From mattmorehouse at gmail.com Fri Dec 1 22:42:34 2023 From: mattmorehouse at gmail.com (Matt Morehouse) Date: Fri, 1 Dec 2023 22:42:34 +0000 Subject: [Lightning-dev] Liquidity Ads and griefing subtleties In-Reply-To: References: Message-ID: On Fri, Dec 1, 2023 at 5:47?PM Bastien TEINTURIER wrote: > > If Alice pays for a 10 000 sats lease, we only want those 10 000 sats > to be encumbered with a CLTV. But this is actually not enforceable. We > could create a separate output in the commitment transaction with the > leased funds and a CLTV, while keeping the rest of the seller's funds in > a normal output that doesn't have a CLTV. But then what happens when > HTLCs are relayed and then failed? To which output should we add the > funds back? Any strategy we use here can be exploited either by the > seller to drain the leased funds back to its non-CLTV-locked output, > or by the buyer to keep funds in the CLTV-locked output forever. Could we implement a policy that always encumbers the seller's first 10k sats with a CLTV, then spills any excess over to a normal output? HTLCs outgoing from the seller would first subtract from the normal output before dipping into the CLTV output. If failed, the returned funds would first add to the CLTV output (up to a total of 10k), then spill over to the normal output. Maybe I'm missing something, but I don't think either party can exploit such a policy. There's also the question of whether to encumber HTLC outputs with the lease timelock. But IIUC the current proposal is to limit the total HTLC value in flight, which should limit exposure for both parties regardless of the timelock policy for HTLC outputs.