Open morehouse opened 2 months ago
The trade off here is "address inflation" (which is why we cache the address in the first place). If each attempt got a new change address, then we'll quickly start to exceed the default "look ahead" distance for address rescans, which can make it difficult for users to recover from seed (need to set a distance of 10k, etc).
Address inflation is nice to avoid, but note that the current code does not prevent it entirely. It can still happen when BumpFee
is used, or if a counterparty's competing transaction confirms instead of ours.
We can limit the amount of address inflation while eliminating reuse by:
Failed
or Swept
event. If we get a Failed
event, we can reuse that change output.
When the sweeper generates multiple input sets for sweeping in a single block, it uses the same change address for all of them.
https://github.com/lightningnetwork/lnd/blob/9d358bc64934caef724108fc9704097db31658c4/sweep/sweeper.go#L796-L817
The change address is not updated until after the current wave of sweeps have been executed and one of the transactions has been successfully published.
https://github.com/lightningnetwork/lnd/blob/9d358bc64934caef724108fc9704097db31658c4/sweep/sweeper.go#L1686-L1707
For better privacy, each transaction should get a unique change address.