pull down to refresh
21 sats \ 4 replies \ @TonyGiorgio 13 Oct 2023 \ on: What could go wrong revealing a bolt11 preimage to a payer before they've paid? bitcoin
If you're revealing preimages, it means you are not securing preimages. You are exposing your payers to loss of funds, so by extension you're on the hook for that.
You also lose all ability to provide the user with proof of payment. You have to assume they made the payment to you. Software bugs exist and the funds can be stolen, so how are you going to check if a payment made it to you or not or if they lost funds or not when the payer already has the proof?
Would it be correct to say the motivation for the payee not revealing preimages are:
- preserving their proof of payment property
- protecting payers from loss of funds (which the payee becomes liable for)
Are there other reasons that I'm missing or are those the main ones?
reply
There's potentially something there with payers constructing their own route through you with that same preimage, reminds me of this: https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-October/002857.html
Browsing it again, there could also be something there with altering amounts and having it route through you, though I'm not sure if it would result in payee loss of funds. It might be uncharted territory since it's kind of a taboo thing to do.
reply
That's mostly what I was I looking for. Some confirmation that as a rule it shouldn't be done even if there may be exceptions.
I know preimages better now yay!
reply
Cool, great read. I’ll update the PR to only reveal the preimage once the invoice has been confirmed paid
reply