Builder's Guide
  • Welcome to the Builder's Guide to the LND Galaxy!
  • The Lightning Network
    • Overview
    • Payment Channels
      • Lifecycle of a Payment Channel
      • Watchtowers
      • Understanding Sweeping
      • Etymology
    • The Gossip Network
      • Identifying Good Peers on the Lightning Network
    • Pathfinding
      • Finding routes in the Lightning Network
      • Channel Fees
      • Multipath Payments (MPP)
    • Lightning Network Invoices
      • Understanding Lightning Invoices
    • Making Payments
      • The Payment Cycle
      • Timelocks
      • ⭐Hashed Timelock Contract (HTLC)
      • Payment Etymology
      • ⭐What Makes a Good Routing Node
      • Understanding Submarine Swaps
      • Instant Submarine Swaps
    • Liquidity
      • ⭐Understanding Liquidity
      • Managing Liquidity on the Lightning Network
      • Liquidity Management for Lightning Merchants
      • How to Get Inbound Capacity on the Lightning Network
      • Lightning Service Provider
    • L402: Lightning HTTP 402 Protocol
      • Macaroons
      • L402
      • 📋Protocol Specification
      • Implementations and Links
    • Taproot Assets
      • Taproot Assets Protocol
      • Taproot Assets on Lightning
      • Edge Nodes
      • Taproot Assets Trustless Swap
      • FAQ
      • Glossary
  • Lightning Network Tools
    • LND
      • 🛠️Get Started
      • lnd.conf
      • First Steps With LND
      • Wallet Management
      • Sending Payments
      • Atomic Multi-path Payments (AMP)
      • Receiving Payments
      • Unconfirmed Bitcoin Transactions
      • Channel Fees
      • Inbound Channel Fees
      • Macaroons
      • Configuring Watchtowers
      • Pathfinding
      • Blinded Paths
      • Key Import
      • Secure Your Lightning Network Node
      • Configuration of a Routing Node
      • Quick Tor Setup
      • Configuring Tor
      • Enable ‘Neutrino mode’ in Bitcoin Core
      • Send Messages With Keysend
      • Partially Signed Bitcoin Transactions
      • Bulk onchain actions with PSBTs
      • Sweeper
      • Debugging LND
      • Fuzzing LND
      • LND API documentation
      • Channel Acceptor
      • RPC Middleware Interceptor
      • HTLC Interceptor
      • NAT Traversal
      • Recovery: Planning for Failure
      • Migrating LND
      • Disaster recovery
      • Contribute to LND
    • Lightning Terminal
      • What is Lightning Terminal?
      • 🛠️Get litd
      • Run litd
      • Integrating litd
      • Demo: Litd Speed Run
      • Connect to Terminal
      • Recommended Channels
      • Rankings
      • Health Checks
      • Liquidity Report
      • Opening Lightning Network Channels
      • Managing Channel Liquidity
      • Autofees
      • AutoOpen
      • LND Accounts
      • Loop and Lightning Terminal
      • Loop Fees
      • Pool and Lightning Terminal
      • Command Line Interface
      • Troubleshooting
      • Lightning Node Connect: Under the hood
      • LNC Node Package
      • LITD API Documentation
      • Privacy and Security
      • Privacy Policy
      • Terms of Use
    • Loop
      • 🛠️Get Started
      • The Loop CLI
      • Autoloop
      • Static Loop In Addresses
      • Instant Loop Outs
      • Peer with Loop
      • Loop API Documentation
    • Pool
      • Overview
      • Quickstart
      • 🛠️Installation
      • First Steps
      • Accounts
      • Orders and Asks
      • Sidecar Channels
      • Zero-confirmation Channels
      • Channel Leases
      • Batch Execution
      • Account Recovery
      • Pool API Documentation
      • FAQs
    • Taproot Assets
      • Get Started
      • First Steps
      • Taproot Assets Channels
      • Asset Decimal Display
      • Become an Edge Node
      • RFQ
      • Collectibles
      • Universes
      • Asset Loop
      • Debugging Tapd
      • Multisignature
      • Minting Assets With an External Signer
      • Lightning Polar
      • Operational Safety Guidelines
      • Taproot Assets API Documentation
    • Aperture
      • ⚒️Get Aperture
      • LNC Backend
      • LNC Mailbox
      • Pricing
    • Faraday
      • 🛠️Get Started
      • The Faraday CLI
      • Faraday API Documentation
  • LAPPs
    • Guides
      • Use Polar to Build Your First LAPP
        • Setup: Local Cluster with Polar
        • Setup: Run the Completed App
        • Setup: Run the App Without LND
      • Add Features
        • Feature 1: Connect to LND
        • Feature 2: Display Node Alias and Balance
        • Feature 3: Sign and Verify Posts
        • Feature 4: Modify Upvote Action
      • Make Your own LNC-powered Application
    • Next Steps
  • Community Resources
    • Resource List
    • Lightning Bulb 💡
    • Glossary
    • FAQ
Powered by GitBook
On this page
  • How to avoid loss of funds (short version, tl;dr)
  • How to avoid loss of funds (extended version)
  • Important note for Umbrel/Lightning Terminal users

Was this helpful?

  1. Lightning Network Tools
  2. Taproot Assets

Operational Safety Guidelines

Keep yourself and your Taproot Assets safe

PreviousLightning PolarNextAperture

Last updated 24 days ago

Was this helpful?

As of version v0.3.0-alpha, Taproot Assets can be used on Bitcoin's mainnet network. That means in any version after v0.3.0 there won't be any breaking changes and any assets minted with that version should be future-proof. But signaling readiness for mainnet does NOT mean that there won't be any bugs or that all planned safety and backup measures are fully in place yet.

Special care must be taken to avoid loss of funds (both assets and BTC)!

How to avoid loss of funds (short version, tl;dr)

In short, there is no recovery mechanism in place yet that allows you to recover assets from only the lnd seed. So if you lose your tapd's database, or it gets corrupted, you lose access to all assets minted or received by that tapd. In addition, you also cannot spend the BTC used to carry/anchor the assets.

To avoid loss of funds, make sure you back up your /home/<user>/.tapd folder regularly. If you are using a Postgres database as the database backend, it is enough to make backups of that database.

And of course, you also need lnd's seed phrase which is what all private keys for all assets in a tapd instance are derived from.

How to avoid loss of funds (extended version)

Because the Taproot Assets Protocol is an overlay or off-chain protocol, all data relevant to asset mints, transfers or burns are not stored in the Bitcoin blockchain itself. That means, if access to that data is lost, then the assets cannot be recovered by just using a wallet seed.

So-called Universes (public asset and proof databases) will help with storing and later retrieving that crucial off-chain data, but the mechanisms to query all required data by just using lnd's seed are not yet in place. See for more information.

What data do I need to back up

The following items should be backed up regularly (e.g. hourly or even more frequently depending on the number of users/transactions of a system):

  • If the default SQLite database is used: Then all data is in the files in the location <tapddir>/data/<network>/tapd.db* (usually tapd.db, tapd.db-wal and tapd.db-shm), where tapddir is the following by default, depending on your operating system:

    • Linux/Unix: ~/.tapd

    • MacOS: ~/Library/Application Support/Tapd

    • Windows: ~/AppData/Roaming/Tapd

    • Umbrel: ${APP_DATA_DIR}/data/.tapd

    • Or, if either the --tapddir or --datadir flags or config options are

    • set, then the file should be located there.

  • If a Postgres database is used: It is enough to create a backup of the database configured as --postgres.dbname flag or config option.

Optionally the copies of the proof files in <tapddir>/data/<network>/proofs can be backed up as well, but those are also all contained in the SQLite or Postgres database and are only on the filesystem for faster access.

Where are the private keys for assets stored?

The tapd database does not store any private key material. It exclusively uses lnd's wallet to derive keys for assets and their BTC anchoring transactions. The tapd database only stores the public key and derivation information in its database.

The following cryptographic keys are derived from lnd's wallet:

  • internal_key: The internal keys for BTC-level anchoring transaction outputs that carry asset commitments.

  • script_key: The raw key for asset ownership keys, by default used as BIP-0086 keys in the asset output.

Is it safe to restore from an outdated database backup?

Yes. Since there is no penalty mechanism involved as in Lightning, there is no additional risk when restoring an outdated database backup. But of course, if the database backup is out of date, it might not contain the latest assets and access to those could still be lost.

Is it safe to open the tapd RPC port to the internet?

There is normally no need to open the tapd RPC port (10029 by default) to the internet. Unless the intention is to run a public Universe server, then that is the port to expose. By default, all RPC methods (except for some non-sensitive Universe related calls) are protected by macaroon credentials.

There are three flags/config options that should be evaluated though:

  • --allow-public-uni-proof-courier: If set, then access to the Universe based proof courier methods is allowed without the requirement for a macaroon. That means, any other nodes can use this tapd instance to transmit transfer proofs from sender to receiver without needing any sort of permission credential.

  • --allow-public-stats: If set, then access to Universe statistics RPC calls are allowed without the requirement for a macaroon. This can be useful to directly pull statistics over the REST interface into any website.

  • --universe.public-access: If set, then proofs can be inserted and synced by other nodes. The difference between this flag and --allow-public-uni-proof-courier is that the first controls whether remote proofs should be allowed in general, while the second controls whether one needs an authentication token to do so.

Important note for Umbrel/Lightning Terminal users

If you are using Taproot Assets as part of the "Lightning Terminal" app inside Umbrel (or any comparable node-in-a-box solution), DO NOT UNDER ANY CIRCUMSTANCE uninstall (or re-install) the "Lightning Terminal" app without first making a manual backup of all local data of tapd. Uninstalling any app on Umbrel will delete that app's data. And in case of Taproot Assets, that data contains information needed to spend both the Taproot Assets AND the bitcoin that carry the assets. Just having the lnd seed phrase is NOT enough to restore assets minted or received.

#426