21 sats \ 5 replies \ @Dash_1971 OP 14 Nov 2023 \ parent \ on: Mutiny Wallet forced closed, on-chain balance zero bitcoin
I accept FCs being "issues", but a bug that causes loss of funds to me is a more serious matter as Mutiny calls itself self custodial. But if the LSP is able to sweep your funds then it clearly is not actually self custodial. So unless I'm missing something Mutiny seems to be misrepresenting itself. However, if this issue is not just Mutiny but other wallets like Phoenix too that would be a major concern as I have more sats in Phoenix and am also under the assumption it's "self custodial". But if this is an illusion I will need to rethink my threat model.
But if the LSP is able to sweep your funds then it clearly is not actually self custodial.
The reason the LSP was able to sweep funds was because what is essentially a bug in Mutiny lead to an invalid, revoked, transaction being signed and published by the Mutiny wallet. This can also be an attempt at fraud, intended to steal money from the LSP. So the Lightning protocol deals with this by allowing the LSP to sweep all the funds, discouraging attempts at fraud.
Harsh. But still self-custodial.
The solution here is to use better wallets that don't have bugs like this. IIUC Mutiny is particularly vulnerable due to bugs in the underlying web browser storage implementation, which can lead to state information not being recorded/modified correctly.
reply
But if the LSP is able to sweep your funds then it clearly is not actually self custodial.
This is how all lightning works, and is not specific to Mutiny, LDK, or any other lightning node software. If you run two copies of your lightning node, one is behind, and that one that is behind force-closes, you will lose your funds. Sadly iOS-PWA has a bug which has been causing that for Mutiny, but they've been working with their LSP to send users their funds back in that case.
reply
Not sure if this is an issue specifically for Mutiny. I think is more about LDK. Let's not forget that Mutiny is an "interface" for the LDK node under the hood.
If Phoenix app will have the same issue, it doesn't mean that is Phoenix app fault because the Acinq node behind is having issues.
Let's separate these things and treat them separately.
reply
That's point.
reply
Maybe you should pay attention to the beta warning. That should be in your threat model.
reply