In this case, the attacker would still be paying for the attack, and the assumption is that this would be sufficient to deter them from even trying. However, the risk of losing funds to an attacker is still present. If an attack results in even a small loss for an intermediary, the attacker can repeat the attack and siphon all of LOW-REP's funds. The proposal is not fully trustless, but it is believed that it can work in practice as long as HIGH-REP nodes do not collaborate with attackers.Another attack that is worse involves an attacker node charging hold fees and receiving an HTLC from a victim. The attacker does not forward the HTLC but starts charging hold fees. Just before the timeout, the attacker removes the HTLC without forwarding it or tries to forward it at the last moment, potentially blaming someone else for its failure to complete. This results in the attacker extracting the maximum hold fee from the victim without the downstream hold fees cutting into their profits. By forwarding as late as possible, the attacker can cause a downstream failure and look innocent, resulting in the worst possible outcome. The idea is that an attacker node is untrusted and won't be able to charge hold fees.