Lightning Network vulnerability could allow bitcoins to be withdrawn from circulation

The introduction of Wumbo channels to the Lightning Network created a new vulnerability. This drew the attention of Joost Jager, a developer working on Bitcoin scalability solutions.

1/ Lightning is great, but can’t say it is battle-tested. If script kids would be interested, they could take down those shiny new 5 BTC #wumbo channels with negligible cost and no effort at all. pic.twitter.com/9PTkxfF042

— Joost Jager (@joostjgr) September 22, 2020

According to him, Wumbo channels, regardless of their maximum throughput, cannot simultaneously store more than 483 hashes and HTLC contracts (HTLCs).

“An attacker could exhaust available resources by sending 483 micropayments to their own address. This operation blocks a Wumbo channel for up to two weeks,” writes Jager.

The attack requires little effort or large sums — using the longest-path route and repeated payments, the objective can be reached very quickly.

“The script’s creator only needs to send as few as 54 payments for a single channel to take out of circulation two-digit amounts in bitcoin,” notes the expert.

Joost Jager began developing a firewall for Lightning Network nodes that would address the bug.

“There are other attacks that could cause you to lose money, and they seem more serious. But this vulnerability is one of the largest in that we don’t know how to fix it,” he wrote.

Support for Wumbo channels was realized in the Lightning Network in August. They lift the originally set throughput limits, enabling larger sums of bitcoin to be transmitted on the second layer of the network.

Earlier, Bitfinex announced support for Wumbo channels.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.