-4 upvotes, 1 direct replies (showing 1)
View submission: Lightning Network Megathread
it is absolutely cool and even *cooler* when you take a minute to think of all the clever ways malicious actors will attempt to exploit it. For instance what do you do when someone gets ahold of your previous contracts and broadcasts them to the chain to make it look like *you were the one attempting fraud* and then posting the most recent contract and taking your funds as a result. So we say "well we are just going to have to be responsible to not let anyone have access to our previous channel states". Except that we are already talking about trusting a 3rd party to hold those contracts and broadcast them as our proxy in the event we are offline. Also why having a 3rd party proxy that we have to trust part of this... The whole point of LN was that it was supposed to be *trustless*
Comment by MrRGnome at 03/01/2018 at 15:04 UTC*
3 upvotes, 0 direct replies
For instance what do you do when someone gets ahold of your previous contracts and broadcasts them to the chain
All HTLCs are single use, time sensitive, and transaction specific for this exact reason. No one has a given proof of payment except you and the single individual you paid in that single instance. It can only prove the single transaction occured and is useless beyond shouting "fraud!" in the instance that someone is lying about that transaction in the closing state of the channel. Someone else having it or using it does nothing, it's only possible function is in proving that one transaction in the instance of fraud.
Except that we are already talking about trusting a 3rd party to hold those contracts and broadcast
There is no trusting any of the other parties, that's part of the brilliance! Because each individual channel is trustless using the mechanisms I just described - that is you can report fraud in your own channel - it makes all the channels in a given chain trustless since all parties in the chain rely on the same prehash secret (the hash part of the hash time locked contract, these contracts are unlocked by either time or a prehash). If one part of the multi channel HTLC chain is exposed it necessarily uses the prehash to unlock the contract, this unlocks everyone else in the chains HTLCs as well since they are using the same prehash and the entire transaction chain can thus be proven completed. Trust never enters the equation, these HTLCs give each channel user the tools to protect their offchain resources by proving they were paid offchain in the event anyone lies on chain. It's a system where valid on chain transactions only need to be published if someone starts trying to break the rules, thus you gain the trustless properties of blockchains and smart contracts without the need to publish every single one.
I think if you go ahead and read some of the resources on lightning you will find the attacks you are thinking about as well as the trust you think exists don't really exist at all. Seriously, it's very very interesting how the kinds of attacks you mention are thwarted, especially the common prehash multi channel hops.