Bitcoin's Lightning Network developer Rusty Russel has published the full disclosure of the network's vulnerability discovered in August, accompanied by a solution.
Russel pointed out that the vulnerability appeared while opening funding channels.
The described process does not require that receivers check if a transaction is the one promised by the funder in terms of amounts and the actual scriptpubkey.
Scriptpubkey is an output transaction script that requires specific conditions to be observed for a receiver to spend their Bitcoins.
"A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount. Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid."
Once the funding transaction is seen, peers "Must check that the outpoint as described in `funding created` is a funding transaction output with the amount described in `open channel`."
The file also warns that c-lightning versions 0.7.1 and above perform the process correctly, urging users to upgrade the older versions of their Lightning Nodes.
In order to avoid the risk of losing funds, Osuntokun strongly advised users to update their LN versions.
The affected versions included, per Osuntokun, LND nodes version 0.7 and below, c-lightning nodes version 0.7 and below, and eclair nodes version 0.3 and below, the post noted.
On Sept. 26, the number of Bitcoin's LN nodes reached 10,000 for the first time.
Bitcoin's LN Developer Discloses the Network's Vulnerability
gepubliceerd op Sep 28, 2019
by Cointele | gepubliceerd op Coinage
Coinage
Vermeld in dit artikel
Recent nieuws
Alles zien
Blockchain Bites: Bitcoin's Run, Uniswap's Hemorrhaging Value, Anchorage's Banking Bid
Bitcoin is nearing all-time highs in price and market cap last set three years ago.
Japan's megabanks to lead experiment with digital yen
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol's loss of $7 million.
Number of new Bitcoin addresses spikes amid growing FOMO
Japan's three largest banks, as part of a group of 30 private sector actors, are set to collaborate on an experiment with a digital yen.
Not just Wall Street: Quant trader explains why Bitcoin price is going up
Sam Trabucco, a quantitative trader at Alameda Research, believes four general factors are pushing up the price of Bitcoin.