How to mitigate agains Flood & Loot?
11
avatar for salmon-of-wondrous-defiance
14 months ago by
avatar for salmon-of-wondrous-defiance salmon-of-wondrous-defiance88 sats wrote:

It's clear that no flawless solutions currently exists against Flood & Loot. Yet, authors mention 4 mitigations. What are some ways to implement it in LND?

lnd
ADD INCENTIVE   ADD COMMENTlink written 14 months ago by salmon-of-wondrous-defiance88 sats
4

for Reducing the maximal number of unresolved HTLCs My lncli listchannels shows "max_accepted_htlcs": 483 under local_constraints and remote_constraints. Not sure how to change that...

ADD REPLYlink written 14 months ago by salmon-of-wondrous-defiance88 sats

How is CPFP not a protection against this attack?

ADD REPLYlink written 14 months ago by magic-loon-of-beauty (not signed)55k sats
4.1k
avatar for visionary-lively-jellyfish
8 months ago by
avatar for visionary-lively-jellyfish visionary-lively-jellyfish59k sats wrote:
  1. Reduce the max unresolved HTLCs Refers to LNDs channels "max_accepted_htlcs". The lower this option, the more channels the attacker will have to use, making it more risky and expensive for them. At the moment it seems you can only make a change for new channels by changing lnd config "--default-remote-max-htlcs" which is 483 HTLCs by default. Another slightly related option on "openchannel" is "--remote_max_value_in_flight_msat". [ ... ]
ADD COMMENTlink written 8 months ago by visionary-lively-jellyfish59k sats
  1. Earlier closure of channels lnd by default scales the blocks needed to wait in case on a unilateral close, based on the capacity of the channel from 144 to 2016 blocks. Alternatively, you could use --bitcoin.defaultremotedelay for new channels to override that and require a longer objection time. Or use --remote_csv_delay with "openchannel" when you initiate a new channel.
ADD REPLYlink written 8 months ago by visionary-lively-jellyfish59k sats

[3.] Immediate release of HTLC claiming TXs There is no option to help with #3. It is up to the devs to adopt it if they want so. Eltoo should help make this less costly.

[4.] Reputation-Based Behavior Reputation of nodes is slowly being introduced on node implementations, but it is still very early work and not exposed to the user via options to adjust. [...]

ADD REPLYlink written 8 months ago by visionary-lively-jellyfish59k sats

[4. contd] At the moment reputation is usually short-lived in order to not be abused and leave room for less local optima occurrences. At the moment you could install Faraday [ https://github.com/lightninglabs/faraday ] which helps with some common tasks but still some work until it is smart enough to be automated. Devs however said that this is their goal, to automate all these mundane tasks and not offload it to the users.

ADD REPLYlink written 8 months ago by visionary-lively-jellyfish59k sats

Add your answer

Note:

  • Answers should ONLY be used to respond to the original question at the top of this page! Use the ADD COMMENT or ADD REPLY buttons above to respond to someone, ask for clarifications, request more details, etc.
  • Maximum answer length is 500 characters due to limits on Lightning invoice size. After posting you can use comments to expand.
  • Incentive is awarded to signed answers only

Help

Use of this site constitutes acceptance of our User Agreement and Privacy Policy.
Powered by ln-central open soruce Q&A software running code change a5ae7af8 which was committed 8 months ago