peerswap icon indicating copy to clipboard operation
peerswap copied to clipboard
verified publisher icon ElementsProject

[feature request] sanity checks for premium rates

Open xmrk-btc opened this issue 9 months ago • 2 comments

Please add some sanity checks to disallow setting premium rates which are not in node operator's interest.

  1. Check that SWAP_IN rate is negative or zero, and that SWAP_OUT rate is positive or zero. I saw one my peer doing exactly the opposite, his SWAP_OUT rate is negative, so he is paying people to "steal" his inbound liquidity. (Or maybe I am misinterpreting, but then my rates are wrong and sanity check would help me.)
  2. Check that BTC_SWAP_IN_rate + BTC_SWAP_OUT_rate > 0 , likewise for LBTC. This is to prevent peers from profiting by doing SWAP_OUT and then SWAP_IN of same amount. Possible inconvenience here is that if I have to first increase SWAP_OUT rate and then decrease SWAP_IN rate, doing it in reverse order could be disallowed by sanity check. So include such hint about the order of operations in the error message.
  3. Maybe check that BTC_SWAP_IN_rate + LBTC_SWAP_OUT_rate > boltz_rate_for_lbtc_pegout. This is to prevent peers from doing LBTC swap-out, peg-out at boltz, and doing swap-in with obtained BTC. Maybe just use constant like 1000 ppm for boltz_rate_for_lbtc_pegout.
  4. Maybe check that LBTC_SWAP_IN_rate + BTC_SWAP_OUT_rate > 0. Prevents peers from doing BTC swap-out, peg-in those BTC (which is free, hence 0), and then LBTC swap-in.

xmrk-btc avatar Jul 30 '25 17:07 xmrk-btc

Thanks for opening the issue. Your point about the risk of mis-configuring the premium rate is well taken, and the concrete examples you provided make the potential impact very clear.

That said, PeerSwap is meant to be a reference implementation of the peerswap protocol, and I feel that adding a hard sanity check at this layer is out of scope. Negative premium rates are allowed by the spec, and some node operators may have valid reasons to use them—for example: • promotional campaigns • other creative strategies

Because of that, I think the right place for guardrails is in UIs or management tools that can tailor safeguards to each user’s needs and level of expertise.

@wtogami @grubles , do you have any thoughts to add?

YusukeShimizu avatar Aug 04 '25 07:08 YusukeShimizu

Yeah I think I lean more towards being hands-off here because, as Yusuke mentioned, there may be legitimate reasons we haven't thought of yet for node operators to set fee rates creatively.

Maybe a node operator is interested in building a stockpile of L-BTC for whatever reason, maybe to prepare for future mainchain fee spikes, and sets their fee rates to incentivize that. Or vice versa, maybe a node op wants to offload L-BTC in favor of BTC so they can open new channels.

grubles avatar Aug 04 '25 23:08 grubles