September 20, 2020

New Lightning Network Vulnerability Document Published

New Lightning Network Vulnerability Document Published

Rusty Russell, one of the developers of the Bitcoin Lightning Network (LN), has published a new study on network vulnerabilities, discovered in August. In addition, in his work, Russell proposed a solution to this problem.

According to him, the vulnerability appears duringopening funding channels. An attacker can open a channel, but not pay a partner or pay an incomplete amount. Upon reaching the minimum transaction depth, the hacker will be able to withdraw funds from this channel. Meanwhile, the victim does not immediately detect a loss of funds, but only at that moment when he asks to close the channel.

As previously reported, LN project managers are alreadycalled on users to update nodes as quickly as possible. According to them, nodes using the LND version below 0.7, c-lighning below version 0.7, and eclair below version 0.3.1 are most susceptible to such attacks.

In addition, Russell proposed a new solution to thisProblems. According to him, after opening the channel and conducting the transaction, partners should verify that the funding transaction output [2] matches the point described in funding_created` [1], and that the transaction amount matches the amount in open_channel [3].

According to the materials cointelegraph.com