Peers need to check each other's dust limit #894
Conversation
02-peer-protocol.md
Outdated
| @@ -239,6 +239,7 @@ The receiving node MAY fail the channel if: | |||
| - it considers `channel_reserve_satoshis` too large. | |||
| - it considers `max_accepted_htlcs` too small. | |||
| - it considers `dust_limit_satoshis` too small and plans to rely on the sending node publishing its commitment transaction in the event of a data loss (see [message-retransmission](02-peer-protocol.md#message-retransmission)). | |||
There was a problem hiding this comment.
Should we drop this? I believe c-lightning and lnd both don't implement this at all today, and I'm not sure if we need to?
There was a problem hiding this comment.
I think it's still useful, and I kept a lower bound on eclair, because you may want to avoid letting your peer create a commit tx that you think will not easily propagate through the bitcoin network because it doesn't satisfy default policy settings.
If you think you'll rely on their commit tx with option_dataloss_protect, you want to be sure their commit tx can get to miners' mempools, don't you?
There was a problem hiding this comment.
If you think you'll rely on their commit tx with option_dataloss_protect, you want to be sure their commit tx can get to miners' mempools, don't you?
Yea, that's a good point. Should we clarify that a suggested lower-bound is 330 (which IIRC is the exact current network dust threshold)?
There was a problem hiding this comment.
Update: I instead added a list of the network dust threshold in 40cfede which implementers can refer to when deciding what lower bound they want to enforce.
There was a problem hiding this comment.
I don't think that's really sufficient - there needs to be guidance in what implementations should be allowed to set the dust limit to, as otherwise we end up back where we are today where some nodes arbitrarily force-closed based on dust limit and there isn't a consensus. I'd strongly prefer if we either agree to set it to the max value for a standard output, or we set it to 330 and then fix the close negotiation logic via #896.
There was a problem hiding this comment.
Right, I agree with that. Both options have pros and cons:
- if we all decide to enforce a minimum
dust_limit_satoshis = 546 sat, we don't have issues at closing and Trim closing output below network dust threshold #896 isn't even needed - otherwise if we enforce a minimum
dust_limit_satoshis = 546 sat, this allows smaller outputs on the commit tx but we need to do something at closing time (Trim closing output below network dust threshold #896 or some other solution).
Note that an alternative to #896 which would also fix the issue would be to disallow non-segwit scripts in shutdown. Now that segwit is widely supported, this would fix a few headaches.
I'd like feedback from other implementers on this choice, @rustyrussell @Roasbeef what do you think?
There was a problem hiding this comment.
Yea, if we can get agreement on it, I'd love to just say "segwit-only shutdown", drop 896 and then set dust limit to be the segwit lower bound (354, I think? check my math). Do any implementations in practice do non-segwit closing scripts today? It would mean you can't open a channel with that output which seems incredibly restrictive.
There was a problem hiding this comment.
You can close to cold storage, I guess, which may be old skool. But simplicity FTW: you can always unilaterally close so I've never considered it a big deal whatever we do here.
IOW, I'm happy with adding "mutual quickclose must be segwit" in #847
There was a problem hiding this comment.
I opened an issue to discuss the dust_limit_satoshis lower bounds in #905
I'd like to treat this in a separate PR than this one, which fixes a different issue that we should have fixed a long time ago (adding a higher bound on our peer's dust_limit_satoshis).
If my calculations of the various dust thresholds imposed by Bitcoin Core are correct, I believe we can merge this PR as the need to impose a higher bound on remote dust should be obvious to everyone?
|
There can be issues with dust limits below 546, as pointed out here. This is also a concern with future segwit versions, for which we don't know the bitcoin network dust threshold (when using |
That's a good point, I'd like to hear from lnd and c-lightning folks whether they think this matters given they currently don't enforce this at all. I presume they force-close channels if the closing transaction doesn't confirm in some time?
Right, this seems to be a general problem - the only thing you can realistically do here is force-close if nothing confirms in some time because at least you know all the scripts used in that transaction. |
|
AFAICT the only place where peers are free to use different types of scripts is during mutual close. The spec could list in the mutual close requirements the dust threshold for each type of script (e.g. 546 sats for non-segwit, 330 sats for segwit, ??? for taproot) and both nodes should enforce these static checks and prune outputs accordingly. If one of the peers doesn't, this will automatically result in a force-close since the closing signatures won't match. |
I tried to ask about this on
That is an incompatibility, I think - one issue with If we fix the spec to actually allow unilateral dropping of a node's output, we could reasonably just say that nodes can send a dust threshold down to 330, but have to enforce that counterparties have removed their output during closing if its lower than the scripts real dust threshold. |
|
In case anybody was wondering, I believe p2tr outputs will have a dust limit defined by Core's |
t-bast
force-pushed
the
check-remote-dust-limit
branch
from
f16ea99
to
40cfede
Compare
t-bast
force-pushed
the
check-remote-dust-limit
branch
from
40cfede
to
0e39482
Compare
|
As discussed during yesterday's spec meeting, I added option 2 of #905 in 3e7771e
|
|
Looks good to me. Is it worth mentioning in the rationale section that older nodes will send non-segwit shutdown scripts and you may wish to allow them for backwards-compatibility today, taking note of the force-close requirement at shutdown. |
Since HTLCs below this amount will not appear in the commitment tx, they are effectively converted to miner fees. The peer could use this to grief you by broadcasting its commitment once it contains a lot of dust HTLCs. Fixes #696
As implemented in Bitcoin Core's default relay policy.
This allows dust limit to go as low as 354 sats without creating relay issues with default node policies. We add a requirement that dust limit cannot be lower than 354 sats. This ensures implementers don't have to figure this subtlety on their own.
t-bast
force-pushed
the
check-remote-dust-limit
branch
from
342ab55
to
9ff1387
Compare
You're right, it's hard to understand without any context. I rebased and added some rationale in 9ff1387 |
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis.
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis. In very rare cases where dust_limit_satoshis is negotiated to a low value, our peer may generate closing txs that will not correctly relay on the bitcoin network due to dust relay policies. When that happens, we detect it and force-close instead of completing the mutual close flow.
| @@ -270,6 +269,7 @@ The receiving node MUST fail the channel if: | |||
| - `funding_pubkey`, `revocation_basepoint`, `htlc_basepoint`, `payment_basepoint`, or `delayed_payment_basepoint` | |||
| are not valid secp256k1 pubkeys in compressed format. | |||
| - `dust_limit_satoshis` is greater than `channel_reserve_satoshis`. | |||
| - `dust_limit_satoshis` is smaller than `354 satoshis` (see [BOLT 3](03-transactions.md#dust-limits)). | |||
There was a problem hiding this comment.
I think this should only apply for option_shutdown_anysegwit and otherwise allow a lower bound of 330 satoshis.
There was a problem hiding this comment.
correction: I see eclair's reasoning for not allowing lower than 546 unless segwit-only shutdown. Maybe this should only apply if the node has option_shutdown_anysegwit & segwit-only shutdown. I know the latter isn't a feature-bit, but it could be.
There was a problem hiding this comment.
I think this should only apply for option_shutdown_anysegwit and otherwise allow a lower bound of 330 satoshis.
I disagree, because option_shutdown_anysegwit can be activated after the channel is opened.
For example, Alice and Bob open a channel without option_shutdown_anysegwit and set dust_limit to 330 sats.
Then later they both activate option_shutdown_anysegwit (because why not?).
If they didn't use an upfront_shutdown_script, they're allowed to use a segwit v1+ script when closing the channel, which can be an issue for dust limits below 354 sats.
So let's be safe and use 354 sats which is future-proof.
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis. In very rare cases where dust_limit_satoshis is negotiated to a low value, our peer may generate closing txs that will not correctly relay on the bitcoin network due to dust relay policies. When that happens, we detect it and force-close instead of completing the mutual close flow.
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis.
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis. In very rare cases where dust_limit_satoshis is negotiated to a low value, our peer may generate closing txs that will not correctly relay on the bitcoin network due to dust relay policies. When that happens, we detect it and force-close instead of completing the mutual close flow.
|
Merging this PR as discussed during the last spec meetings and explicitly approved since. |
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis. In very rare cases where dust_limit_satoshis is negotiated to a low value, our peer may generate closing txs that will not correctly relay on the bitcoin network due to dust relay policies. When that happens, we detect it and force-close instead of completing the mutual close flow.
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis. In very rare cases where dust_limit_satoshis is negotiated to a low value, our peer may generate closing txs that will not correctly relay on the bitcoin network due to dust relay policies. When that happens, we detect it and force-close instead of completing the mutual close flow.
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis. In very rare cases where dust_limit_satoshis is negotiated to a low value, our peer may generate closing txs that will not correctly relay on the bitcoin network due to dust relay policies. When that happens, we detect it and force-close instead of completing the mutual close flow.
P2SH outputs have larger dust requirements than native SegWit (and Taproot) scripts; we disallow the creation of them on funding txs as a they're problematic for relay when allowing dust limits below 546 sats (see lightning#894) Suggested-by: @t-bast
P2SH outputs have larger dust requirements than native SegWit (and Taproot) scripts; we disallow the creation of them on funding txs as a they're problematic for relay when allowing dust limits below 546 sats (see lightning#894) Suggested-by: @t-bast
Since HTLCs below this amount will not appear in the commitment tx, they are effectively converted to miner fees. The peer could use this to grief you by broadcasting its commitment once it contains a lot of dust HTLCs.
I just stumbled upon issue #696 which mentioned that a while ago, but we didn't update the spec accordingly.
However, implementations do already enforce that.
I also added a lower bound on
dust_limit_satoshisthat ensures that transactions will correctly propagate with default relay policies.Fixes #696 and #905