Example of a problematic scenario with timeout trees

There’s been a lot of hand-waiving about timeout trees over the last few days. The point here is just to present a concrete example of what someone might have in mind when they express skepticism.

Example

Let’s take todays valuation, to keep things simple.

1. Coordinator Carol takes 2 BTC, about $100k, and uses this to fund a binary tree with 4096 virtual lightning channels, each roughly $25 each. (So the tree has 13 or so levels, depending on how you count). Now I’m assuming somehow, Carol has been paid the equivalent of 2 BTC up front — she’s not giving everybody lightning channels for fun.
2. Carol then, at some point, goes offline.
3. Now everybody who has some fraction of the $25 worth of a virtual lightning balance which is unspendable, they are faced with a choice. A) They can do nothing, and hope Carol comes back online. B) Wait, and hope that someone else near to them on the tree unfurls a path and makes it a bit cheaper for them to bring their channel online. C) Try to go out into the world and get in touch with other users in order to split the costs of unfurling the tree. D) Appeal to some benevolent retaliator to pay to unfurl the entire tree, or E) Pay to unfurl the 13 branch path to their lightning channel, bring the channel on chain, and then force close the channel.
4. Now clearly, if we are in a fee environment where unfurling 13 CTV transactions, bringing a channel online, and then force closing the channel costs more than $25, option E) is not really worth it. So if each leaf is just by themselves, their best option is to just say good-bye to funds. Maybe they could pay $40 to make sure Carol doesn’t get it, but this doesn’t make sense from their individual perspective.
5. If Carol’s goal was a rug, she’s happy with anything she can get. Even if some benevolent actor unfurls all 8191 or whatever of the CTV branching transactions, the leaves must still bring the lightning channel on chain in order to put it out of Carol’s reach. Now suppose also Carol has constructed these CTV paths efficiently so that the sweepback transactions are cheap to run: For example, each sweepback transaction that becomes available after the expiry has multiple paths, each of which is a CTV transaction sweeping say, 2⁸ or 2¹⁰ transactions back into their wallet.
6. If the average cost of sweeping back any transactions to Carol is less than $25, she has positive incentive to do this. The only way Carol does not win here is that everybody, or nearly everybody, brings their lightning channel on chain, which will end being costly for everybody.

The worst thing Carol can lose is her reputation, unless of course she is identifiable in a jurisdiction with law and order then she might get sued for unjust enrichment or something. She received the 2 BTC when creating the tree, then paid the 2 BTC into channels, so worst possible scenario is that she can’t sweep any of it back. Note that if channels were used before she goes online, she has lost that value to external lightning channel partners, but if the users are to force close the channel, she gets that much back.

What is clear

1. In a completely custodial case, the custodian can go ahead and rugpull 100% of the funds and there is absolute zero that the end user can do about it. (Provided custodian can disappear into oblivion while laundering the profits back)
2. In the timeout tree, the coordinator can always try to rugpull, but the victim can then, at some cost, recover the funds.
3. If the cost to recover the funds is greater than the funds, the user may choose not to do this.
4. If the cost to recover the funds is less then the funds, the users will probably do this, and the result is a large pain for everybody, and no gain for Carol.
5. On the other hand, if the average cost of sweeping back the funds to Carol is less than the value in each channel, she can expect a profit out of the rugpull if some users end up not bringing the channels online.

To be clear, I’m not trying to make deep argument that covenants is garbage and trying to scale is dumb, but rather there are points that need be validated in conversations with the naysayers, these can’t be waived away with “incentives fix everything.”