Think about the next graph within the Lightning Community:
B D
/ /
A C E
/ /
F G
and node A desires to pay node E.
A chooses to pay with multi-path-payment composed of the routes: A->B->C->D->E
and A->F->C->G->E.
Based on the BOLT4 in a fundamental MPP all components use the identical fee hash and payee releases the preimage as soon as a set of HTLC arrive to vacation spot making certain that the full quantity is fulfilled. The atomicity is then assured by the financial incentive of the payee.
Nevertheless, I do not see how this mechanism prevents the steal of funds when the completely different routes of the identical fee have a standard routing node like within the instance above.
The difficulty lies in the truth that the identical preimage releases the funds on all components HTLCs.
My thought experiment is as follows:
-
Aconstructs a 2 route MPP to payE, these are
A->B->C->D->EandA->F->C->G->E. -
Ereceives two HTLCs fromDandGthat add as much as the fee quantity, after which releases the preimage toDandGto settle these. -
Creceives the preimage fromDand settles the HTLC within the channelC--D. -
at this level
Ccan present the preimage toBandFas proof of fee forwarding, however he does not must settle the HTLC withG. He’ll wait till the timelock expires, thus successfully stealing funds fromG.
I am certain there should be one thing fallacious with this reasoning.
I can’t see how the cryptographic ensures that apply to single route funds clear up this example as properly. And my concern is that MPP can solely be carried out securely just for disjoint routes.
This 3 12 months outdated submit describes one other type of multi-part-payment known as AMP (atomic multi-path), wherein every route makes use of a distinct fee hash and thus the issue described above does not apply, with the disadvantage that the preimage is thought to the sender in superior and thus can’t be used as a proof of fee.
Coming again to the query:
What prevents C from stealing G‘s funds in a fundamental MPP fee?