Conversation
Codecov Report
@@ Coverage Diff @@
## master #1900 +/- ##
==========================================
- Coverage 87.67% 87.65% -0.02%
==========================================
Files 158 158
Lines 12407 12420 +13
Branches 519 512 -7
==========================================
+ Hits 10878 10887 +9
- Misses 1529 1533 +4
|
|
If our peer uses non-segwit shutdown scripts and we lower the dust limit below what is acceptable for non-segwit outputs (546 instead of 330), then we may end up creating mutual close transactions with dust outputs ? |
|
I started a discussion on the spec regarding this issue: lightning/bolts#905 |
t-bast
force-pushed
the
remote-low-dust-limit-threshold
branch
from
00d7b2f to
705cc91
Compare
We are slowly dropping support for non-segwit outputs, as proposed in lightning/bolts#894 We can thus safely allow dust limits all the way down to 354 satoshis.
In very rare cases where dust_limit_satoshis is negotiated to a low value, our peer may generate closing txs that will not correctly relay on the bitcoin network due to dust relay policies. When that happens, we detect it and force-close instead of completing the mutual close flow.
We shouldn't use non-segwit scripts anymore as they can in theory mess with the dust limits (and we should encourage migration to segwit).
t-bast
force-pushed
the
remote-low-dust-limit-threshold
branch
from
705cc91 to
ca2c87f
Compare
pm47
left a comment
pm47
left a comment
There was a problem hiding this comment.
I was expecting a check on the script with a force close branch here:
but you are doing it differently. You let the mutual close process reach the point where a sig is exchanged, an only then do we check amounts and maybe force-close. Is that correct?I was also expecting a check there for the case where we initiate the mutual close:
CMD_CLOSE to prevent unnecessary force closes if used directly (e.g. from a plugin).
Yes, that was the least invasive option, because we need to have decided on a fee before we can check whether we need to force-close (since the fee impacts the output amounts). But it's mostly because it was easiest to do here than elsewhere.
I don't think it's worth explicitly rejecting here. But this was a good opportunity to promote segwit-only at the API level to encourage our users to migrate (if not already done), because there's just no reason to use non-segwit today. |
4 participants
Implement lightning/bolts#894
We can safely accept dust limits as small as 354 sats, as long as we explicitly handle the case where a closing tx is generated with an output below dust (when that happens, we force-close to get our funds back).
The spec PR received broad agreement during yesterday's spec meeting, so we can safely merge this change now.