bitcoin-dev

OP_Expire mempool behavior

OP_Expire mempool behavior

Original Postby Antoine Riard

Posted on: March 16, 2024 18:21 UTC

In the discourse of Lightning Network (LN) transactions, particularly the second-stage transactions like HTLC-preimage and HTLC-timeout, an issue arises when a HTLC-preimage is broadcast close to its "cltv_expiry." This prompts routing nodes within the LN to automatically broadcast an on-chain HTLC-timeout transaction, leading to a probabilistic waste of bandwidth for transactions that may have lower chances of being mined.

This concern, although not novel to the OP_EXPIRE finality time-bounding semantics, becomes more pronounced with the introduction of mechanisms such as altruistic rebroadcasting. The concept of rebroadcasting aims to favor transactions with higher mining odds, aligning with Replacement-By-Fee (RBF) principles. Further discussion on this topic can be found in a mailing list thread.

Moreover, the uniformity in minimum fees across different nodes, despite their diverse locations and Bitcoin Core versions, was highlighted through an examination of four distinct long-running nodes. This consistency in minimum fees, contrastingly more aligned than the variance in mempool sizes, underscores the predictability of fee structures across the network. This observation is crucial, especially in light of strategies against diverging mempool minimum fees as discussed in GitHub pull request #28488.

The discussion further delves into the dynamics of replacement cycling attacks facilitated by BIP125's rule 4, which dictates that each replacement transaction must carry a fee sufficient to cover the bandwidth used. However, a loophole exists with nVersion=3 transactions where a package's parent transaction can be signed with a fee rate below the minimum relay transaction fee, allowing an attacker to replace a child transaction and inadvertently evict the parent without covering the cost of bandwidth fully. This strategy enables attackers to exploit the system by engaging in replacement cycling attacks across multiple nodes using the same Unspent Transaction Outputs (UTXOs), benefiting from a scaling effect while circumventing adequate fee payments.

The critique extends to the practical implementation challenges within traditional LN nodes, which typically maintain a singular tx-relay edge access to the tx-relay network. This limitation complicates the effective execution of replacement cycling attacks due to the intricate interface designs of LN nodes. The possibility of an attacker leveraging partitioning to isolate victim transactions within local mempools, thereby preventing their propagation, is acknowledged. Nonetheless, the assumption that altruistic rebroadcasting would significantly mitigate such attacks is challenged. The perspective offered suggests that while altruistic rebroadcasting imposes an additional burden on attackers—requiring one UTXO per victim—it remains a relatively minor obstacle given the low cost of acquiring UTXOs.

This comprehensive overview encapsulates the nuanced discussions surrounding LN transactions, the implications of rebroadcasting mechanisms, the uniformity of minimum fees across the network, and the vulnerabilities associated with replacement cycling attacks. The discourse emphasizes the need for continuous scrutiny and adaptation of protocols to address emerging challenges within the dynamic landscape of cryptocurrency transactions.