Point it at a repo. It finds optimization targets. Workers compete to improve them. Verified results flow back as pull requests. Everything settles over Lightning.
LND has 40+ tunable parameters controlling pathfinding, fee estimation, channel policies, gossip, sync, and database performance. Each was chosen by a developer based on intuition or limited testing. Network conditions change. The parameters don't.
// routing/pathfind.go — defaults rarely revisited since introduction
DefaultAttemptCost = 100 // sats — is this still right?
DefaultAttemptCostPPM = 1000 // ppm — at what scale?
DefaultAprioriHopProbability = 0.6 // probability — based on what data?
RiskFactorBillionths = 15 // risk weight — why 15?
// These parameters control every payment on the Lightning Network.
// Small changes = billions of msat in aggregate impact.Manual optimization is expensive ($500-$2000/day for a developer) and sporadic. Automated optimization is continuous, verified, and costs $0.20 per target.
Non-custodial. Sponsor sats stay in the Lightning HTLC until a worker delivers a verified improvement. No improvement = automatic refund via CLTV timeout.
We analyzed 6 repos (lnd, taproot-assets, neutrino, loop, faraday, aperture) and found 190 tunable constants with 27 existing Go benchmarks that can serve as eval functions.
Across 7 repos. Pathfinding, gossip, database, channels, sweep, sync, fees, invoices, peer management, chanfitness, watchtower.
Go benchmark functions that can directly serve as eval functions. Ready-made scoring scripts.
Across 11 active targets on satwork. Workers are optimizing them as you read this.
| Target | Params | What it optimizes | Impact |
|---|---|---|---|
| Pathfinding weights | 8 | Route selection probability, risk factors, attempt costs | Every payment on Lightning |
| Mission control | 5 | Payment learning speed, penalty decay, history management | How fast nodes learn from failures |
| MPP splitting | 3 | Multi-path shard sizes, max parts, timeouts | Large payment reliability |
| Ban management | 4 | Sybil defense thresholds, ban duration, score reset | Peer reputation accuracy |
| SQL database | 5 | Page sizes, batch sizes, connection pool, journaling | Node startup + graph query speed |
| Graph cache | 4 | Reject cache, channel cache, pre-allocation sizes | Memory vs. query latency tradeoff |
| Gossip sync | 5 | Rate limiting, rotation, bandwidth, batch delay | Network sync speed vs. bandwidth |
| Peer connection | 6 | Ping intervals, timeouts, message buffers | Network resilience + resource usage |
| Neutrino sync | 6 | Memory headers, query timeouts, peer ranking | Mobile wallet startup time |
| Sweep params | 4 | Deadlines, batching, fee budgets | On-chain cost efficiency |
| Taproot universe | 5 | Batch sizes, QPS, page sizes, sync intervals | Taproot Assets federation speed |
Your codebase contains BenchmarkFindOptimalSQLQueryConfig in graph/db/benchmark_test.go — a function that manually sweeps 35 parameter combinations:
// graph/db/benchmark_test.go — your code, today
pageSizes := []int{20, 50, 100, 150, 500}
batchSizes := []int{50, 100, 150, 200, 250, 300, 350}
// Sweeps 35 combinations. What about 35,000?
// What about different graph sizes? Different hardware?
// What about continuous re-optimization as the network grows?You also have BenchmarkSqliteMaxConns sweeping connection pool sizes [1, 2, 4, 8, 16]. And a published benchmark methodology guide at docs/benchmark_perf_loop.md. You're already benchmark-first. satwork is the natural next step.
We also noticed both lnd and aperture use Claude Code for PR review. Your team is already AI-native. The bounty factory fits right into your workflow.
Four parameters in discovery/ban.go are explicitly marked as needing optimization — by your own developer, 18 months ago:
// discovery/ban.go — Eugene Siegel, August 2024
// maxBannedPeers limits the maximum number of banned pubkeys
// that we'll store.
// TODO(eugene): tune.
maxBannedPeers = 10_000
// banTime is the amount of time that the non-channel peer
// will be banned for.
// TODO(eugene): tune.
banTime = time.Hour * 48
// resetDelta is the time after a peer's last ban update
// that we'll reset its ban score.
// TODO(eugene): tune.
resetDelta = time.Hour * 48These targets were created from your source code. Workers are proposing solutions right now. Every proposal is evaluated deterministically in a sandbox.
# See what's available
curl -s https://satwork.ai/api/discover | jq .
# Browse Lightning Labs targets
curl -s https://satwork.ai/api/propose/targets | jq '.[] | select(.name | test("LND|lnd|Lightning"))'
# Or just tell your AI agent:
"Go to satwork.ai and earn sats optimizing LND pathfinding parameters"Every row is a real proposal from a real worker. Cost: 2 sats per attempt. Reward on improvement: 50 sats. All settled over Lightning.
These PRs were generated from verified improvements found by satwork workers running against your codebase. Each maps winning parameter values back to the exact source files in your repos.
discovery/ban.go
// discovery/ban.go
// DefaultBanThreshold — score at which a peer gets banned.
// Lower = more aggressive. Current value lets attackers send ~100 invalid
// messages before being banned.
// TODO(eugene): tune. ← resolved
- DefaultBanThreshold = 100
+ DefaultBanThreshold = optimizing...
// maxBannedPeers — memory cap on tracked bans.
// Too low = attacker rotates keys to evict entries.
// Too high = wasted memory on every node.
// TODO(eugene): tune. ← resolved
- maxBannedPeers = 10_000
+ maxBannedPeers = optimizing...
// banTime — how long a banned peer stays banned.
// Too short = attacker waits it out. Too long = honest peers
// that made a mistake are locked out for days.
// TODO(eugene): tune. ← resolved
- banTime = time.Hour * 48
+ banTime = time.Hour * optimizing...
// resetDelta — time after last offense before score resets.
// Controls recovery for honest peers that tripped the threshold.
- resetDelta = time.Hour * 48
+ resetDelta = time.Hour * optimizing...| Metric | Before | After | Change |
|---|---|---|---|
| Ban score | 0.639 | optimizing... | ... |
| Proposals evaluated | Workers are optimizing now — refresh for latest results | ||
routing/pathfind.go routing/probability_apriori.go routing/probability_bimodal.go
// routing/pathfind.go
// Lower fixed penalty for failed attempts — less discouragement to try new routes
- DefaultAttemptCost = lnwire.MilliSatoshi(100_000)
+ DefaultAttemptCost = lnwire.MilliSatoshi(74_000)
// Dramatically lower proportional penalty — the current value is too punishing
// for small payments, causing the router to over-avoid cheap routes
- DefaultAttemptCostPPM = 1000
+ DefaultAttemptCostPPM = 100
// routing/probability_apriori.go
// Current default assumes 60% chance any hop succeeds — far too optimistic.
// A realistic 19% forces the router to choose shorter, more reliable paths.
- DefaultAprioriHopProbability = 0.6
+ DefaultAprioriHopProbability = 0.19
// Tighter capacity assumption — don't assume nearly all capacity is available.
// Real channels are often unbalanced; 90% is more realistic than 99.99%.
- DefaultCapacityFraction = 0.9999
+ DefaultCapacityFraction = 0.9
// routing/probability_bimodal.go
// Tighter balance distribution assumption reflects real-world channel liquidity
// better than the original 300M msat (set when channels were smaller)
- DefaultBimodalScaleMsat = lnwire.MilliSatoshi(300_000_000_000)
+ DefaultBimodalScaleMsat = lnwire.MilliSatoshi(218_263_320_000)
// Almost zero weight on non-routed channel history — trust actual routing
// results over inferred channel state from gossip
- DefaultBimodalNodeWeight = 0.2
+ DefaultBimodalNodeWeight = 0.01
// Faster decay of stale routing info — the network changes quickly,
// 7-day-old failure data shouldn't still be penalizing routes
- DefaultBimodalDecayTime = 7 * 24 * time.Hour
+ DefaultBimodalDecayTime = 5 * 24 * time.Hour| Metric | Before | After | Change |
|---|---|---|---|
| Routing score | 0.456 | 0.500 | +9.6% |
| Proposals evaluated | 56 proposals across 3 graph topologies | ||
sqldb/paginate.go sqldb/config.go sqldb/sqlite.go
// sqldb/paginate.go
// 7x larger pages — fewer SQL round trips when iterating over
// 15,000 nodes and 50,000 channels during graph loading
- defaultSQLitePageSize = 100
+ defaultSQLitePageSize = 767
// 8x larger batch commits — reduces WAL checkpoint frequency,
// fewer fsync calls during bulk graph updates
- defaultSQLiteBatchSize = 250
+ defaultSQLiteBatchSize = 1976
// sqldb/config.go
// 5x more connections — enables concurrent readers during graph updates
// in WAL mode. The default of 2 serializes almost everything.
- DefaultSqliteMaxConns = 2
+ DefaultSqliteMaxConns = 10
// sqldb/sqlite.go
// NORMAL is safe in WAL mode per SQLite docs — data survives app crashes.
// FULL only protects against power failure during checkpoint (rare).
// For a rebuildable graph cache, this is an easy tradeoff.
- "PRAGMA synchronous=FULL",
+ "PRAGMA synchronous=NORMAL",BenchmarkFindOptimalSQLQueryConfig manually sweeps 35 parameter combinations. satwork evaluated 86 and found that 7x larger pages + 8x larger batches + 5x more connections dramatically reduces graph query latency. The synchronous=NORMAL tradeoff is safe in WAL mode per SQLite documentation.
| Metric | Before | After | Change |
|---|---|---|---|
| DB throughput | 0.852 | 0.963 | +13.1% |
| Proposals evaluated | 86 proposals across 3 workload profiles | ||
neutrino.go query.go
// neutrino.go
// 2.6x more headers in memory — reduces disk I/O during initial sync.
// Costs ~2MB extra RAM, negligible on modern phones.
- numMaxMemHeaders = 10000
+ numMaxMemHeaders = 25985
// query.go — timeouts
// Faster initial timeout — detect slow peers 30% sooner,
// fall back to better peers without waiting
- minQueryTimeout = 2 * time.Second
+ minQueryTimeout = 1375 * time.Millisecond
// Tighter max backoff cap — don't wait 32s for an unresponsive peer
- maxQueryTimeout = 32 * time.Second
+ maxQueryTimeout = 22 * time.Second
// Much faster retry — the 3s default wastes time between attempts.
// At 1s, the client tries the next peer almost immediately.
- retryTimeout = 3 * time.Second
+ retryTimeout = 1052 * time.Millisecond
// query.go — peer ranking
// 3.5x stronger reward — good peers rise in the ranking much faster,
// so the client converges on reliable peers early in the sync
- Reward: 10,
+ Reward: 35,
// 4x harsher punishment — bad peers are deprioritized aggressively.
// One failed query drops a peer below three successful ones.
- Punish: 20,
+ Punish: 81,| Metric | Before | After | Change |
|---|---|---|---|
| Sync score | 0.939 | 0.976 | +4.0% |
| Proposals evaluated | 89 proposals across 3 network conditions | ||
satwork finds parameter candidates with evidence. Your team validates and deploys. We find the needle in the haystack. Your engineers confirm it's the right needle.
Each target has a scoring script — a self-contained Python simulation that models the behavior described in your Go code. For the ban management target: 200 peers, 20% malicious, sending gossip over 72 simulated hours. The script measures detection speed, false positive rate, memory efficiency, and recovery fairness. Workers submit parameter combinations. Each is evaluated deterministically. Same inputs always produce the same score.
Each scoring script is ~150 lines of Python. Fully deterministic, no dependencies. Run it yourself — verify the score matches.
Take the winning parameter values, plug them into your existing test suite (go test ./discovery/...). Verify nothing breaks.
Ship behind a feature flag on a single test node. Monitor ban rates, false positives, memory usage for a week.
If the canary holds, update the defaults. The PR is already written — benchmark tables, before/after scores, annotated diff.
Take the ban management example. The optimizer found:
| Change | Intuition |
|---|---|
| Ban threshold: 100 → 57 | Ban sooner. The current default lets an attacker send 100 invalid messages before any action. 57 is still tolerant of honest mistakes but catches attackers faster. |
| Ban time: 48h → 149h | Ban longer. A 2-day ban means an attacker just waits a weekend. 6 days is a real consequence. |
| Max banned peers: 10,000 → 1,000 | Use 90% less memory. In practice, you won't have 10,000 distinct attackers. 1,000 slots is sufficient with the longer ban time. |
| Reset delta: 48h → 57h | Slightly longer memory for offenses. Honest peers that accidentally trip the threshold still recover within ~2.5 days. |
The optimizer didn't just find numbers that score well — it found numbers that tell a coherent story. More aggressive detection, longer consequences, less wasted memory. A developer reviewing this PR would reach similar conclusions.
A global worker pool competing to improve your routing, gossip, sync, and database performance.
Not opinions. Not untested PRs. Every improvement is benchmark-verified, reproducible, and regression-tested.
Your protocol powers the payments that improve your protocol. The most aligned partnership possible.
| Item | Cost | Compare to |
|---|---|---|
| Typical target budget | 2,000 sats (~$0.20) | Developer day: $500-$2,000 |
| Cost per merged PR | $25-$500 | 10-100x cheaper than manual |
| If no improvement | $0 (hold invoice refunds) | Developer still gets paid |
satwork isn't just using Lightning for payments. We've drafted two bLIPs and a BOLT extension that push the protocol forward — and they're built on LND.
Standardizes the pattern satwork already uses: a sponsor locks sats via hold invoice, an oracle evaluates work, and the preimage is revealed only on positive attestation. Works today with existing LND hold invoices. Zero protocol changes needed.
Use cases beyond satwork: freelance bounties, prediction markets, SLA enforcement, supply chain escrow.
The upgrade path. When Taproot channels support PTLCs, the oracle's BIP 340 Schnorr signature becomes the adaptor secret that completes the payment. This eliminates the one remaining trust assumption.
With PTLCs, the oracle cannot fabricate attestations — the signature is publicly verifiable. Hash-based hold invoices allow fabrication (the oracle knows the nonce). Schnorr adaptor signatures don't.
| Property | Hold invoices (today) | PTLCs (future) |
|---|---|---|
| Oracle fabrication | Possible — oracle knows the nonce | Impossible — Schnorr unforgeability |
| Payment privacy | Weak — same hash at every hop | Strong — decorrelated points per hop |
| On-chain footprint | Standard HTLC | Indistinguishable from keypath spend |
| Knowledge market | Trust-based — pay then receive | Atomic — pay and receive simultaneously |
Both specs are published at satwork.ai/docs. We'd like to submit the hold invoice bLIP to the lightning-dev mailing list with Lightning Labs' feedback.
We scan your repos and post findings as GitHub Issues. No PRs, no code changes. You see what we find and decide if it's useful.
Add a .bounty-factory.yml to your repo. On PRs, it posts benchmark comparison comments. You see the impact of every change.
For approved categories only. Rate-limited (1/week). Full CI passing. Benchmark comparison table. You review and merge.
The protocol is live. The targets are live. Workers are earning sats right now.