[defaults]: Consider Reducing Default max_htlcx_accepted
carlaKC opened this issue · 4 comments
bitcoin/bitcoin#29873 proposes a 10,000 vbyte limit on unconfirmed parent TRUC(V3) transactions, which in the context of lightning would be our commitment transaction. Given our expected commitment weight in bolt-03 for anchor channels we can calculate the maximum HTLCs that would fit in this transaction limit:
(900 + 172 * num-htlc-outputs + 224)/4 = 10000 vbytes
num-htlc-outputs = 226
Divided between two channel participants we arrive at max-accepted-htlcs = 113, which is below LND's current limit of 483. While we'll definitely need dynamic commitments to migrate legacy channels to set a lower limit, upgrading the default now is a step in this direction for new channels.
Opened this PR to start the conversation about the change of defaults in the context of LND as a project. If there's feedback on this limit, I think it makes sense to have the conversation on the bitcoin PR - as they're actively seeking input from LN folks.
I recognize that it seems somewhat unhinged for the person who's always yakking on about channel jamming to be talking about decreasing the number of available slots on channels, but from all the data that we've collected so far it's apparent that we get nowhere near to these limits irl. Further, the expense of filling up these slots is so trivial for an attacker, that larger values don't really offer us much protection against jamming in practice anyway.
As the bitcoin/bitcoin#29873 was merged 4 days ago, it seems we should change the max-accepted-htlcs to 113 to keep compatibility, other way the commitment transactions should be refused in the near future!
As the bitcoin/bitcoin#29873 was merged 4 days ago, it seems we should change the max-accepted-htlcs to 113 to keep compatibility, other way the commitment transactions should be refused in the near future!
That's not the case, this will only come into play when we upgrade to using commitment transactions that opt in with nVersion=3.
Concept ACK.
There are also good security reasons to have a smaller default and limit HTLC exposure.