📅 Original date posted:2016-04-29
📝 Original message:
Hello,
I see a few issues with the clearing process as currently described in BOLT #2.
There seem to be a contradiction between:
§4.1 "A node MUST respond with update_fail_htlc to any HTLC received
after it sent close_clearing."
and:
§3.3 "There are three reasons for removing an HTLC: it has timed
out, it has failed to route, or the R preimage is supplied.")
§3.3 "A node MUST check that id corresponds to an HTLC in its
current commitment transaction."
In §4.1, the node must decline/remove the still-uncommitted HTLC,
which is explicitely forbidden by §3.3. AFAICT, in this version of the
procotol an HTLC can only be accepted, then committed, then removed.
There is no way to decline an HTLC, the receiver must always accept it
except when the sender doesn't have the money or there are two many
pending HTLC, in which case the connection should be failed (§3.2,
although it is actually not clear for the too-many-htlc case).
We could decide to just fail the connection instead of declining the
htlc, but there is another issue: if the sender of a "close_clearing"
message subsequently receives an update_add_htlc, there is no way to
tell if the other party had received the close_clearing prior to
sending the htlc since update_add_htlc message doesn't have an 'ack'
field.
There is potentially the same issue with the signature process: when
node A sends an update_commit message to B, it is expecting an
update_revocation rather sooner than later. But what if B just ignores
the update_commit message and keeps sending new htlcs ? There is no
way for A to be sure that B indeed received the update_commit, for the
same reason as above.
Cheers,
Pierre
Pierre [ARCHIVE] /
npub1yz…y4pdt
2023-06-09 12:46:11
in reply to nevent1q…alpw
Author Public Key
npub1yz88535e0ydqye9q9x8l5cz9d3g6ervfjgyk5xm88zvktmxvstlsuy4pdtPublished at
2023-06-09 12:46:11Event JSON
{
"id": "589549a8f9659c25e9c5fd3db771d912b1e99dd09886d3aaf01e9c83d3385630",
"pubkey": "208e7a4699791a0264a0298ffa60456c51ac8d8992096a1b67389965eccc82ff",
"created_at": 1686314771,
"kind": 1,
"tags": [
[
"e",
"4f887e048ac70bda12dc91721d27e001fc8faa2ad6a3593086f8500647f7d700",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "📅 Original date posted:2016-04-29\n📝 Original message:\nHello,\n\nI see a few issues with the clearing process as currently described in BOLT #2.\n\nThere seem to be a contradiction between:\n §4.1 \"A node MUST respond with update_fail_htlc to any HTLC received\nafter it sent close_clearing.\"\nand:\n §3.3 \"There are three reasons for removing an HTLC: it has timed\nout, it has failed to route, or the R preimage is supplied.\")\n §3.3 \"A node MUST check that id corresponds to an HTLC in its\ncurrent commitment transaction.\"\n\nIn §4.1, the node must decline/remove the still-uncommitted HTLC,\nwhich is explicitely forbidden by §3.3. AFAICT, in this version of the\nprocotol an HTLC can only be accepted, then committed, then removed.\nThere is no way to decline an HTLC, the receiver must always accept it\nexcept when the sender doesn't have the money or there are two many\npending HTLC, in which case the connection should be failed (§3.2,\nalthough it is actually not clear for the too-many-htlc case).\n\nWe could decide to just fail the connection instead of declining the\nhtlc, but there is another issue: if the sender of a \"close_clearing\"\nmessage subsequently receives an update_add_htlc, there is no way to\ntell if the other party had received the close_clearing prior to\nsending the htlc since update_add_htlc message doesn't have an 'ack'\nfield.\n\nThere is potentially the same issue with the signature process: when\nnode A sends an update_commit message to B, it is expecting an\nupdate_revocation rather sooner than later. But what if B just ignores\nthe update_commit message and keeps sending new htlcs ? There is no\nway for A to be sure that B indeed received the update_commit, for the\nsame reason as above.\n\nCheers,\nPierre",
"sig": "5d04fa15b8228392c6d30447f76c60e0c2ee6a6eed8798a556859cdd2a1a466e4c7beacf643ef0dce823ba0be1d26da11da843fe76d96e1cc423ddf3efa286be"
}