if attacker gets access to the node, why can it just run required queries to VLS to sign transactions he needs? Everything he needs for this should be on the node in one form or another
VLS normally asks the user to approve transactions, so it will refuse to sign if the user didn't initiate the action. And since the device running VLS holds the LN keys, the node will not be able to independently sign the transactions (unlike a blind signer which would be open to the exploit you describe)
reply
Thank you for answer! Follow up about scaling, afaik in a typical ln node quite a lot going on, that require sig ops - htlc, commitments, etc. Is user input required for all of this?
reply
The devs building VLS into their Lightning apps will be able to configure which actions do/don’t require user input.
They may also provide optional velocity controls which will allow routine payments to known destinations up to a limit (per hour/day/week/etc) defined by the user
reply