Replying to Avatar Matt Corallo

It’s a really terrible outcome that folks have come to expect to be able to send their full channel balance as a single HTLC for channels between routing nodes. Not only should you never commit your full balance in a single HTLC for DoS reasons but you really, really, really need to set your max-in-flight well under 50% for network-wide privacy!
Avatar
Nick Slaney 2y ago

I worry that this is an understated risk in lightning for routing nodes. I’m not even sure if lnd exposes this as an option at channel open.

Shorter timeouts on HTLCs means that if you route an htlc that is a large % of a channel, you could be putting that amount at risk.

If you go down while an HTLC you are forwarding is pending, you could end up missing the preimage. If you don’t come back in time, you could find yourself in a situation where your outbound HTLC has been claimed by one peer via preimage and your inbound htlc has been claimed by the other via the CLTV timeout.

In effect, you would have unintentionally donated your money for the benefit of the original payment sender :)

#[0]

Reply to this note

Please Login to reply.

Discussion

Avatar
Nick Slaney 2y ago

This is also a good example of how the devs intended the thing to be used vs how the users actually use it. It’s very common on LN to vary your max_htlc based on liquidity to signal to senders what sort of payment will go through. This popularized by the great but dearly missed Zero Fee Routing

Avatar
ryanthegentry 2y ago

Lnd allows you to set both max_value_in_flight and remote_max_value_in_flight_msat per channel. Is that what you’re talking about? Both set “the maximum amount of coins in millisatoshis that can be pending in this channel.”

Avatar
Nick Slaney 2y ago

Yes, was searching for this within LND, wondering what the default is? The spec calls it max_htlc_value_in_flight_msat

Avatar
ryanthegentry 2y ago

Afk but can check later. What default would you consider proper?

Avatar
Nick Slaney 2y ago

Doing some work to figure out what will work best for us, and I suspect it may be different across use cases. Hadn’t thought about this setting from this pov until recently.

Avatar
ryanthegentry 2y ago

Default is “the maximum msats worth of HTLCs that can be pending (or in-flight) on our side of the channel.” And `lncli openchannel —remote_max_value_in_flight_msat` allows you to adjust beyond that default upon channel open.

https://github.com/lightningnetwork/lnd/commit/a66a1e113fb04912ac2e8ae62446bce8fed8d12a

Avatar
Colby Serpa 2y ago

Thoughts on PTLCs?

https://bitcoinops.org/en/topics/ptlc/

Avatar
Nick Slaney 2y ago

I’m here for it! Doesn’t change this particular issue tho