iterate debt cheques prevention #2093
Description
From #1983:
Why would we disconnect from a node that sends us too much money? Surely, receiving too much money can only be good, right? I understand the context of this PR and how, when properly accounted for, receiving a cheque that is worth too much opens up the possibility for an attack. However, I believe we can solve this situation in a more elegant manner than a disconnect or putting the peer on a blacklist.
I propose to do the following when we receive a cheque that is worth too much: don't account for it properly :).
Assume Node A has a balance of -500 with node B, node B sends a cheque of 10000 to A. If we would properly account for this, node A would immediately respond with a cheque to B as 9500 is surely more than the payment threshold. But, if we instead just program the node to update the balance to 100 instead of 9500, there is no attack possible anymore. The amount
100can have the same value as whatChequeDebtTolerancehas now.If nodes are programmed to behave in this way, the attack is not possible anymore. In a normal situation, the situation above will not happen.
since we already have 2 approvals for this PR as-is, i suggest we open a different issue/PR for the solution you mention here.
i will merge the code in its current state as soon as i am able to, i.e. when
masteris fixed so that the CI passes.
Originally posted by @mortelli in #1983 (comment)