📅 Original date posted:2019-10-25
📝 Original message:
It essentially changes the rule to always allow CPFP-ing the commitment as
long as there is an output available without any descendants. It changes
the commitment from "you always need at least, and exactly, one non-CSV
output per party. " to "you always need at least one non-CSV output per
party. "
I realize these limits are there for a reason though, but I'm wondering if
could relax them. Also now that jeremyrubin has expressed problems with the
current mempool limits.
On Thu, Oct 24, 2019 at 11:25 PM Matt Corallo <lf-lists at mattcorallo.com>
wrote:
> I may be missing something, but I'm not sure how this changes anything?
>
> If you have a commitment transaction, you always need at least, and
> exactly, one non-CSV output per party. The fact that there is a size
> limitation on the transaction that spends for carve-out purposes only
> effects how many other inputs/outputs you can add, but somehow I doubt
> its ever going to be a large enough number to matter.
>
> Matt
>
> On 10/24/19 1:49 PM, Johan Torås Halseth wrote:
> > Reviving this old thread now that the recently released RC for bitcoind
> > 0.19 includes the above mentioned carve-out rule.
> >
> > In an attempt to pave the way for more robust CPFP of on-chain contracts
> > (Lightning commitment transactions), the carve-out rule was added in
> > https://github.com/bitcoin/bitcoin/pull/15681. However, having worked on
> > an implementation of a new commitment format for utilizing the Bring
> > Your Own Fees strategy using CPFP, I’m wondering if the special case
> > rule should have been relaxed a bit, to avoid the need for adding a 1
> > CSV to all outputs (in case of Lightning this means HTLC scripts would
> > need to be changed to add the CSV delay).
> >
> > Instead, what about letting the rule be
> >
> > The last transaction which is added to a package of dependent
> > transactions in the mempool must:
> > * Have no more than one unconfirmed parent.
> >
> > This would of course allow adding a large transaction to each output of
> > the unconfirmed parent, which in effect would allow an attacker to
> > exceed the MAX_PACKAGE_VIRTUAL_SIZE limit in some cases. However, is
> > this a problem with the current mempool acceptance code in bitcoind? I
> > would imagine evicting transactions based on feerate when the max
> > mempool size is met handles this, but I’m asking since it seems like
> > there has been several changes to the acceptance code and eviction
> > policy since the limit was first introduced.
> >
> > - Johan
> >
> >
> > On Wed, Feb 13, 2019 at 6:57 AM Rusty Russell <rusty at rustcorp.com.au
> > <mailto:rusty at rustcorp.com.au>> wrote:
> >
> > Matt Corallo <lf-lists at mattcorallo.com
> > <mailto:lf-lists at mattcorallo.com>> writes:
> > >>> Thus, even if you imagine a steady-state mempool growth, unless
> the
> > >>> "near the top of the mempool" criteria is "near the top of the
> next
> > >>> block" (which is obviously *not* incentive-compatible)
> > >>
> > >> I was defining "top of mempool" as "in the first 4 MSipa", ie.
> next
> > >> block, and assumed you'd only allow RBF if the old package wasn't
> > in the
> > >> top and the replacement would be. That seems incentive
> > compatible; more
> > >> than the current scheme?
> > >
> > > My point was, because of block time variance, even that criteria
> > doesn't hold up. If you assume a steady flow of new transactions and
> > one or two blocks come in "late", suddenly "top 4MWeight" isn't
> > likely to get confirmed until a few blocks come in "early". Given
> > block variance within a 12 block window, this is a relatively likely
> > scenario.
> >
> > [ Digging through old mail. ]
> >
> > Doesn't really matter. Lightning close algorithm would be:
> >
> > 1. Give bitcoind unileratal close.
> > 2. Ask bitcoind what current expidited fee is (or survey your
> mempool).
> > 3. Give bitcoind child "push" tx at that total feerate.
> > 4. If next block doesn't contain unilateral close tx, goto 2.
> >
> > In this case, if you allow a simpified RBF where 'you can replace if
> > 1. feerate is higher, 2. new tx is in first 4Msipa of mempool, 3.
> > old tx isnt',
> > it works.
> >
> > It allows someone 100k of free tx spam, sure. But it's simple.
> >
> > We could further restrict it by marking the unilateral close somehow
> to
> > say "gonna be pushed" and further limiting the child tx weight (say,
> > 5kSipa?) in that case.
> >
> > Cheers,
> > Rusty.
> > _______________________________________________
> > Lightning-dev mailing list
> > Lightning-dev at lists.linuxfoundation.org
> > <mailto:Lightning-dev at lists.linuxfoundation.org>
> > https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20191025/58a3d7b8/attachment.html>;
Johan Torås Halseth [ARCHIVE] /
npub1pp…hs2fw
2023-06-09 12:56:46
in reply to nevent1q…ecj4
Author Public Key
npub1ppn2nhlfdzkw9gw0ytljpef5dpyzsxzw8ffcyykamt32hw6pge0smhs2fwPublished at
2023-06-09 12:56:46Event JSON
{
"id": "94489633c9cad6f8d17c16df3eb7120d7d314b3370d2ce211f9d96e23df79e91",
"pubkey": "0866a9dfe968ace2a1cf22ff20e534684828184e3a538212dddae2abbb41465f",
"created_at": 1686315406,
"kind": 1,
"tags": [
[
"e",
"c09ce1a3a82461a811ba2a42e8897970311b8a0d5781f22470e75e1a35b07d83",
"",
"root"
],
[
"e",
"5398b2cd73009fcc777d711c654f38079dfc9d929d82b67cd561763cc2c1d52f",
"",
"reply"
],
[
"p",
"cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba"
]
],
"content": "📅 Original date posted:2019-10-25\n📝 Original message:\nIt essentially changes the rule to always allow CPFP-ing the commitment as\nlong as there is an output available without any descendants. It changes\nthe commitment from \"you always need at least, and exactly, one non-CSV\noutput per party. \" to \"you always need at least one non-CSV output per\nparty. \"\n\nI realize these limits are there for a reason though, but I'm wondering if\ncould relax them. Also now that jeremyrubin has expressed problems with the\ncurrent mempool limits.\n\nOn Thu, Oct 24, 2019 at 11:25 PM Matt Corallo \u003clf-lists at mattcorallo.com\u003e\nwrote:\n\n\u003e I may be missing something, but I'm not sure how this changes anything?\n\u003e\n\u003e If you have a commitment transaction, you always need at least, and\n\u003e exactly, one non-CSV output per party. The fact that there is a size\n\u003e limitation on the transaction that spends for carve-out purposes only\n\u003e effects how many other inputs/outputs you can add, but somehow I doubt\n\u003e its ever going to be a large enough number to matter.\n\u003e\n\u003e Matt\n\u003e\n\u003e On 10/24/19 1:49 PM, Johan Torås Halseth wrote:\n\u003e \u003e Reviving this old thread now that the recently released RC for bitcoind\n\u003e \u003e 0.19 includes the above mentioned carve-out rule.\n\u003e \u003e\n\u003e \u003e In an attempt to pave the way for more robust CPFP of on-chain contracts\n\u003e \u003e (Lightning commitment transactions), the carve-out rule was added in\n\u003e \u003e https://github.com/bitcoin/bitcoin/pull/15681. However, having worked on\n\u003e \u003e an implementation of a new commitment format for utilizing the Bring\n\u003e \u003e Your Own Fees strategy using CPFP, I’m wondering if the special case\n\u003e \u003e rule should have been relaxed a bit, to avoid the need for adding a 1\n\u003e \u003e CSV to all outputs (in case of Lightning this means HTLC scripts would\n\u003e \u003e need to be changed to add the CSV delay).\n\u003e \u003e\n\u003e \u003e Instead, what about letting the rule be\n\u003e \u003e\n\u003e \u003e The last transaction which is added to a package of dependent\n\u003e \u003e transactions in the mempool must:\n\u003e \u003e * Have no more than one unconfirmed parent.\n\u003e \u003e\n\u003e \u003e This would of course allow adding a large transaction to each output of\n\u003e \u003e the unconfirmed parent, which in effect would allow an attacker to\n\u003e \u003e exceed the MAX_PACKAGE_VIRTUAL_SIZE limit in some cases. However, is\n\u003e \u003e this a problem with the current mempool acceptance code in bitcoind? I\n\u003e \u003e would imagine evicting transactions based on feerate when the max\n\u003e \u003e mempool size is met handles this, but I’m asking since it seems like\n\u003e \u003e there has been several changes to the acceptance code and eviction\n\u003e \u003e policy since the limit was first introduced.\n\u003e \u003e\n\u003e \u003e - Johan\n\u003e \u003e\n\u003e \u003e\n\u003e \u003e On Wed, Feb 13, 2019 at 6:57 AM Rusty Russell \u003crusty at rustcorp.com.au\n\u003e \u003e \u003cmailto:rusty at rustcorp.com.au\u003e\u003e wrote:\n\u003e \u003e\n\u003e \u003e Matt Corallo \u003clf-lists at mattcorallo.com\n\u003e \u003e \u003cmailto:lf-lists at mattcorallo.com\u003e\u003e writes:\n\u003e \u003e \u003e\u003e\u003e Thus, even if you imagine a steady-state mempool growth, unless\n\u003e the\n\u003e \u003e \u003e\u003e\u003e \"near the top of the mempool\" criteria is \"near the top of the\n\u003e next\n\u003e \u003e \u003e\u003e\u003e block\" (which is obviously *not* incentive-compatible)\n\u003e \u003e \u003e\u003e\n\u003e \u003e \u003e\u003e I was defining \"top of mempool\" as \"in the first 4 MSipa\", ie.\n\u003e next\n\u003e \u003e \u003e\u003e block, and assumed you'd only allow RBF if the old package wasn't\n\u003e \u003e in the\n\u003e \u003e \u003e\u003e top and the replacement would be. That seems incentive\n\u003e \u003e compatible; more\n\u003e \u003e \u003e\u003e than the current scheme?\n\u003e \u003e \u003e\n\u003e \u003e \u003e My point was, because of block time variance, even that criteria\n\u003e \u003e doesn't hold up. If you assume a steady flow of new transactions and\n\u003e \u003e one or two blocks come in \"late\", suddenly \"top 4MWeight\" isn't\n\u003e \u003e likely to get confirmed until a few blocks come in \"early\". Given\n\u003e \u003e block variance within a 12 block window, this is a relatively likely\n\u003e \u003e scenario.\n\u003e \u003e\n\u003e \u003e [ Digging through old mail. ]\n\u003e \u003e\n\u003e \u003e Doesn't really matter. Lightning close algorithm would be:\n\u003e \u003e\n\u003e \u003e 1. Give bitcoind unileratal close.\n\u003e \u003e 2. Ask bitcoind what current expidited fee is (or survey your\n\u003e mempool).\n\u003e \u003e 3. Give bitcoind child \"push\" tx at that total feerate.\n\u003e \u003e 4. If next block doesn't contain unilateral close tx, goto 2.\n\u003e \u003e\n\u003e \u003e In this case, if you allow a simpified RBF where 'you can replace if\n\u003e \u003e 1. feerate is higher, 2. new tx is in first 4Msipa of mempool, 3.\n\u003e \u003e old tx isnt',\n\u003e \u003e it works.\n\u003e \u003e\n\u003e \u003e It allows someone 100k of free tx spam, sure. But it's simple.\n\u003e \u003e\n\u003e \u003e We could further restrict it by marking the unilateral close somehow\n\u003e to\n\u003e \u003e say \"gonna be pushed\" and further limiting the child tx weight (say,\n\u003e \u003e 5kSipa?) in that case.\n\u003e \u003e\n\u003e \u003e Cheers,\n\u003e \u003e Rusty.\n\u003e \u003e _______________________________________________\n\u003e \u003e Lightning-dev mailing list\n\u003e \u003e Lightning-dev at lists.linuxfoundation.org\n\u003e \u003e \u003cmailto:Lightning-dev at lists.linuxfoundation.org\u003e\n\u003e \u003e https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev\n\u003e \u003e\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20191025/58a3d7b8/attachment.html\u003e",
"sig": "0cf2ec42ef13dd18c315738d365ec42cd07a2621f47447aae69700d05a97ecf324bad9c630a35d79ad5ea47e16b8058fc12030ba4a49c0ce675508cdf21fb2c9"
}