pull down to refresh

How to Build the Ultimate Bandaid Wallet
4388 sats \ 7 comments \ @_arshbot 9 Jan bitcoin
This impetus for this post was heavily inspired by Ben’s post here #379225. Not a direct response, but a lot of conversation swirled around wallets like Muun and Mutiny so I figured a bit of elaboration on these kind of wallets would be beneficial.
So, for starters, what are these kind of wallets and how do they differ from normal (lightning) wallets?

Self-Hosted vs. Bandaid Wallets

Muun, Mutiny, and Phoenix are what I and others affectionately call Bandaid wallets. Wallets that attempt to solve the shortcomings of self custodial lightning wallets by leveraging LSPs in some form or fashion. They can use LSPs in varying capacities, but fundamentally - while your keys are entirely yours, the infrastructure required to facilitate the usage of your keys to their fullest extent are not. This is a departure from classic wallets in Bitcoin, which never require an always on connection.
Self hosted lightning wallets allow you to own your own infrastructure (or bring it yourself with an umbrel or voltage node), but they don’t get any of the benefits of using an LSP. They’re also really hard to set up, hard to maintain, and (unlike bandaid wallets), require you to manage your own channels.

Challenges with Split Accounting

Self hosted wallets also tend to suffer from split accounting, which is separate accounting for onchain balances and lightning balances. Split accounting is really tough for new users (especially the nontechnical to understand), exacerbated when their first experience in bitcoin is a wallet with this feature.
It’s confusing to new users because they’re barely aware of the existence of lightning, let alone it’s fundamental characteristics, but going forward - this is the ideal way to use bitcoin, so this is the world new bitcoiners find themselves in. It confuses them because they’re not aware why they have two balances, often they’re not aware that just because it says they have some bitcoin in lightning, doesn’t mean they can pay an onchain address (of course, the difference between an invoice and an address being lost on them). And it’s especially confusing when they try to understand why some transactions have high fees and others don’t, and what they could have possibly done differently to avoid that next time. In my opinion, custodial wallets are superior to most self hosted wallets purely because they support unified accounting and because they don’t put the onus of channel management on the user.
There isn’t an explicit reason why self hosted wallets lack unified accounting, though without the help of LSPs, the fees are higher. So let’s talk about the real elephant in the room with bandaid wallets.

The Compromise of Bandaid Wallets

Your Keys?Your Infra?Easy?
Bandaid Wallets
Self Hosted
Custodial
Notice how their isn’t a row with all ✅? It’s because the perfect, elegant bitcoin/lightning wallet doesn’t exist. This is because of onchain restrictions imposed by lack of consensus and lightning’s fundamental nature of trading out-of-band metadata.
To quote Mathew Mcconaughey in Wolf of Wallstreet:
It’s fairy dust, it doesn’t exist, it’s never landed, it is no matter, it’s not on the elemental chart, it’s not fuckin real.
Bandaid wallets are the superior option for most people, with the following achilles heel: a lack of understanding of your self-custodial infra leads to a lack of understanding over fees. Many actions in bandaid wallets are assisted by an LSP, which charges fees.

Fee Structure Comparison

A quick breakdown of fees across wallet types:
https://m.stacker.news/11315
Not hosting your own infra combined with relying on more infra than normal (not just an LND node!) results in bandaid wallets having the most egregious fees. The worst attribute of this design is the mining cost to accept onchain. Bandaid wallets can avoid this fee by embrace split accounting, however the whole point of a bandaid wallet is to make things easier not harder… So most don’t.

The Cost of Accepting Onchain in Bandaid Wallets

The mining cost to accept onchain comes from using submarine swaps to move funds into the lightning channel. Unified accounting is normally achieved by just moving funds in and out of your lightning channel, and never holding onchain keys beyond channel requirements. Submarine swaps have a mining fee associated because it costs the provider a fee to move funds out of the HTLC onchain.
Alternatively, we could use splice-in transactions to accept monies onchain which would avoid paying a provider fee. However, this has some other complications. For starters, the user would have to be online to finalize the transaction. No async payments LSP workaround. This also means if someone paid you and you didn’t have your wallet open, next time you opened it (maybe when trying to buy that cup of joe) you’d be forced to wait a few confirmations while your wallet finalized the queue. Not great. This could also be exploited by bad actors to constantly take your mobile wallet offline by sending you dust. Of course, this could be mitigated by allowing the user to sweep onchain funds at their discretion, again not great since we have to teach users the difference between bitcoin/lightning which as we’ve covered earlier, is confusing.
To quote the hit tv show Chernobyl:
Not good, not great.
Unfortunately, this attribute of bandaid wallets affects a core mechanism. Accepting bitcoin onchain. People may argue that it shouldn’t be something most concern themselves with. But it currently is. The Bitcoin ecosystem is slim as it is, double charging a user to move funds into a wallet (fees on moving off exchange, fees on moving into wallet) is bad and penalizing onchain usage more than it already is only increases friction for already friction-full lightning adoption. Remember, thew lightning ecosystem is significantly smaller than bitcoin.

JIT Channels and Async Payment LSPs

Bandaid wallets have other tricks that aren’t nearly as problematic, which is good. They ought to rely on JIT channels and async payment LSPs.
JIT channels are pretty simple. JIT stands for Just-In-Time channels, and are also known as zero-conf channels. A wallet that has no channels can worry about getting their first channel set up when they receive funds that first time. The LSP accepts the risk of moving funds with zero confirmations for a fee, typically a percentage and the channel is immediately usable. This removes several frictions if done well. It’s a chance for the wallet to axe channel and peer management if they enforce only channels with their JIT LSP. It’s also a chance to heavily simplify the onboarding experience into lightning, both are serious user experience issues when it comes to self-hosted wallets. JIT Channels are a necessity.
There are many vendors to choose from for a JIT LSP, but the two I recommend would be c=’s and voltage. One downside with JIT vendors is how they communicate the intermediary node. C= uses routehints to try to coax routing through their node, but if the wallet has channels with anyone else, this might fail. Another reason to enforce exclusive peer with the LSP.
Voltage’s Flow2.0 uses wrapped invoices, which basically means their invoice has a secondary invoice inside it. This is not supported in the greater network, and will require the sender to understand it to send the intermediary payment to the LSP. It will also require communication between the intermediary and wallet to construct the wrapped invoice.
Async payments are little more complex, and can fail at a higher rate than typical payments - especially as the network isn’t ready to differentiate between stuck payments and held payments. But success rates will likely increase as this feature is adopted more and more. I’d argue they’re a necessity as well, though less than JIT channels.

Conclusion

In conclusion, bandaid wallets are named so because they use bandaids to make the lightning experience palatable for new users. The bandaids they use are mostly LSPs, with the exception being splice-out. They focus on a great user experience, with the downside being inconsistent fees depending on specific actions. They have great onboarding experiences for lightning, something sorely lacking, and remove lots of confusing and unnecessary functionality many lightning wallets have.
They’re also our best hope for onboarding new users if we don’t softfork some really cool features in, but even then they’ll probably still be necessary.
write
preview
related posts
243 sats \ 2 replies \ @TonyGiorgio 9 Jan
I really despise this made up term "bandaid" wallet to describe Mutiny and others. I really don't know in what way you define this. Is it not being relied upon anyone else's infrastructure? You are aware almost all mobile Bitcoin wallets rely upon third party block explorers and indexers? Would you call BlueWallet a bandaid wallet too?
You're also defining it as infrastructure you can't host, however the entire mutiny stack is self hostable and we have multiple users that go that route on their start9. Neither the self hosted stack nor the hosted stack relies on an LSP either. You can open a channel with any other node on the network.
You're also conflating different features of LN to being something specific to "bandaid" wallets or not. Splicing is not a "bandaid" only feature, having onchain vs LN accounting is not self hosted only, having an LSP is not specific to "bandaids" only, different fee mechanisms can apply to all (not sure why you think receiving on chain to a "bandaid" wallet takes a fee as well, unless you're talking about one specific wallet which I think Phoenix might).
In general, I think you're nit picking many different properties across the wide variety of LN apps or setups that exist and you're applying those properties across the ones you're trying to make some argument for. The reality is there's a lot of different features, trade offs, and setups to each mobile wallet but honestly you're interchanging the worst/best properties of each wallet and applying it to all in an overly generic bucket as a blanket statement.
C= uses routehints to try to coax routing through their node, but if the wallet has channels with anyone else, this might fail.
Preferences are typically given to the route hint, and besides, if they had enough inbound with other channels then the JIT channel wasn't needed. Multi LSP is totally possible.
Voltage’s Flow2.0 uses wrapped invoices, which basically means their invoice has a secondary invoice inside it. This is not supported in the greater network, and will require the sender to understand it to send the intermediary payment to the LSP.
This is false.
Async payments are little more complex, and can fail at a higher rate than typical payments - especially as the network isn’t ready to differentiate between stuck payments and held payments
Async payments don't exist anywhere yet..? Are you describing something else that's specific to a single wallet implemention (Zeus)? Because that's not async payments, that's hodl invoices.
reply
464 sats \ 1 reply \ @_arshbot OP 9 Jan
I really despise this made up term "bandaid" wallet to describe Mutiny and others. I really don't know in what way you define this.
I'm sorry I've offended you, but I'm comparing between bitcoin wallets and lightning wallets. In order to get a similar experience to bitcoin, our lightning wallets have to make a lot of concessions. Concessions in privacy, concessions in fees to service providers (block explorers don't charge this).
Describing Mutiny, Phoenix, Muun as bandaid experiences isn't a dig at y'all. You guys have made very useful, very clever solutions to the challenges in front of you. But those solutions are fundament bandaids of the limitations of the baselayer.
I'm in the middle of building what I describe as a bandaid wallet myself. We, implementors are bridging gaps that shouldn't exist in my opinion. All of lightning exists as a way to bridge the gap of restricting blocksize as usage increases while still allowing for day-to-day transactions. It's a dig at a lack of supporting features at the base layer, not a dig at your (or my) work.
People want Bitcoin to grow, without scaling Bitcoin in any way. Now, the onus of support is left to us to make and make use of bandaids.
You're also defining it as infrastructure you can't host, however the entire mutiny stack is self hostable and we have multiple users that go that route on their start9
Sure, in those cases it's not what I'd call a bandaid wallet, but what I'd call a self-hosted wallet. Which does not have ease of use or easy onboarding as an attribute.
Splicing is not a "bandaid" only feature
I concede
having onchain vs LN accounting is not self hosted only
I address this above. "There isn’t an explicit reason why self hosted wallets lack unified accounting, though without the help of LSPs, the fees are higher. So let’s talk about the real elephant in the room with bandaid wallets." If I had to guess, if you're going to go to the trouble of going self-hosted, you might as well optimize on fees. Bandaid wallets don't aim to optimize on fees, they aim to profit off them (nothing wrong with this!)
(not sure why you think receiving on chain to a "bandaid" wallet takes a fee as well, unless you're talking about one specific wallet which I think Phoenix might).
If the bandaid wallet supports unified accounting (yours does not), then they likely use swap-ins which have a mining fee + provider, with one notable exception.
This is false.
Please elaborate!
Async payments don't exist anywhere yet..? Are you describing something else that's specific to a single wallet implemention (Zeus)? Because that's not async payments, that's hodl invoices.
I'm describing async payments to be implemented by LDK
reply
0 sats \ 0 replies \ @TonyGiorgio 10 Jan
But those solutions are fundament bandaids of the limitations of the baselayer... It's a dig at a lack of supporting features at the base layer
Wouldn't it be more fair to say that the argument that you're trying to make is that Lightning is not a solution for end consumers and that Lighting is in fact the bandaid in the first place? Instead of calling out specific types of wallets? Whether that's a mobile lightning wallet or running something like LND on an umbrel, I would imagine your point is that both is a bandaid. Mobile wallets are just opinionated implementations of lightning, with their own features that can be shared across self-hosted solutions.
Also, bandaid has a negative connotation attached to it, I would find a different word when calling out competitors and describing your own product.
If the bandaid wallet supports unified accounting (yours does not), then they likely use swap-ins which have a mining fee + provider
Yes, but phoenix is the only one that incurs a fee for incoming on chain receives and that's only recently with their new splicing model. Muun provides unified accounting but is on chain naturally and does not incur a fee for on chain receives. Do you know of another wallet that has a unified balance but charges fees to receive on chain? Part of my problem with much of your thoughts here is that you're applying one wallet's feature to all.
Please elaborate!
You say "Voltage’s Flow2.0 uses wrapped invoices... This is not supported in the greater network, and will require the sender to understand it to send the intermediary payment to the LSP."
Yes voltage uses wrapped invoices, but it is supported by the entire network because it is just a normal invoice, and it's even supported by the entire network to be the recipient of a voltage wrapped invoice because it's a single very simple API call.
I'm describing async payments to be implemented by LDK
That's not how async payments work on a spec level, which is how they'll implement it. It's a sender-LSP (or always online sending-node) to recipient-LSP protocol that works through onion messages. There's no stuck/held payments.
reply
0 sats \ 1 reply \ @02f83fe956 10 Jan
Muun wallet has a unified balance, however it stores all funds on-chain and not on-lightning for a user. So every incoming payment is a splice-out.
Aqua wallet now is doing the same thing except storing funds on-Liquid-sidechain rather than on mainnet.
Aqua seems like the best choice for people wanting the easiest experience but not wanting to go custodial atm. What do you think about this recently launched wallet?
reply
0 sats \ 0 replies \ @_arshbot OP 11 Jan
however it stores all funds on-chain and not on-lightning for a user. So every incoming payment is a splice-out
This doesn't make the most sense. Splice-out/ins (and I think you're referring to splice-in for incoming payment?) only apply to funds held in a lightning channel. All funds in lightning channels are anchored onchain, which is how splice works.
Do you mean to say all onchain movements in Muun are performed with splice in/out's?
reply
0 sats \ 1 reply \ @nerd2ninja 9 Jan
Okay yeah that's an alright description of the status quo. I'm sort of done looking at the status quo right now tho lol. I do kinda feel like we've fleshed out all the automated scripting we can to make lightning as easy as possible in its current form. That's why I think its time to start looking at where we're going instead of where we are because I don't think we have any further we can go with what we have right now.
I think I'd like to read your analysis just like you've done here on future scaling solutions that have been presented. You know, if you imagined what a fully fleshed out bandaid wallet would be in the future with a given softfork like how CTV might result in lightning Timeout tree wallets for example.
I liked this podcast episode as an introduction to the idea: #376411
reply
666 sats \ 0 replies \ @_arshbot OP 9 Jan
You know, if you imagined what a fully fleshed out bandaid wallet would be in the future with a given softfork like how CTV might result in lightning Timeout tree wallets for example.
I like this idea, may add something new to that whole conversation if people understand how it'll actually help at the end of the day
reply