Open Crypt-iQ opened 1 year ago
Can you clarify in what scenario that would happen? If I understand correctly, you would receive a replayed packet only if one of the previous nodes is malicious, right? Isn't it then completely ok to send them a garbage error (instead of leaking information about the fact that you've detected their replay)?
It could also be if a node isn't malicious and is accidentally replaying a packet -- this happened here https://github.com/lightningnetwork/lnd/issues/5792#issuecomment-930805556. If we were to use a replay-specific code it would've helped to identify the issue sooner. Replays could also happen if a node is malicious though, but in the malicious case, I don't think we're leaking anything that they don't already know. I think it would be good if the spec advised on what to do here rather than each impl rolling their own thing
There's not currently a defined
failure_code
to send back when we receive a replayed packet. In LND, we send back anupdate_fail_malformed_htlc
, but there's nothing malformed about the packet. We may not even need to introduce a new code if we can agree on an existing code to send back