1 year ago
The beneath is simply a nonstop excerpt of Marty’s Bent Issue #1278: “Another LND/btcd bug emerges.” Sign up for the newsletter here.
For the 2nd clip successful little than a month, btcd (an alternate implementation of Bitcoin) and, by extension, LND (one of the Lightning implementations) became incompatible with the remainder of the Bitcoin web owed to immoderate meddling from a developer named Burak.
On October 9, Burak completed a 998-0f-999 tapscript multisig transaction that btcd recognized arsenic invalid portion Bitcoin Core and different implementations (correctly) recognized it arsenic valid. Since LND’s implementation of the Lightning Network depends connected btcd, it became incompatible with the remainder of the Lightning Network, truthful disrupting each of their users’ quality to transact safely. Not ideal.
Fast-forward to yesterday and Burak was backmost again to disrupt btcd and LND with the benignant of transaction you spot above: a P2TR (pay-to-taproot) walk containing N OP_SUCCESSx with 500,001 pushes, which exceeds the bounds hardcoded into btcd. While the 998-of-999 tapscript multisig transaction seemed to beryllium an honorable mistake, yesterday’s transaction was an overt exploit successful the chaotic by Burak.
Proof Burak knew this would interruption LND
Something to enactment astir this OP_SUCCESSx transaction is that it typically wouldn’t beryllium included successful a block. However, it seems that Burak bribed miners by attaching a peculiarly precocious interest to this transaction that F2Pool couldn’t resist.
This concern has surfaced a batch of statement implicit the past 2 days. Was Burak incorrect to exploit this bug successful the chaotic connected mainnet? Should helium person decently disclosed the vulnerability to btcd and LND successful private, allowing them to spot the codification earlier the bug was exploited successful the wild? Should LND beryllium babelike connected btcd, which is an alternate implementation of Bitcoin that doesn’t get astir arsenic adjacent to the magnitude of attraction and reappraisal that Bitcoin Core receives?
Your Uncle Marty surely doesn’t person the close answers to each of these questions, but it’s important for you freaks to beryllium alert of this worldly truthful I thought I’d bring them to your attention.
This is the quality of unfastened root distributed systems. There could beryllium a batch of vulnerabilities lurking retired determination and determination is nary wide mode to grip the problems. Many volition advocator for liable disclosures successful backstage portion others volition advocator for overt adversarial actions that unit the issue. This is 1 of the trade-offs you take erstwhile you determine to opt into a escaped marketplace monetary network.
English (US) 