1 year ago
This is an sentiment editorial by Shinobi, a self-taught pedagogue successful the Bitcoin abstraction and tech-oriented Bitcoin podcast host.
On October 9, 2022, Burak from Bitmatrix (a swap instrumentality built connected the Liquid Network) created and broadcast a transaction to the main Bitcoin network, spending a UTXO with a Tapscript multisig with a 998-of-999 threshold. This transaction had 998 idiosyncratic signatures successful the witnesser field, and was astir 0.1 MB successful size, and benignant of hilariously, reused the nonstop aforesaid nationalist cardinal for each 1 of the 999 participants successful the multisig. This transaction caused a monolithic disruption for the Lightning Network by exposing a bug successful LND and btcd (an alternate lawsuit for the Bitcoin network).
The full intent of making this transaction was to show the improved scalability of multisignature scripts that Taproot has enabled. Even without utilizing Schnorr-signature based MuSig protocols, Taproot tin alteration overmuch larger multisig subordinate sets than anterior versions of Bitcoin Script. This tin beryllium a spot of a nuanced treatment successful regards to the erstwhile size regulation of multisig if you dive into each the imaginable ways you tin conception multisig with Bitcoin Script, truthful for the involvement of simplicity I americium going to simply sermon the erstwhile limits applying to Pay-to-script-hash (P2SH) and Pay-to-witness-script-hash (P2WSH) multisig constructions. When it comes to the modular mode to bash a P2SH multisig, the maximum size bounds of participants is lone 15, and successful the lawsuit of the modular P2WSH multisig the maximum size is 20. These limits are due to the fact that of however large a publication is allowed to beryllium utilizing these antithetic publication ops, and limitations successful however galore processing operations are allowed to beryllium done successful the scope of a azygous script. Violating either of these limits renders a transaction invalid.
With the implementation of Taproot, these publication size limits were wholly removed, meaning the lone limits with Taproot publication size are the artifact size bounds itself. This is wherever the occupation comes successful regarding LND and btcd. The statement rules implemented successful btcd correctly removed these limits successful regards to publication size, but the occupation is the codification basal for peer-to-peer connection besides implemented checks connected publication size to adhd a treble furniture of defence for node operators. Blocks and transactions would spell done a benignant of "pre-consensus" statement validation earlier adjacent making it to the halfway statement codification that performs due validation, the logic being that treble checking things adds other layers of defence against invalid blocks oregon transactions. This codification was not decently updated to region the publication size limits, continuing to enforce anterior publication limits for SegWit against Taproot transactions. So portion the existent statement codification itself would person decently validated this precise ample Taproot transaction, the artifact containing it was ne'er really passed from the peer-to-peer validation into the existent statement validation logic, meaning that each btcd nodes stalled astatine the artifact including Burak's transaction.
Why did this impact LND, fixed that galore radical tally Bitcoin Core underneath their LND instance? It is due to the fact that LND uses the aforesaid codification btcd does to person and process blocks. So adjacent if your LND node was moving connected apical of Bitcoin Core, which would person decently validated the applicable artifact and not stalled, your LND lawsuit would person refused to judge that artifact and stalled adjacent though your main concatenation node continued progressing properly.
This bug was precise rapidly patched, and to my cognition was not actively exploited successful a mode that led to immoderate harm, but this near unfastened each LND node connected the Lightning Network to imaginable theft of funds successful channels unless they were utilizing an outer watchtower. Because the node was stalled astatine that block, it did not person a existent clip presumption of the blockchain, and successful the lawsuit that a transmission counterparty had submitted an aged transmission authorities to the blockchain it would person been wholly unaware of it and incapable to respond with the due punishment transaction to unafraid the user's funds. This was a precise superior bug that enactment a monolithic percent of the bitcoin connected the Lightning Network astatine hazard of theft unless users were manually patching and updating their nodes themselves, oregon personally monitoring their channels to beryllium capable to respond manually successful the lawsuit of a closure with an outdated state. I indispensable accidental that the immense bulk of non-technical node operators would astir apt not person been capable to bash so.
Thankfully this contented was not wide exploited, but had this been discovered successful the codebase earlier Burak's transaction was pushed to the blockchain, this could person been intentionally exploited by atrocious actors successful a precise tactical way. An individual, oregon a radical of people, could person precise easy opened a ample fig of channels connected the web and swapped each of the wealth successful those channels backmost to themselves on-chain done a submarine swap, leaving each of the funds successful the transmission connected the different side, and past submitted a ample Taproot transaction similar Burak did, instantly closing retired their channels utilizing an outdated state. The victims would not adjacent beryllium alert of it, and adjacent if they were, fixed the comparatively debased method competence of galore node operators, it is precise apt that astir radical would not person been capable to respond successful clip to manually close the contented with a punishment transaction.
This bug highlights 2 important issues to consider. Firstly, aggregate autarkic implementations of Bitcoin nodes tin beryllium precise dangerous. Thankfully, astir nary 1 runs btcd arsenic a node for thing serious, truthful the effect this had connected the basal Bitcoin web was thing that could beryllium wholly ignored, but for a precise tiny fistful of individuals whose nodes simply stalled out. If miners had been moving btcd, this could person precise easy resulted successful a chainsplit connected the Bitcoin web that would person taken each btcd operators disconnected connected a number concatenation that would person required manual involution to correct. The 2nd contented is that successful the lawsuit of 2nd layers supra the main network, implementations of statement checks should beryllium done precise carefully. This is simply a tricky issue, due to the fact that portion immoderate Lightning node moving connected apical of a Bitcoin afloat node could successful mentation simply outsource 100% of this validation to that node, not each Lightning nodes bash marque usage of their ain trusted afloat node. That is improbable to alteration — galore users volition successful each likelihood proceed to run nodes successful specified a manner, truthful to immoderate grade checks connected immoderate oregon each of the Bitcoin statement rules indispensable beryllium besides supported successful Lightning implementations arsenic well.
Going guardant I anticipation this is simply a wake-up telephone to however important it is to guarantee that statement validation checks are each successful sync with each different crossed bundle successful this space, arsenic without that synchronicity betwixt everything determination isn't really a singular coherent Bitcoin network. Everyone should beryllium precise blessed that this did not effect successful a monolithic exploit crossed the full network, but radical should beryllium alert of however superior this contented could person been had things not played retired the mode they did.
This is simply a impermanent station by Shinobi. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc oregon Bitcoin Magazine.
English (US) 