113 sats \ 7 replies \ @fred 14 Nov 2023 \ on: Mutiny Wallet forced closed, on-chain balance zero bitcoin
Isn't Mutiny Wallet a self custodial Lightning Wallet? How is this possible?
Because on lightning it is dangerous to go offline for a long time. On lightning, your funds are in a multisig address where you have one key and your channel partner has another.
Suppose you want to pay someone $5 in a channel where you have $100. To make that LN payment, you first make a contract with your channel partner. The contract says you will quickly let your channel partner have $5 as long as he shows you the preimage to the payment hash of a certain invoice. To enforce this contract, you use your entire channel balance as collateral -- all $100. So if you act slowly, your channel partner gets $100 from you instead of $5 as a penalty for breaking your promise that you would act quickly.
But LN payments can be delayed by anyone along your route, including your channel partner. So if you are using Mutiny, and your payment gets delayed, and you close the app, then -- when your payment finally goes through -- your channel partner will (try to) show you the preimage (but your phone app can't see it because it is closed), force close your channel when you don't respond (this triggers a kind of countdown during which you must let your channel partner have the $5 before the timer runs out), and -- if you still don't respond -- sweep your entire channel balance as a penalty for breaking your promise.
Your channel partner can do this even though LN is non-custodial because, when you clicked Send, you signed a transaction allowing your channel partner to do this. Once you sign a transaction, don't be surprised if someone uses it to take your money.
reply
(deleted and reposted, because I messed up the explanation!)
edit: and fixed it again... explaining LN is hard. :D
sweep your entire channel balance as a penalty for breaking your promise
You are incorrect here. The only way your channel balance can be swept is by either party publishing an invalid, revoked, commitment transaction. But if that happens, the other party, or a watch tower used by the other party, can use the revoked private keys to sweep the balance. This is a strong disincentive from either party intentionally committing fraud. Provided your wallet doesn't have bugs in it, this isn't very likely to happen to you.
Note that pending lightning payments are, roughly speaking, unconfirmed transactions that would actually make the payment if mined. The trick that makes Lightning work is that those unconfirmed transactions are revoked by revealing private keys unique to that specific transaction. But both sides of a channel need to be online for the revoking process to work. So if there is ever an unconfirmed transaction that isn't revoked in time due to an offline party, the other party that is still online it into an on-chain payment by getting that unconfirmed transaction mined.
reply
deleted by author
reply
deleted by author
reply
thank you for the correction
reply
Heh, my correction needed a correction!
reply
Because lightning.
reply