Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
any sender can initiate htlc claim
See original GitHub issueAccording to AIP 102 only the recipient of a HTLC lock should be able to initiate the claiming of the locked amount, i.e. the recipientId of the lock transaction and the senderPublicKey of the claim transaction must be equal.
Only a recipient CAN claim the htlc_lock transaction. Meaning htlc_claim senderPublicKey MUST match htlc_lock recipientAddress
Looking at the htlc-claim handler no such check appears to be in place - any senders claim transaction will be accepted and forged (given that the secret is correct).
I’ll try to confirm the above later today.
PS: I’d be happy to submit a PR if the above should be the case.
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Initially the plan was to only allow the recipient to claim. But some concerns were brought up during implementation that it might be too inflexible and better to allow anyone claim the lock similar to refund. So yes, it is by design and the AIP outdated. Will be updated accordingly!
Gotcha! Thanks for the follow up!