I noticed the Commitment Transaction Output script is weak to malleability, this can be used to delay confirmation of the revocation. Luckily, fixing the situation does not require lots of development.
``` OP_IF # Penalty transaction <revocationkey> OP_ELSE `to_self_delay` OP_CSV OP_DROP <local_delayedkey> OP_ENDIF OP_CHECKSIG ``` An attacker can delay the Penalty Transaction by malleating it. Which can lead to very bad outcome as Lightning dependant on time locks. The penalty transaction would have. ``` <revocation_sig> 1 ``` Problem is that Eve could malleate OP_1 into a positive, huge number. This would have for effect to fill the mempool of nodes/miners with the malleated version which will have an higher fee rate, delaying the confirmation of the penalty transaction. Now, there is a policy rule called SCRIPT_VERIFY_MINIMALIF by jl2012 which was merged into v0.15.1. ( https://github.com/bitcoin/bitcoin/commit/c72c5b1e3bd42e84465677e94aa83316ff3d9a14 ) I guess that by the time LN is ready, 0.15.1 will be spread enough among miners, but still I think a 2 bytes overhead is well worth the fix. ``` 1 OP_EQUAL OP_IF # Penalty transaction <revocationkey> OP_ELSE `to_self_delay` OP_CSV OP_DROP <local_delayedkey> OP_ENDIF OP_CHECKSIG ``` Nicolas,
_______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev