[Lightning-dev] Why should funders always pay on-chain fees?

ZmnSCPxj ZmnSCPxj at protonmail.com
Mon Oct 5 16:06:46 UTC 2020 

Good morning Bastien,

> Good morning list,
>
> It seems to me that the "funder pays all the commit tx fees" rule exists solely for simplicity
> (which was totally reasonable). I haven't been able to find much discussion about this decision
> on the mailing list nor in the spec commits.


This indeed seems to be one of those "unwritten rules", like the unwritten rule that SCRIPT opcodes can only look at the transaction they are in and cannot look at the block it got confirmed in, or previous blocks.

My rough understanding is that it prevents this kind of griefing attack:

* You have a node with channels balanced just as you like it, very lucrative, earning entire satoshis of routing fees per week.
* I have a bunch of funds lying around, much larger than your liquidity.
* I create a temporary throwaway node and have it make a large channel to you about equal to your liquidity.
* I send out all of the funds on the new large channel, preferably to offchain-to-onchain swaps like Loop or Boltz.
  * This shrinks the outgoing liquidity you have available on your existing channels, making it difficult for you to route and earn routing fees -- in order to route, you need to have *both* incoming and outgoing liquidity.
  * If I do not make another channel with my new node, then you cannot rebalance offchain.
* Since my new large channel is now exhausted, I can delete the throwaway node forever.
  * The `close_to` feature also allows me to arrange the funds to be closed to a cold-storage funds.
  * Or I can just keep the necessary keys to recover funds from the unilateral channel close broadcast by you later.
  * There is a reserve, but that is tiny, and if so I can probably afford to wait --- this is a game of chicken on who closes the channel, and since most of the channel is on your end, you are at a serious disadvantage.
* You are now forced to unilateral close the channel so you can send it to an onchain-to-offchain swap and reload your channels into the proper balance it had before I attacked you.

If the unilateral close on the channel were paid by you, then that is adding insult to injury.
Thus, it is better if the unilateral close were paid by me, even if ultimately the unilateral close is performed by you.
This is "initiator pays" principle.

--

On the other hand, a quick skim of your proposal suggests that it still respects the "initiator pays" principle.
Basically, the fundee only pays fees for HTLCs they initiated, which is not relevant to the above attack (since in the above attack, my node is a dead end, you will never send out an HTLC through my channel to rebalance).
So it should still be acceptable.

Regards,
ZmnSCPxj


>
> At first glance, it's true that at the beginning of the channel lifetime, the funder should be
> responsible for the fee (it's his decision to open a channel after all). But as time goes by and
> both peers earn value from this channel, this rule becomes questionable. We've discovered since
> then that there is some risk associated with having pending HTLCs (flood-and-loot type of attacks,
> pinning, channel jamming, etc).
>
> I think that *in some cases*, fundees should be paying a portion of the commit-tx on-chain fees,
> otherwise we may end up with a web-of-trust network where channels would only exist between peers
> that trust each other, which is quite limiting (I'm hoping we can do better).
>
> Routing nodes may be at risk when they *receive* HTLCs. All the attacks that steal funds come from
> the fact that a routing node has paid downstream but cannot claim the upstream HTLCs (correct me
> if that's incorrect). Thus I'd like nodes to pay for the on-chain fees of the HTLCs they offer
> while they're pending in the commit-tx, regardless of whether they're funder or fundee.
>
> The simplest way to do this would be to deduce the HTLC cost (172 * feerate) from the offerer's
> main output (instead of the funder's main output, while keeping the base commit tx weight paid
> by the funder).
>
> A more extreme proposal would be to tie the *total* commit-tx fee to the channel usage:
>
> * if there are no pending HTLCs, the funder pays all the fee
> * if there are pending HTLCs, each node pays a proportion of the fee proportional to the number of
> HTLCs they offered. If Alice offered 1 HTLC and Bob offered 3 HTLCs, Bob pays 75% of the
> commit-tx fee and Alice pays 25%. When the HTLCs settle, the fee is redistributed.
>
> This model uses the on-chain fee as collateral for usage of the channel. If Alice wants to forward
> HTLCs through this channel (because she has something to gain - routing fees), she should be taking
> on some of the associated risk, not Bob. Bob will be taking the same risk downstream if he chooses
> to forward.
>
> I believe it also forces the fundee to care about on-chain feerates, which is a healthy incentive.
> It may create a feedback loop between on-chain feerates and routing fees, which I believe is also
> a good long-term thing (but it's hard to predict as there may be negative side-effects as well).
>
> What do you all think? Is this a terrible idea? Is it okay-ish, but not worth the additional
> complexity? Is it an amazing idea worth a lightning nobel? Please don't take any of my claims
> for granted and challenge them, there may be negative side-effects I'm completely missing, this is
> a fragile game of incentives...
>
> Side-note: don't forget to take into account that the fees for HTLC transactions (second-level txs)
> are always paid by the party that broadcasts them (which makes sense). I still think this is not
> enough and can even be abused by fundees in some setups.
>
> Thanks,
> Bastien

More information about the Lightning-dev mailing list