On Mon, Oct 16, 2023 at 7:21 PM Peter Todd via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> I think if you want people to understand this exploit, you need to explain in 
> more detail how we have a situation where two different parties can spend the 
> same HTLC txout, without the first party having the right to spend it via 
> their knowledge of the HTLC-preimage.

The two main ways of spending an "offered" HTLC txout:
1)  With a presigned multisig covenant transaction paying to the
offerer (a.k.a HTLC-timeout transaction)
2)  With a preimage and the receiver's signature

Since option 1 uses a presigned covenant held by the offerer, only the
offerer can spend via that path.
Since option 2 requires the receiver's signature, only the receiver
can spend via that path.

The exact script used is here:
https://github.com/lightning/bolts/blob/master/03-transactions.md#offered-htlc-outputs.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Reply via email to