Bitcoin’s (BTC) Lightning Network (LN) developer Rusty Russel has published the total disclosure of the community’s vulnerability found in August, accompanied by an answer.
Russel identified that the vulnerability appeared whereas opening funding channels. The described course of doesn’t require that receivers test if a transaction is the one promised by the funder when it comes to quantities and the precise scriptpubkey.
Scriptpubkey is an output transaction script that requires particular circumstances to be noticed for a receiver to spend their Bitcoins. The file explains:
“A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount. Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid.”
A attainable resolution
Russel additionally proposed an answer to the aforementioned drawback. Once the funding transaction is seen, friends “must check that the outpoint as described in `funding_created`[1] is a funding transaction output[2] with the amount described in `open_channel`[3].”
The file additionally warns that c-lightning variations 0.7.1 and above carry out the method appropriately, urging customers to improve the older variations of their Lightning Nodes.
On Sept. 10, Olaoluwa Osuntokun, CTO at LN-focused startups Lightning Labs and ACINQ, additionally claimed to have discovered cases of the vulnerability being exploited. In order to keep away from the danger of dropping funds, Osuntokun strongly suggested customers to replace their LN variations. The affected variations included, per Osuntokun, LND nodes model 0.7 and under, c-lightning nodes model 0.7 and under, and eclair nodes model 0.three and under, the submit famous.
On Sept. 26, the variety of Bitcoin’s LN nodes reached 10,000 for the primary time.
As Cointelegraph beforehand reported, Andreas Antonopoulos introduced his new “Mastering Lightning Network” guide, co-authored by René Pickhardt and Lightning Labs CTO Olaoluwa Osuntokun.
Your Opinion Matters
Quality - 10
10
Total Score
Your feedback is important to us to improve our services. We constantly seek feedback to improve and evolve our service, whilst identifying opportunities to assist clients in realising their business objectives.
User Rating: 4.54 ( 8 votes)
Comments