On Tue, Oct 17, 2023 at 02:11:20AM +0100, Antoine Riard wrote: > > I think if you want people to understand this exploit, you need to > explain in more detail how we have a situation where two different parties > can spend the same HTLC txout, without the first party having the right to > spend it via their knowledge of the HTLC-preimage. > > If I'm correctly understanding your question, you're asking why we have a > situation where the spend of a HTLC output can be in competition between 2 > channel counterparties.
No, you are not correctly understanding it. It's obvious that an HTLC output can be in competition between 2 different parties. Obviously, the HTLC-preimage doesn't expire. The problem is you haven't explained why the party with the HTLC pre-image should not *remain* the party with the *right* to spend that output, even after the timeout branch becomes another possible way to spend it. > LN commitment transactions have offered HTLC outputs where a counterparty > Alice is pledging to her other counterparty Caroll the HTLC amount in > exchange of a preimage (and Caroll signature). > > After the expiration of the HTLC timelock, if the HTLC has not been claimed > on-chain by Caroll, Alice can claim it back with her signature (and the > pre-exchanged Caroll signature). > > The exploit works actually in Caroll leveraging her HTLC-preimage > transaction as a replace-by-fee of Alice's HTLC-timeout _after_ the > expiration of the timelock, the HTLC-preimage transaction staying consensus > valid. That's precisely my point re: you not properly explaining the problem. If Caroll has the HTLC-preimage, she has the right to spend it. You need to explain why her right to spend that HTLC-preimage output should expire. If anything, the way you've explained it sounds like Bob has stolen the output from Caroll by virtue of the fact that Caroll wasn't able to spend the HTLC-preimage output in time. -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: PGP signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
