Okay, some implementation notes.
Tree Nodes Pay Fees
Obviously nVersion=3 > nVersion=2. And we will soon be able to have transactions pay 0 fee and still propagate, as long as it has an attached child transaction that pays for it.
However, for the implementation of SuperScalar, I intend that all tree nodes pay non-0 fee.
The big issue with 0-fee transactions is that they require exogenous funds to pay for them. And the goal of SuperScalar is to be able to onboard people, possibly people who do not have an existing UTXO they can use to pay exogenous fees.
Thus, I propose that tree nodes pay a small amount of fees. Because reaping a timeout tree means that the tree nodes will not exist and therefore will not pay the fees, the fees paid by tree nodes are recovered if the LSP reaps the UTXO without publishing the entire tree. The net effect is that tree node fees are default-paid by the LSP. The result is that the tree has endogenous fees.
As noted above, some tree nodes are state transactions that are modified. When modifying a node, we reduce the nSequence. In addition, we can also increase the feerate of that node. Thus, even in a high feerate environment, we have a minor assurance that the latest state version is the one that is most likely to confirm.
We can add P2A outputs to each tree node as well. However, by itself it is unsafe. Consider the following attack scenario:
- The LSP sells some inbound liquidity to a client within the SuperScalar mechanism. The effect is that there are two version of a leaf node, one which has more funds in the LSP side.
- The client uses that inbound liquidity, such that loss of the channel capacity is loss of funds.
- The LSP waits for a high-fee period.
- The LSP initiates a unilateral exit for the victim client, confirming tree nodes until the parent of the leaf containing the victim.
- The client attempts to broadcast the latest leaf node, but because it has no external funds, it cannot feebump the latest leaf node above the prevailing confirmable rate.
- The LSP waits for the previous leaf node to be broadcastable (it has a later
nSequencethan the latest one) and attaches a higher feerate to it via the P2A output. - The previous leaf node gets confirmed, the LSP claws back its funds, the client loses access to all its funds.
The above inducts over every state transaction in the tree, thus we need to have state transactions without P2A outputs if we are worried about such an attack.
To protect against this, we can observe:
- Within the SuperScalar mechanism, all state transfers are of the form:
- fully owned by
L→ a channel between a clientAandL. - This is because the LSP sells inbound liquidity to clients. The LSP wants to ensure that all sales are final, in that it never refunds inbound liquidity that has already been sold.
- fully owned by
Within the SuperScalar mechanism, we do not intend to ever have the liquidity go back from the A-L channel to solely owned by L — as noted, once the LSP has sold some unit of inbound liquidity, it wants to not take back that liquidity and refund the client for the inbound liquidity.
What we can thus do is to recognize that all L-owned funds are unidirectional, they will always go down. So instead of having a “plain” L script, we can have the script <secret> | L.
Whenever we invalidate a leaf node (and if we change a non-leaf node, we also invalidate all children down to the leaf nodes) the LSP shares the <secret> of every L liquidity stock output of the OLD version to each client that signs off on the change. For the new version, the LSP generates a new secret for the L liquidity stock output. This can use the same shachain mechanism we already use for Poon-Dryja BOLT Lightning channels.
If the LSP uses the P2A output to confirm an older version during a high-fee environment, then the L outputs have an alternate <secret> path that the clients can use. The clients can then retaliate by burning the L output to miner fees. Thus, the LSP is incentivized to always ensure that the latest version of every state transaction gets confirmed before the older version can be broadcastable (because the clients also have a copy of the older version and can broadcast them for confirmation and subsequent burning of LSP funds).
With this, we can have P2A on all tree nodes as well, and incentive for the LSP to always assist in confirming the latest version of a tree node if a client wants to unilaterally exit.