#lightning-dev log

20:09:17 <niftynei> #startmeeting
20:09:17 <lightningbot> Meeting started Mon Aug 31 20:09:17 2020 UTC.  The chair is niftynei. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:09:17 <lightningbot> Useful Commands: #action #agreed #help #info #idea #link #topic.
20:09:33 <rusty> Looking through the list there's nothing urgent.  Might be nice to discuss what people are working on, e.g. dual funding, offers, random routing?
20:10:25 <roasbeef> oy
20:10:44 <niftynei> That sounds like a plan. Open floor then. Does anyone have a topic, PR or issue they'd like to discuss?
20:11:15 <roasbeef> thanks for the latest comments on the ML rusty  re dynamic commitments
20:11:23 <ariard> right, what's the state of dual-funding?
20:11:50 <rusty> Oh, yeah, dynamic commitments FTW too!
20:12:12 <niftynei> sure, i can give a brief dual-funding update.
20:12:13 <roasbeef> i'm working on a stand alone docuemnt describing a protocol extension, trying to get away from editing the spec in-line, as it can be hard to review and also jsut see at a glance what's the "base" version of things
20:12:14 * bitconner pulls up a seat
20:12:37 <roasbeef> so it would be a more BIP-like stand alone doc, and ppl can say oh I implement "bolt exttension 0002" or w/e it's called
20:12:53 <roasbeef> hopefully should have the initila draft up, then we can go from there to iterate
20:13:04 <niftynei> the implementation is in progress, i'm looking to have a draft for the spec out as soon as the impl is done
20:13:05 <roasbeef> if no other q's on that, can give niftynei the floor to talk about dual funding
20:13:39 <rusty> roasbeef: yeah, cool.  I think it'll be fairy easy to implement, TBH.
20:14:45 <roasbeef> def, hoping also it can serve as a possible new template for spec extensions that're more de-sync'd and standalone, as we basically have a buncha if statements in the spec rn that can be hard (imo) for a new implementer to parse
20:15:03 <ariard> niftynei: does the spec is ready for another round of review?
20:15:23 <niftynei> does anyone have a link to the mailing list post on dynamic commitments handy?
20:15:47 <ariard> roasbeef: does this would scope the recent proposal for skipping channel confirmation
20:15:57 <ariard> this kind of stuff doesn't have to be part of the "hard" spec IMO
20:16:24 <roasbeef> ariard: i think yes and no, imo it should be in the spec given it may have considerations on the invoice, or what's sent in the payload
20:16:25 <ariard> niftynei: this https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-July/002763.html ?
20:16:38 <niftynei> #link https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-July/002763.html
20:16:42 <niftynei> ty!
20:17:00 <roasbeef> as rn it may not be explciit in the spec, but nodes out of the box don't allow zero conf channels from the get go
20:17:08 <niftynei> #topic dynamic commitments
20:17:39 <roasbeef> it may also be a chance to just start to using a pubkey rather than a chan id, since hte pubkey is set in stone, and using tlv we can provide that only to the final hop, then the final and true dest can use w/e protcol to decide which chan to dispatch on
20:17:46 <ariard> I read again the spec, it's really fuzzy on this, like doesn't explicitly forbid minimum_depth=0
20:17:53 <lnd-bot> [13lightning-rfc] 15rustyrussell opened pull request #798: DRAFT: Offers (06master...06guilt/offers) 02https://github.com/lightningnetwork/lightning-rfc/pull/798
20:17:59 <roasbeef> yeh it doesn't, but in practice I don't think anyone allows it
20:18:08 <ariard> but also onion payload should be flexible enough to let anyone play with them with all network supporting parsing
20:18:23 <roasbeef> but there're nodes out there that use it now for their services like phoenix and breez
20:18:41 <roasbeef> ariard: yeh, may just need some new invoice tag
20:18:56 <ariard> right, and they would like to standardize their services ?
20:18:56 <rusty> roasbeef: yeah, for onion messages I allow either scid or pubkey.  Though I've gone for 32-byte pubkeys...
20:19:05 <rusty> roasbeef: yeah, a new invoice feature bit?
20:19:08 <ariard> it's mostly a namespace issue post-tlv ?
20:19:14 <roasbeef> ariard: yeah, just so ppl know what's supported and expected
20:19:29 <roasbeef> ariard: i think so yeh, but has some spec implications as ppl need to know what the standard way of doing it
20:19:32 <roasbeef> and also the risks, etc
20:19:41 <roasbeef> rusty: yeh i think minimally that'd be enough
20:19:55 <roasbeef> simpler, as then there's no need to negotiate a special sid
20:19:57 <ariard> roasbeef: does the keysend/spontaneous payment thing should go in this proposed  spec extensible subspace
20:20:01 <roasbeef> sci? short channel id lol
20:20:14 <roasbeef> ariard: so i think that's better as a standlone doc, and extension like thing
20:20:23 <roasbeef> since it's just about how to interpret data which you can already transmit on the network now w/ tlv
20:21:00 <roasbeef> but there's also a meta topic here, w.r.t how the best way to evolve the spec in a "scalable" manner is, while also having the opportunity for ppl to document higher level application protocols
20:21:05 <ariard> and that's what you've in mind for the BIP-like stand alone doc, a repository of canonical onion payload or looser/stricter policies
20:22:05 <ariard> we have what 3 level ? core spec, custom payloads/policies and clearly experimentation?
20:22:31 <roasbeef> ariard: yeh, which are maybe linked from the main spec depending on the section and what's the "default", etc
20:22:38 <rusty> roasbeef: cdecker has thoughts on that.  He wants the separate rationale doc for each one, which I kind of agree with.  Though some stuff still has to be core, esp. if it's planned to obsolete existing stuff.
20:22:47 <roasbeef> rn we have of this in the wiki (which versions are used, etc), but it isn't very structured
20:23:34 <roasbeef> rusty: mhmm, like rn when someone goes to implement channel state machine for the first time, they'd presented w/ basically 3 diff ways to do it which can be confusing, not sure but just trying to put myself in the shoes of someone getting into this stuff for the first time
20:24:11 <roasbeef> also in this path there wouldn't just be some like mega doc for stuff like routing/forwarding which is a rather large space
20:24:51 <roasbeef> but i'll kinda loosely propose a format w/ the dynamic commitments spec draft, then we can take feedback from there to arrive on kinda a teplate
20:24:54 <roasbeef> template*
20:25:21 <rusty> roasbeef: yeah, go for it.  At worst, we end up merging it afterwards, but that's easier than mangling in place anyway.
20:27:04 <niftynei> sounds like we're really talking about a meta topic here, how to update the RFC structure to accommodate documentation for spec 'extensions'
20:27:54 <rusty> niftynei: even better, roasbeef just volunteered to do a trial balloon!
20:29:04 <ariard> niftynei: wrt to dual-funding, there is a slight issue where a counterparty propagate both a double-spend a dual-funded tx, effectively blocking you to CPFP it
20:29:44 <roasbeef> ok let's go to dual funding now?
20:30:20 <niftynei> #action roasbeef to trial balloon new 'bip-like' format for spec extensions with dynamic commitments
20:30:26 <niftynei> sure sgtm
20:30:32 <niftynei> #topic dual funding :tada:
20:31:12 <niftynei> im working on the implementation, ive got a few lnprototests done for one half of the protocol stuff, hoping to get the other half done by the next meeting
20:32:05 <niftynei> ariard, i'm not sure waht you mean by "where a counterparty propagate both a double-spend a dual-funded tx"
20:32:07 <rusty> Two Weeks(TM)
20:32:10 <roasbeef> oooooOOOo, lnprototests
20:33:05 <niftynei> yeah, there's an accepter + opener "side", the accepter side has two working prototests stuff -- honestly it's much nicer than the first draft of lnprototests that rusty had going
20:33:54 <rusty> The protocol is important because we can reuse it for shutdown / splice.  It's a generic tx negotiation protocol.
20:34:09 <ariard> niftynei: Alice commits 1 BTC, Bob commits 0.1 BTC in their dual-funding tx, they exchange signature, Bob propagate a RBF-disabled low-feerate double-spend of his 0.1 BTC
20:34:28 <niftynei> ok so the dual-funded tx won't get confirmed
20:34:41 <ariard> niftynie: Alice will broadcast the dual-funding, which would perevent her to double-spend back until it expires from her mempool
20:35:00 <ariard> niftynei: yes you block dual-funded tx propagation across network mempools
20:36:10 <roasbeef> ariard: why's that an issue? w/e gets confirmed first gets confirmed
20:36:13 <rusty> ariard: but Alice can also spend her way out when she gets sick of waiting?
20:36:13 <niftynei> that dual-funded tx is dead-on-arrival then
20:36:15 <roasbeef> which is why confs are nice
20:36:32 <niftynei> alice just spends her 1btc elsewhere ??
20:37:19 <ariard> rusty: assuming broadcast the funding tx in her mempool, her honest double-spend back will be rejected by her own mempool if it's not superior to funding_tx feerate/absolute fee
20:37:22 <roasbeef> the core thing here seems to be the "back out" shenanigans, so ppl doing set up then just bailing after they get w/e info they're after
20:37:30 <ariard> assumig she broadcasts
20:37:44 <rusty> ariard: sure.
20:37:48 <roasbeef> but re the pinning or double spend thing, doesn't seem like an issue assuming the channel isn't used til stuff confirms
20:37:59 <ariard> roasbeef: it's not a fund-loss risk, more I stuck your funds in mempool for nothing
20:38:09 <roasbeef> yeh it's a nuisance thing kinda
20:38:21 <roasbeef> but what does the perpetrator gain?
20:38:29 <roasbeef> they also end up wasting their time and chain fees
20:38:35 <niftynei> by stuck you mean subject to RBF, i'd assume
20:38:42 <ariard> yes a nuisance, better would be to have redundant tx broadcast, to avoid being obstrucated by your own mempool
20:39:01 <roasbeef> redundant tx being what?
20:39:10 <ariard> roasbeef: they may force you to loose more timevalues on your funds than him, as inputs might not be worth the same
20:39:10 <roasbeef> like some intermediate mult-sig output?
20:39:20 <niftynei> as long as alice set her sequence to be RBF'albe she'll always be able to spend that utxo input elsewhere
20:39:23 <roasbeef> ariard: sure a whale doesn't care I guess lol
20:39:56 <roasbeef> the real solution is to just burn all the mempool policy stuff to the ground
20:39:58 <ariard> roasbeef: sure, but few hours of funds pinned in the mempool is less liquidity in channels :)
20:40:00 <roasbeef> and use rbf everywhere
20:40:04 <roasbeef> kek
20:40:10 <roasbeef> full rbf*
20:40:11 <rusty> ariard: you can't simultaneously exchange sigs, so there's always a case where only one side can broadcast if malicious, right?
20:41:05 <ariard> rusty: sure simultaneously exchange sigs doesn't exist, but in fact exchange delta is inferior to tx-relay propagation on base layer
20:41:23 <ariard> so in practice even if malicious is second, you can beat the honest one by connecting to a lot of nodes
20:42:20 <ariard> I think that's a slight issue, and not much we can do, just to be aware of
20:42:28 <niftynei> im not seeing the harm here other than 'a few hours of theoretical liquidity not existing' which seems about the same as a channel peer falling offline, no?
20:42:37 <roasbeef> idk how much I'd be worried about something like this myself if I had a dual funded node, I think most implemetnations also have the ability now to preferenttially accept/reject inbound funding requests
20:42:54 <rusty> ariard: I don't think we want to require an extra tx for opening everywhere though.
20:42:57 <roasbeef> it also isn't costless, tho ofc "cost" is relative
20:43:03 <roasbeef> yeh mo txns mo bad
20:43:17 <ariard> a real question is the fee model of dual-funded, IIRC it's only RBF for now, there is no anchor outputs to let non-interactive fee-bumping?
20:43:37 <niftynei> no there are no anchor outputs on dual-funded open tx, it's all RBF
20:43:51 <roasbeef> that could be added, or the protocol sends out diff sig versinos fo bump, but that requires no_input for the commitments
20:44:01 <ariard> rusty: sure I agree not worth fees/blockchain space, loosing few hours of liquidity is okay for now, but in the future it might an important channel opening and just break your whole liquidity strategy for the day
20:44:10 <roasbeef> so you pre-sign like incrementing fee rate versions (this may already be in the draft, I'm out of date)
20:44:20 <roasbeef> we also def talked about this in adelaide too iirc
20:44:29 <roasbeef> years later....we're still talking about fees lol
20:44:30 <rusty> ariard: yes, which is why we need mempool to be more adversarial-safe.  In general this statement is true :)
20:44:43 <ariard> roasbeef: the ability to accept/reject inbounb assumes a key management policy ?
20:45:06 <roasbeef> ariard: idk if needs key management, but some sort of heuristics to gate off of
20:45:07 <ariard> rusty: I know, for now I'm just trying to inform core devs they should have a stable mempool policy: https://github.com/bitcoin/bitcoin/issues/19820
20:45:07 <niftynei> multiple feerate bands are not in draft, it's assumed you'd just go back and re-negotiate if the feerate changes (i.e. rbf)
20:45:18 <roasbeef> like: only accept from nodes that hav ebeen around for T period of time w/ N btc in chasn or somethign like that
20:45:21 <ariard> which is a philosophical change wrt to how they think p2p issues until now
20:45:50 <roasbeef> it's p2p, but at the end of the day, these are voluntary actions, and not all nodes are super well managed, tho that's getting better imo w/ better tooling, etc
20:45:58 <ariard> well they should have something like a policy, not policies-undocumented-across-versions-which-may-silently-break-LN-nodes
20:46:04 <niftynei> the 'preprint' (lol) dual funding draft is over here https://github.com/niftynei/lightning-rfc/pull/1, no guarantees it'll be the same in two weeks though lol
20:46:08 <niftynei> #link zv
20:46:10 <niftynei> #link https://github.com/niftynei/lightning-rfc/pull/1
20:46:20 <roasbeef> guard rails like that, also mitigate certain classes of attacks by making it harder to make wide spread connectiosn to exiting nodes
20:46:27 <roasbeef> you gotta work your way up basically
20:46:40 <ariard> roasbeed: I was just pointing we should adresss mempool/p2p issues at their level if we can, while minding if we can address at upper layers that might good too
20:46:44 <roasbeef> ariard: idk if it breaks nodes, but the error message can be used to explain some of the policy
20:46:54 <roasbeef> ah yeh, hard to keep track of all the convos rn kek
20:47:05 <niftynei> we'll probably be talking about fees in 2040 still lol
20:47:15 <ariard> roasbeef: for now we don't have any API stability of something like carve out
20:47:34 <roasbeef> yeh....one thing I've learned is never underestimate the complexity of fees w.r.t any sort of off-chain multi-party protocol
20:47:53 <roasbeef> member when we could just ignore it all together?
20:48:01 <roasbeef> those were the days....
20:48:09 <rusty> roasbeef: yeah, hide "and we ignore fees" in the preamble of your paper, and publish!
20:48:12 <ariard> niftynei: negotiating back assume interactivity which is not great
20:48:36 <niftynei> having a channel open assumes interactivity
20:48:38 <ariard> like your funds might be in a cold wallet, your fee model is wrapping on your key management setup
20:48:50 <roasbeef> rusty: lol yeah, "for simplicity of our model..."
20:49:17 <ariard> niftynei: yes, and that's maybe okay to do back-and-forth with your cold wallet but once it broadcasts, during the wallet round-trip feerate may change again
20:49:19 <roasbeef> niftynei: ariard if this is about rbf for fee bumping, why not just pre-sign N versions w/ increasing fee rates? that can be done in a single shot, but needs no_input as mentioned
20:49:38 <roasbeef> also, how are we even talking about rbf dual funding bumping w/o no_input? otherwise you need to sign commitment sigs again
20:50:06 <rusty> roasbeef: yeah, you basically start renegotiating to double-spend the first one.
20:50:20 <rusty> It's simple, and handles fee spikes.
20:50:22 <niftynei> the v1 of dual funding "rbf" is identical to "let's restart this discussion"
20:50:24 <ariard> roasbeef: so far, any off-chain multi-party protocols I've looked on has weird fee isssues, LN just opened the way
20:50:31 <roasbeef> niftynei: gotcha
20:50:50 <roasbeef> ariard: yeh seems to be a given now, something protocol designers need to always keep in mind from here on out
20:50:54 <ariard> roasbeef: hmmmm multiple RBF versions you blindly give your counterparty to overshoot in fees
20:51:07 <ariard> like taking the higher bound when feerare is low, and thus burning
20:51:10 <rusty> ariard: "Good news, everyone, we're pioneers!  Also, that's the bad news"
20:51:19 <roasbeef> ariard: heh there's that too, you'd basicaly need to decide what the upper bopund is, and if you're splitting, then everyone either pays more or less
20:51:33 <ariard> but that's okay if everyone is throwing in the pot the same prorata
20:52:20 <rusty> Current fees are paid by input and output weights, via simple formula.
20:52:23 <ariard> roasbeef: you right you need to sign for every commitment, so it's leaking further down in protocol pipeline
20:52:40 <roasbeef> leaking what?
20:52:48 <roasbeef> rusty: fsho makes sense
20:53:01 <ariard> roasbeef: funding_signed is only one commiment signature?
20:53:15 <niftynei> we've got about 10 minutes left before the meeting time ends, are there any other topics we should spend time on?
20:53:39 * rusty changes networks, BRB
20:54:56 <niftynei> i know rusty's been working on random routing + offers stuff, not sure if any of that is ready for discussion.
20:54:57 <ariard> in fact we don't need to agree on a anchor output for dual-funding? you can at wish output so just ensure you have one as a local node policy?
20:55:01 <roasbeef> other thing to mention on our end is that our 0.11.1 version will include the spec compliant anchors version
20:55:17 <roasbeef> which just means a slight change to the co-op close fee structure, and also using the "official" feature bit
20:55:32 <roasbeef> ariard: the anchor is essentially just your change addr right?
20:55:47 <ariard> roasbeef: exact
20:55:48 <roasbeef> niftynei: random routing meaning at the client path finding level/
20:55:52 <roasbeef> ?
20:56:04 <niftynei> oh. you can add whatever outputs you want to a interactive tx ... if you wanted an anchor output you could just add it
20:56:14 <ariard> roasbeef: btw, you should propose anchor as a BIP, I mean other protocols are going to re-use it :)
20:56:23 <ariard> like CoinSwap
20:56:44 <roasbeef> ah cool, yeh I can see it being a pattern used depending on the context for most off-chain stuff going forward
20:57:19 <ariard> it works for any dual-party protocols ? and I don't see anyone working on N-party protocol before no_input
20:57:25 <niftynei> roasbeef, yah rusty can say more but the high level is choosing random routes to reach a destination
20:57:53 <rusty> BTW our next release we decided not to activate anchors (outside --enable-experimental-features), as we don't have any code to CPFP yet, so it's just overhead.  Anyone want to change my mind?
20:58:00 <roasbeef> niftynei: gotcha, we _kinda_ do this rn, as we have an internal weighted graph where the weights now are a scaler score dervied from a proability of "success"
20:58:15 <roasbeef> gotcha yeh for us it's still behind a flag rusty
20:58:27 <roasbeef> we want to enabel by default w/ 0.12 hopefully after we add watch tower support and deadline aware fee bumping
20:58:35 <niftynei> ariard, the protocol is dual but it's written such that you'd be able to dual-fund multiple opens in the same tx
20:58:37 <rusty> roasbeef: nice!
20:58:48 <roasbeef> rn we also don't yet modify our fee estimate for the comitment trnasaction, but can start to low ball that more once we have the fee bumping in
20:58:58 <roasbeef> oh someoone did some cool analysis on our issue tracker re fee bumping
20:58:58 <roasbeef> sec
20:59:13 <roasbeef> realted to like what "fee function" to use for bumping and other hueritics
20:59:14 <niftynei> you'd still be opening 2-party channels tho, so that doesn't really change much
20:59:17 <rusty> roasbeef: yeah, I figure that mroe than balances the fee increase if done right.
20:59:34 <roasbeef> here it is: https://github.com/lightningnetwork/lnd/issues/4215#issuecomment-678177590
20:59:51 <ariard> niftynei: right, dual-funding is 2-party even if you can run it in parallel with multiple-parties, you only have 2 roles
20:59:56 <roasbeef> and a fancy jupyter note book: https://colab.research.google.com/drive/10O0pi_7YR9ZaZB6yUAdcsocFGPpKADER?usp=sharing
21:00:04 <roasbeef> w/ 3d graphs n stuff
21:00:16 <niftynei> #link  https://github.com/lightningnetwork/lnd/issues/4215#issuecomment-678177590
21:00:23 <niftynei> #link https://colab.research.google.com/drive/10O0pi_7YR9ZaZB6yUAdcsocFGPpKADER?usp=sharing
21:00:28 <niftynei> faaancy
21:00:42 <roasbeef> this is related to the problem of: "when do we bump, how do we target the size of the next bump, how late in the deadline should we bump"
21:00:51 <rusty> roasbeef: pretty!!
21:01:05 <roasbeef> the initial model is still missing some params, but it is based on looking at historical data of what got into the chain, and then what the fee rate was where "n %" got in, etc
21:01:32 <roasbeef> the top level comment summarizes the initial findings, feel free to dig into the notebook for more info, and you can also fork/edit it I think to poke around more
21:01:49 <BlueMatt> roasbeef: it looks like that model doesn't consider any kind of feerate estimator which may change over time?
21:02:05 <roasbeef> yeh the limitations are stated at the end
21:02:08 <BlueMatt> just a pure "well, we guess a fee at the beginning, how should we bump" model? (just checking my understanding)
21:02:18 <roasbeef> yeh hard to factor that in right? since ppls fees will impact the estimator right?
21:02:36 <roasbeef> imo i want to live in a future where we almost never look at fee estiamtors, and just low ball then bump up, taking into account past info of attempts
21:02:43 <BlueMatt> depends on the estimator....some of them look at the mempool, some less so.
21:02:46 <roasbeef> as they're so prone to manipulation
21:02:56 <roasbeef> at least the default type used in bitcoind and elsewhere
21:03:05 <BlueMatt> heh, well thats why core's doesnt really look at the mempool :)
21:03:21 <roasbeef> orly? has it chagned recently ?
21:03:31 <BlueMatt> it never (really) did
21:03:35 <roasbeef> i thought it looked at the percentile that confirmed at a given fee rate taking into account "wait time"
21:03:38 <ariard> darosior is trying to write decent documentation around
21:03:46 <roasbeef> which means looking at the mempool w.r.t when it "arrived"
21:03:51 <BlueMatt> it does, but only marginally at the edge, i believe its about the only fee estimator that tries hard to not look at the mempool
21:04:02 <BlueMatt> sure, it looks at "things which were in my mempool which got into blocks"
21:04:10 <BlueMatt> note that last part is what makes it relatively hard to manipulate
21:04:21 <roasbeef> BlueMatt: yeh there's an assumption of some starting point (fee guess the fee), fee estimation and historical data coul dbe used as an achor, it assumes we no longer try to thread the needle w.r.t exact conf delays
21:04:26 <BlueMatt> (the first is required also to prevent manipulation in a different way)
21:04:51 <BlueMatt> ok, just checking my understanding, cool work.
21:05:01 <ariard> core fee estimator is sorting txn across feerate bucket and when a block confirm, kinda score feerates
21:05:12 <ariard> something something like this
21:05:27 <ariard> and reorg-safe/mempool-resizing safe
21:05:29 <roasbeef> gotcha, seems it's changed a bit since I looked at it last a while ago, will refresh my mental model of it
21:05:32 <BlueMatt> (other approaches, eg, whatthefee.io are much more accurate, but of course easier to manipulate)
21:05:50 <BlueMatt> roasbeef: nah, it *always* avoided looking too hard at the mempool. since first merge iirc.
21:06:10 <roasbeef> but my manipulation I mean like the effect we see where someone using really high fes to make some arb play affects everyone else's estimation that blindly targets a short term conf target
21:06:19 <roasbeef> imo it looks at the mempool in sofar as it wathces "delay"
21:06:30 <roasbeef> as it's based on its view of "what got in"
21:06:37 <BlueMatt> ah, well everything is manipulable if you want to get into the next block, but is it really manipulation if its true :p
21:06:38 <roasbeef> but ofc if it never saw something, then it can't use that as a data point
21:06:43 <roasbeef> kek
21:07:01 <ariard> roasbeef: do you mean network-wise or targeted node manipulation?
21:07:27 <roasbeef> I mean like "the observer effect"
21:07:53 <ariard> we could model the cost of such fee inflation attack and default mempool size (300MB) to know how much it would cost
21:08:43 <ariard> I see, heisenbug applies to fee-estimation
21:08:46 <rusty> AFAICT, you can use OOB feepays to drive apparent fees to great heights while not taking a loss (i.e. not having to stuff blocks yourself) and let feerate estimators run wild then profit.   Only real miner decentralization helps against this AFAICT?
21:09:10 <roasbeef> cool chat y'all, will follow the rest in logs, off to lunch!
21:09:30 <rusty> roasbeef: thanks, later!
21:09:32 <BlueMatt> rusty: I believe in terms of OOB fee attacks, the best you can do is drive *down* estimators (as it appears to outside observers that the prevailing fees are lower)
21:10:06 <BlueMatt> rusty: *however*, if you allow txn which were not in your mempool when they confirmed to effect your estimator, then, indeed, you could, but this is why core requires both "was in my mempool" and "got confirmed" :)
21:10:18 <ariard> BlueMatt: but driving them down means relying on what you effectevely see in your local mempool ?
21:10:34 <rusty> BlueMatt: indeed.
21:11:05 <BlueMatt> (I do not know what other estimators do, my understanding is that they roughly just look at the current mempool, so, are way more manipulable than this)
21:12:00 <ariard> rusty: I'm not even sure miner decentralization prevents one power-miner to add huge fees to himself?
21:12:17 <rusty> BlueMatt: No, wait.  You fill your blocks with OOB txs, plus top 10% from mempool.  This drives core's estimate up.  Keep repeating (assuming demand enough to cause a fee spike)
21:12:58 <rusty> This is the trivial "reduce blockspace to drive fees" but you don't have to pay as much for it, since you are getting some fees.  Assuming txs with OOB are *not* in mempool.
21:13:00 <ariard> so it sounds if you want to be secure against manipulation of your local mempool you need background-check against blocks, while minding block feerate can't be trusted
21:13:08 <BlueMatt> rusty: if the txn were in the mempool, then the attacker runs the risk of paying other miners the fees for said txn (which, my point above stands, you're not manipulating so much as just increasing the fees by paying)
21:14:10 <BlueMatt> if the oob txn have lower fees, and you're taking oob payments to "virtually increase" the fees, then you're driving the estimator down, but probably not actually working
21:14:38 <BlueMatt> the current estimator says "at what feerate did transactions take longer than X blocks to get confirmed"
21:14:39 <ariard> your local fee estimator should discard blockspace not previously seen in local memmpool, that's all?
21:14:39 <rusty> BlueMatt: not if the txs are not in the mempool. Core ignores them, only sees the expensive ones.
21:14:43 <BlueMatt> where X is the target you set.
21:15:20 <BlueMatt> rusty: ah, right, so core isnt looking at what the common/median/whatever feerate is, its looking at what the lowest is.
21:15:44 <BlueMatt> so even if every block is 95% billion-bitcoin fees, it'll happily pay less as long as lower fee is getting confirmed reliably
21:15:52 <niftynei> we're 15min over time, i'm going to go ahead and endmeeting
21:15:57 <rusty> Anyway, we're kinda off-topic.  Anyone have something lightning stuff? :)
21:15:57 <niftynei> #endmeeting