pull down to refresh
When we use the aezeed and static channel backup to recover, how much trust, if any, is being put in the channel peer? We are at least trusting them to force close the channel, correct? How long should it take from the time we contact our channel peer for the channel to be forced closed and settled on chain?
reply
the SCB can only recover channels where your peer is online
if you deploy an SCB and a peer is offline, you will have to keep deploying it and hopefully, they'll come back online.
If both nodes are offline then the channel is one of the ~200k zombie channels identified by LND
reply
I think the explanation @justin_shocknet wrote has more detail generally and is important to note what he said about the way SCB backup works. It's not really a backup.
In answer to your question about trust.
I think it's not an issue with channel peers. The only issue is mempools. in that if for some reason your closures went through at a low fee (say 1~3 sats/vB) and then mempools spike, well there'd be costs that might make the small channels get much less funds back as a propotion of the channel size. Also, you might be waiting indefinetly. Usually force closures would estimate appropriately, and they will get mined, even in high fees, just could be unlucky if they spiked for a long duration just after force closing. But peers are not really an issue. Funds a re safe.
The scenario in that you might lose a seed phrase might be a problem only if you lost access to your node (corrupted db, SSD or whatever.) You could just have an external wallet in Bitcoin Core or whereever you like and close channels one by one (without force closing) and shift all of your funds to a new wallet by opening channels with a close address for your new wallet. But then again, maybe this is not going to work for force closing. So, bit difficult to say in each scenario.
- I meant to say above, if you have the seed, and want to keep using the node, you can just close old channels one by one, and if you wanted to open any new channels, use an expernal wallet (lilke one that is cold storage, hww, or multi-sig) with:
lncli openchannel xxx --local_amt xxx --close_address bc1xxx --sat_per_vbyte x
or
bos open xxx --amount xxx --coop-close-address bc1xxx
not sure if there's much difference in those two commands.
reply
It's kind of trusted unless you have recourse, since the SCB basically asks the peer to force close the channel as a signal that you don't have the latest state to do it gracefully yourself.
If they're willing to wager that you completely lost the state, as in don't have a watchtower somewhere, they could broadcast an old state and steal some funds that were sent to your side of the channel. The risk to them is that you might have set a trap, and the latest state in a watchtower somewhere ready to issue a justice tx should they attempt this.
If the peer is altogether unreachable, recovery gets more complicated and involves external chantools that Lightning Labs has available, this too would require the seed phrase.
reply
Thanks for your help. I was able to test backup with the seed phrase and static channel backup and everything worked as expected. What would the next step be to back up the node in such a way as to not have to trust the peer to not try and steal your funds with an old state and to be able to recover funds if peer is offline? I understand there’s a lot of things that can go wrong if your backup is not completely up to date and your accidentally broadcast an old state. But there must be some way to safely do it.
reply
A watchtower is basically a second node to deal with some of these issues
Even if everything goes perfectly in a recovery scenario, closing channels and replacing them can get expensive, so it's best to make sure the node environment is a resilient one so it doesn't come up... I suggest an Nvme with a laptop battery at minimum
reply
AH yes. I stand corrected. this is true.
I forget about this because make a point of checking I have watchtowers.
reply
*edit: I meant, If you want to keep using but DON'T have the seed..
but I guess it's obviously a much safer to have the seed!
reply
Correct on the last part re the aezeed. Because it has the start date of the wallet encoded into it, it will not return a valid BTC on-chain wallet. So either you would just reseed an LND wallet with the aezeed backup, which would then presumably let you ask any peers in channels.backup to force close. Then you can retrieve the funds from doing an on chain transaction through ln-cli (lnd-cli?).
In a case where you know all the funds have arrived back on-chain (i.e., all channels have closed and funds confirmed on-chain) and you want to access it using a standard BTC mnemonic (note: bluewallet accepts aezeed words), I believe you can use Iancoleman.io to get the on-chain key from the aezeed. (Remember to follow the security cautions!)
reply
Yeah. It took me a while to realize aezeed seeds are not really the same thing at all. Is it even possible to use offline seed tool? I've never heard anyone achieve that.
Sending funds out does seem safer. I'd feel very awkward about using a seed tool like iancoleman to restore any funds.
reply
Yeah if you load the Ian Coleman site and then turn off your internet you can use it offline although I'd likely still throw away the wallet after sweeping it. I've seen it referenced around as a useful tool.
Otherwise, it's a cool tool for learning.
reply
.lnd
directory, it will have all of your lnd data, thus it's a complete backup. So, that's a sure way of backing up. If it's not encrypted with a password, or twenty-fifth word, obviously that could be used be an attacker to run your node with your wallet.