From 26f51a211ac09f76ed2eee16d5938638b6552dcf Mon Sep 17 00:00:00 2001 From: Antoine Poinsot Date: Wed, 29 Sep 2021 16:55:02 +0200 Subject: [PATCH 1/3] messages: move transactions pre-signed feerate specs to transactions.md --- messages.md | 12 ------------ transactions.md | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/messages.md b/messages.md index 9968ee6..c2e3c54 100644 --- a/messages.md +++ b/messages.md @@ -176,17 +176,6 @@ loss of funds. Acting as a cache in place of -example given- a p2p network, the information stored on the coordinator is transient. -All [revaulting transactions][revaulting_txs] (the cancel tx and both emergency txs) are signed -paying a fixed `22 sat/WU` feerate and using the `ALL | ANYONECANPAY` signature hash flag. This -is in order to reduce the funds burden on *each* of the watchtowers. - -The [unvault transaction][unvault_tx] is signed using a fixed `6 sat/WU` feerate. This is -a completely arbitrary value that was chosen to avoid blocking operations too early in case of -a huge load of transactions on the network and an increase of the mempools minimum feerate. -This transaction's fees can be bumped if not competitive (using the CPFP output) but -it will likely not be relayed if the mempools minimum feerate goes above `84 000 sat/kw` -until the Bitcoin network deploys [package relay][package_relay]. - ### Rough flow @@ -476,4 +465,3 @@ manager cosig_server [revaulting_txs]: transactions.md#cancel_tx [unvault_tx]: transactions.md#unvault_tx -[package_relay]: https://github.com/bitcoin/bitcoin/issues/14895 diff --git a/transactions.md b/transactions.md index bae3b80..a643969 100644 --- a/transactions.md +++ b/transactions.md @@ -43,6 +43,14 @@ The transaction which spends the [`deposit_tx`](#deposit_tx) deposit output, and unvault output spendable by the `N` stakeholders or the managers (along with the cosigning servers) after `X` blocks. +The Unvault transaction is signed using a fixed `6 sat/WU` feerate. This is a +completely arbitrary value that was chosen to avoid blocking operations too early +in case of a huge load of transactions on the network and an increase of the +network mempools minimum feerate. +This transaction's fees can be bumped if not competitive (using the CPFP output) but +it will likely not be relayed if the network mempools minimum feerate goes above +`84 000 sat/kw` until [package relay][package_relay] is deployed on the Bitcoin network. + - version: 2 - locktime: 0 @@ -115,6 +123,12 @@ The CPFP output value is adjusted depending on the actual transaction size. The transaction which spends the [`unvault_tx`](#unvault_tx) `output[0]` using the N-of-N path and pays back to a deposit output (it is therefore another vault deposit transaction). +The Cancel transaction is signed using the `ALL | ANYONECANPAY` signature hash flag, to +allow watchtowers (or anyone else) to attach fee-bumping inputs. + +The Cancel transaction is signed at a fixed `22 sat/WU` feerate. This is in order to +reduce the funds burden on *each* of the watchtowers. + - version: 2 - locktime: 0 @@ -143,6 +157,11 @@ funds. They lock coins to what we call an EDV (Emergency Deep Vault): a script c by the participants and kept obfuscated by the properties of P2WSH, as the emergency transactions are never meant to be used. +Both Emergency transactions are signed at a fixed `22 sat/WU` feerate. + +Both Emergency transaction are signed using the `ALL | ANYONECANPAY` signature hash flag, +to allow watchtowers (or anyone else) to attach fee-bumping inputs. + The Emergency `scriptPubKey` is not known to the managers. @@ -218,3 +237,6 @@ Bypass tx spends the [`deposit_tx`](#deposit_tx) and pays to arbitrary addresses #### OUT Unspecified + + +[package_relay]: https://github.com/bitcoin/bitcoin/issues/14895 From 67058a740a0f8c7f0fa80f63457ac49700129848 Mon Sep 17 00:00:00 2001 From: Antoine Poinsot Date: Wed, 6 Oct 2021 14:28:10 +0200 Subject: [PATCH 2/3] transactions: fix an incorrect feerate --- transactions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/transactions.md b/transactions.md index a643969..01647b9 100644 --- a/transactions.md +++ b/transactions.md @@ -49,7 +49,7 @@ in case of a huge load of transactions on the network and an increase of the network mempools minimum feerate. This transaction's fees can be bumped if not competitive (using the CPFP output) but it will likely not be relayed if the network mempools minimum feerate goes above -`84 000 sat/kw` until [package relay][package_relay] is deployed on the Bitcoin network. +`24 sat/vb` until [package relay][package_relay] is deployed on the Bitcoin network. - version: 2 - locktime: 0 From 38b5fbf405d4018e036e7400ed41dc4055670cb4 Mon Sep 17 00:00:00 2001 From: Antoine Poinsot Date: Wed, 29 Sep 2021 18:48:52 +0200 Subject: [PATCH 3/3] transactions: increase Emergency feerate to 300sat/vb Fixes #86, although it's not an "insanely high feerate" as mentioned in the issue. The rationale for this was that WTs won't have a fee reserve dedicated to the Emergency fee bumping. We can use the reserve kept by watchtowers for bumping the Cancel, but it's only kept for active vaults. 300sat/vb is meant to be a sweet pot between: - too much reliance on WTs' reserves for the Cancel tx that they may not have (eg if most vaults are inactive) - incurring a too high barrier to entry (a larger feerate increases the minimum deposit value) and an Emergency cost (what % of funds are you ready to burn during an Emergency procedure? Supposedly 100% for game theory but hey) --- transactions.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/transactions.md b/transactions.md index 01647b9..e2e39d1 100644 --- a/transactions.md +++ b/transactions.md @@ -152,12 +152,12 @@ reduce the funds burden on *each* of the watchtowers. ## emergency_txs -Emergency transactions are used as deterrents against threats targetting stakeholders' -funds. They lock coins to what we call an EDV (Emergency Deep Vault): a script chosen -by the participants and kept obfuscated by the properties of P2WSH, as the emergency +Emergency transactions are used as deterrents against threats targeting stakeholders' +funds. They lock coins to what we call an EDV (Emergency Deep Vault): a script chosen +by the participants and kept obfuscated by the properties of P2WSH, as the emergency transactions are never meant to be used. -Both Emergency transactions are signed at a fixed `22 sat/WU` feerate. +Both Emergency transactions are signed at a fixed `75 sat/WU` feerate. Both Emergency transaction are signed using the `ALL | ANYONECANPAY` signature hash flag, to allow watchtowers (or anyone else) to attach fee-bumping inputs.