security: maker can lock taker funds

[moshababo]

Scenario:

• taker is paying the maker the 1st leg of the swap.
• maker receives the HTLC, but is shutting down and stops responding.

Outcome: taker funds are locked due to the pending HTLC (unless the maker will cancel the invoice), until the taker will force-close the channel on-chain.

[sangaman]

Is there anything we can do to prevent this? Also per #1049 (comment) I don't think unlocking the funds requires a force-close.

[moshababo]

Is there anything we can do to prevent this?

No AFAIK. @offerm?

[offerm]

For this case the taker should force close the channel and not use this peer again. Note that this can be done by any node along tge route and not just by the maker.

This should not be considered as a big problem since there is no risk of losing money and you can prevent that peer for the next payment

[kilrau]

Todo: documentation on how to resolve via force close

[sangaman]

I removed the critical bug label since there is nothing to be fixed (or to be done at all) in the xud codebase to prevent this - whoever sends payment first (in our case the taker) can have the recipient (maker) delay up to the HTLC expiration and that's just the way the network is designed. And this is not a risk of losing funds.

What we need to be sure we are doing is penalizing peers for this, this ties into the greater scheme of how we detect and deal with misbehaving peers.

As for force closing the channel, I believe that if that is necessary it is handled by lnd automatically - it does not require us to intervene to prevent loss of funds.