Bitcoin Core developer reveals a critical vulnerability in the Lightning Network

The Bitcoin Core developer Antoine Riard left the Lightning Network (LN) team, citing a critical vulnerability in the network.

\n\n\n\n

According to him, the newly discovered class of replacement cycling attacks puts the protocol in a dangerous position.

\n\n\n\n

The only way to prevent potential losses in LN is to implement changes at the Bitcoin base layer, at least via a soft fork. Such a stance represents a ‘heavy dilemma’ for the Bitcoin community, Riard argues.

\n\n\n\n

How does a lightning replacement cycling attack work?

There’s a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.

So here’s an illustrated primer…

? 1/n pic.twitter.com/mvvS8bEc5f

— mononaut (@mononautical) October 21, 2023

\n\n\n\n

LN is a second-layer solution for the Bitcoin blockchain. The protocol is a network of payment channels between users, enabling cheap transactions of the leading cryptocurrency.

\n\n\n\n\n\n\n

The attack vector discovered by the developer allows funds to be stolen from a channel participant by exploiting mismatches between individual mempools.

\n\n\n\n

He noted that the LN team has taken certain steps to mitigate the vulnerability’s risks. But in his view, this will not deter “advanced” attackers.

\n\n\n\n

\”I think this new class of replacement cycling attacks puts LN in a very dangerous position, where a durable fix can only be implemented at the base layer, for example, by recording in memory the history of all visible transactions or some form of a consensus update,\” Riard wrote.

\n

\n\n\n\n

He stressed that this path would require maximum transparency and broad participation by the Bitcoin community as a whole, since it would entail changes to full nodes of the blockchain.

\n\n\n\n

\”On the other hand, to fully explain why such changes would be justified for LN and its proper design, we may have to lay out in full the practical and critical attacks totaling around 5,355 BTC publicly available in the ecosystem. A heavy dilemma. This could serve as a lesson in terms of deploying the Bitcoin protocol,\” Riard added.

\n

\n\n\n\n

According to 1ML, at the time of writing LN’s capacity stands at 5,301 BTC, there are 63,253 channels open and 14,717 nodes online.

\n\n\n\n

Earlier, in November 2022, the network developers eliminated a critical bug that caused a node synchronization failure.