Hi Peter,<br /><br />&gt; It is not.<br />&gt; <br />&gt; I've actually *accidentally* exploited this type of pinning vector a few times<br />&gt; in Lighting channels by simply force closing them at times when fee-rates were<br />&gt; high. I've even twice managed to delay the force close of a channel by testing<br />&gt; out justice transactions by broadcasting a low fee-rate, revoked commitment,<br />&gt; which the counterparty node did not notice. Instead, the channel just stayed<br />&gt; in limbo for a few days until the node finally got in a normal force-close<br />&gt; using the non-revoked state after fees reduced. In both cases, both endpoints<br />&gt; were LND using compact block filters (I was running both nodes in these tests).<br />&gt; IIUC the LND compat block filter implementation does not track mempool<br />&gt; transactions, so it only notices revoked commitment transactions when they<br />&gt; appear in blocks (notice how this means that the lack of package relay will<br />&gt; render LND's fee-bumping code potentially useless if the conflicting commitment<br />&gt; transaction is equal or greater fee/fee-rate).<br />&gt; <br />&gt; I haven't tried fully exploiting this particular scenario by maximizing the<br />&gt; number of HTLCs in flight; I was just trying out stuff manually. Someone<br />&gt; should.<br />&gt; <br />&gt; It should be relatively easy to automate this class type of attack by simply<br />&gt; picking opportunities for it based on fee rates. It's quite common for fee<br />&gt; spikes to cause conditions where you can easily predict that fees won't go<br />&gt; below certain levels for many blocks in the future, multiple days even. Your<br />&gt; claim that "estimating feerates correctly for over 144 blocks in a row sounds<br />&gt; difficult" is very wrong.<br /><br />After reading Dave description of the "loophole pinning" attack, which is a<br />re-formalization of my gitub comment on one of the TRUC PR, I'm not entirely<br />sure, we're describing the same exploitation scenario. Finely evaluating the<br />viability of an attack, before the attack scheme and attacker capabilities are<br />fleshed out is a bit premature...<br /><br />Especially, when you're saying few more lines after that you have tried to<br />fully exploit this scenario with HTLCs in flights, and all other attempts<br />were more accidental and without being sure the LND software correctly<br />implements RBF, including the rule 5 penalty computation at all time (you're<br />observing yourself the limitations of LND's fee-bumping code).<br /><br />If there is a lightning node on mainnet of yours that your formally authorize<br />me to test some pinning attacks, I could try a demo. Alternatively, I can<br />setup a LN node + full-node on some long-running infrastructure, if you wish<br />to try the scenario on your side. Though, as observed by Dave there is no<br />lightning code written yet to opt-in into TRUC transactions.<br /><br />On the last observation, I agree with you that is a class type of attack that<br />one could automate by leveraging fee-estimation algorithms.<br /><br />Best,<br />Antoine<br />ots hash: a958c5bf1a5af3f3fd2b3788b201b95707621cfecc9b1478075a0da4d8c5c0a5<br /><br /><div class="gmail_quote"><div dir="auto" class="gmail_attr">Le mardi 30 juillet 2024 à 20:58:08 UTC+1, Peter Todd a écrit :<br/></div><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">On Mon, Jul 29, 2024 at 06:57:17PM -1000, David A. Harding wrote:
<br>&gt; Given the first point and the last point, I&#39;m not sure how viable the
<br>&gt; attack is (but, as I said, I&#39;m not sure I understand it).  Estimating or
<br>&gt; manipulating feerates correctly for over 144 blocks in a row sounds
<br>&gt; difficult.  Counterparties being able to deprive Mallory of profit seems
<br>&gt; like a major weakness.
<br>
<br>It is not.
<br>
<br>I&#39;ve actually *accidentally* exploited this type of pinning vector a few times
<br>in Lighting channels by simply force closing them at times when fee-rates were
<br>high. I&#39;ve even twice managed to delay the force close of a channel by testing
<br>out justice transactions by broadcasting a low fee-rate, revoked commitment,
<br>which the counterparty node did not notice.  Instead, the channel just stayed
<br>in limbo for a few days until the node finally got in a normal force-close
<br>using the non-revoked state after fees reduced. In both cases, both endpoints
<br>were LND using compact block filters (I was running both nodes in these tests).
<br>IIUC the LND compat block filter implementation does not track mempool
<br>transactions, so it only notices revoked commitment transactions when they
<br>appear in blocks (notice how this means that the lack of package relay will
<br>render LND&#39;s fee-bumping code potentially useless if the conflicting commitment
<br>transaction is equal or greater fee/fee-rate).
<br>
<br>I haven&#39;t tried fully exploiting this particular scenario by maximizing the
<br>number of HTLCs in flight; I was just trying out stuff manually. Someone
<br>should.
<br>
<br>It should be relatively easy to automate this class type of attack by simply
<br>picking opportunities for it based on fee rates. It&#39;s quite common for fee
<br>spikes to cause conditions where you can easily predict that fees won&#39;t go
<br>below certain levels for many blocks in the future, multiple days even. Your
<br>claim that &quot;estimating feerates correctly for over 144 blocks in a row sounds
<br>difficult&quot; is very wrong.
<br>
<br>-- 
<br><a href="https://petertodd.org" target="_blank" rel="nofollow" data-saferedirecturl="https://www.google.com/url?hl=fr&amp;q=https://petertodd.org&amp;source=gmail&amp;ust=1723869845122000&amp;usg=AOvVaw0Bw-iSvzWNJwUgsyoRzhoI">https://petertodd.org</a> &#39;peter&#39;[:-1]@<a href="http://petertodd.org" target="_blank" rel="nofollow" data-saferedirecturl="https://www.google.com/url?hl=fr&amp;q=http://petertodd.org&amp;source=gmail&amp;ust=1723869845122000&amp;usg=AOvVaw2f00vpl6Qan8aIXE9rwFCY">petertodd.org</a>
<br></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoindev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/bitcoindev/04a22956-b722-4f6c-b8d5-0f8905359721n%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/bitcoindev/04a22956-b722-4f6c-b8d5-0f8905359721n%40googlegroups.com</a>.<br />