payment to themselves through a victim (A0 -> V -> A1) with A1 intentionally poisoning the transaction so that it must be published on-chain with the timelock but with an unreasonably low transaction fee so as to make the transaction languish and with the option of replacing it with an RBF turned off (RBF are "replace-by-fee" transactions to replace the mempool transaction with a higher transaction fee?).
- While the V->A1 transaction is languishing A0 asks for their money back, leaving the victim on the hook for the V->A1 transaction
- Maybe package relay is a solution, allowing folks to reject payments with low transaction fees on "packages" of payments?
- Flood and Loot
- Flood a victim with payments that all have a timelock set to expire at the same time then, when the victim tries to reclaim the payments, the victims requests will get congested on-chain, allowing the attacker to reclaim their funds after the timelock (grace period?) expires
- Mitigated by closing channels early that look to be part of an attack? Allow for some reputation based scoring? Anchor outputs?
I always get a sense for how a system works based on the "failure cases". To me, a lot of these attacks are essentially by-products of centralization or trust. I don't think scaling is possible without some layer-2 protocol so it's interesting to see how a semi-trust based network is boostrapped off of a decentralized, "trustless" one.