1 year ago
The bug led LND nodes to neglect to sync concatenation successful the 2nd captious bug successful little than a month.
An exigency update was released to each Lightning Network's LND node operators connected Nov 1., aft a captious bug caused LND nodes to autumn retired of sync chain. This was the 2nd captious bug experienced by the web successful little than a month.
According to Lightning Labs, developer of the Bitcoin Lightning Network, immoderate LND nodes stopped syncing owed to an contented with the btcd ligament parsing library. The blistery hole (v.015.4) was released astir 3 hours aft the break. The merchandise stated:
"This is an exigency blistery hole merchandise to hole a bug that tin origin lnd nodes to beryllium incapable to parse definite transactions that person a precise ample fig of witnesser inputs."As per the issue connected GitHub, non-updated nodes volition beryllium susceptible to malicious transmission closings erstwhile transmission timelocks expire successful 2 weeks. The bug impacted lone LND nodes, making the existent concatenation authorities outdated, though payments transactions were inactive available. Some versions of electrs were besides impacted, according to another issue connected GitHub.
The bug was triggered by a developer dubbed Burak connected Twitter, with a connection successful the transaction saying: "you'll tally cln. and you'll beryllium happy."
Sometimes to find the light, we indispensable archetypal interaction the darkness.https://t.co/dhCwF0DxpE
— Burak (@brqgoo) November 1, 2022Burak was besides liable for triggering a akin bug connected Oct. 9, erstwhile they created a 998-of-999 multisig transaction that was rejected by btcd and LND nodes, starring to the rejection of the full artifact and each blocks pursuing the transaction. On the aforesaid day, Lightning Labs released a spot to hole the issue.
I conscionable did a 998-of-999 tapscript multisig, and it lone outgo $4.90 successful transaction fees.https://t.co/CvBHaRAqPu
— Burak (@brqgoo) October 9, 2022Related: What is the Lightning Network successful Bitcoin, and however does it work?
On Twitter, users suggested that it was clip for an LND bug bounty program:
Savage takedown of LND lightning nodes by exploiting a statement discrepancy betwixt Bitcoin Core and btcd with a azygous Bitcoin transaction.
Encoded message:
"you'll tally cln. and you'll beryllium happy."
Probably not a "responsible disclosure". Time for an LND bug bounty program? https://t.co/sLZQIsS4Zt pic.twitter.com/S8HwKXdoip
Hacker Anthony Towns also claimed to person disclosed the vulnerability to LND developers 2 weeks ago, noting that "The btcd repo doesn't look to person a reporting argumentation for information bugs, truthful not definite if anyone other moving connected btcd recovered retired astir it."
The Lightning Network is simply a 2nd furniture added to Bitcoin’s (BTC) blockchain that allows off-chain transactions, i.e. transactions betwixt parties not connected the blockchain network.
English (US) 