The Lightning Network is a trustless* Layer 2 network for Bitcoin and brings forth many improvements in speed and cost of final settlement. I use an asterisk on trustless because although it is, there are a few caveats to take into consideration so that your funds are safe, aside from normal hot wallet risks. Watchtowers, which we’ll cover today, ensure that your funds are safe from malicious channel closures, which is one of the main risks of running a well-capitalized Lightning node.
Lightning channels are currently constructed through setting up a two-of-two multisig address, in which your funds are locked up with another party. Either party has the secret to revoke the multisig contract and settle up at any time, but only if both nodes are online can it be closed immediately. If your node did go offline, the other party has to either wait for you to come back online or force close the channel. Now, force closing is not always a huge concern, especially if you're using the Lightning Network with peers that you trust already, but as the Lightning Network grows and its use cases expand, you’ll inevitably start interacting with peers whom you may not know, and so it's important to learn to defend your node against malicious closures.
If a malicious peer were to close a channel with a false balance state, and you don't come online to rebroadcast and claim the actual balance within enough time, they can get all of your funds in the channel. Watchtowers protect against this by keeping a running tab of your channel balances and defending against malicious closures. If a bad actor were to close a channel while you have a watchtower active on your Lightning node, they will instantly be penalized through what’s called a justice transaction instead of you, and you will get all of their funds instead of them getting yours.
This significantly reduces the operational risk of running a capitalized Lightning node in my opinion. While it does not necessarily reduce the risk of force closures on a crashed node with static backups and could still be an expensive incident to recover, at least this will protect your funds against malicious channel partners who may try to steal your funds if a hardware failure event were to occur.
Comments
Post a Comment