[feature]: Disable sweeper batching for anchor spends #8433
Comments
morehouse
added
security
|
So with #8345 we should no longer be attempting to publish (which may lock up UTXOs in the wallet) anything that violates default policy rules. Aside from that, IIUC, wouldn't the |
Keeping the UTXOs unlocked when publishing fails is good, but it doesn't fix the problem. We still need to actually publish a transaction that doesn't fail, otherwise the commitment transaction will have low fee and can fail to confirm before HTLC deadlines.
Our batched anchor spends would only be rejected by It's also possible that the descendant limit is reached in miner mempools, but some of those descendants haven't propagated to our |
saubyk
added
brainstorming
|
@yyforyongyu Is this something we can add to #8424, or would you rather make this change separately? |
|
This is also needed for when we upgrade to v3 transactions or if imbued v3 becomes a thing |
|
This should happen after #8424, and should be straightforward as we can skip the aggregation by adding a |
|
With imbued v3 (new v2 transactions having v3 logic applied to them), we won't need to update btcwallet or btcd for the v3 logic to apply; it will just happen. |
The CPFP carve-out requires anchor spends to have only one unconfirmed ancestor (i.e. the commitment transaction). Thus, if the sweeper attempts to batch anchor spends, the CPFP carve-out rules are violated and we're vulnerable to basic commitment pinning attacks.
The text was updated successfully, but these errors were encountered: