On Fri, Dec 1, 2023 at 5:47 PM Bastien TEINTURIER <bast...@acinq.fr> wrote: > > If Alice pays for a 10 000 sats lease, we only want those 10 000 sats > to be encumbered with a CLTV. But this is actually not enforceable. We > could create a separate output in the commitment transaction with the > leased funds and a CLTV, while keeping the rest of the seller's funds in > a normal output that doesn't have a CLTV. But then what happens when > HTLCs are relayed and then failed? To which output should we add the > funds back? Any strategy we use here can be exploited either by the > seller to drain the leased funds back to its non-CLTV-locked output, > or by the buyer to keep funds in the CLTV-locked output forever.
Could we implement a policy that always encumbers the seller's first 10k sats with a CLTV, then spills any excess over to a normal output? HTLCs outgoing from the seller would first subtract from the normal output before dipping into the CLTV output. If failed, the returned funds would first add to the CLTV output (up to a total of 10k), then spill over to the normal output. Maybe I'm missing something, but I don't think either party can exploit such a policy. There's also the question of whether to encumber HTLC outputs with the lease timelock. But IIUC the current proposal is to limit the total HTLC value in flight, which should limit exposure for both parties regardless of the timelock policy for HTLC outputs. _______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
