Problem with lightning network, again bug in lnd implementation

on
Problem with lightning network, again bug in lnd implementation
It's that time again. Bitcoiner 'Burak' has taken down part of the lightning network again. Huh, that's old news, you might think. No! It's the second time in less than a month that he's managed to do it.


Part lightning down




This time it was a similar problem as on 10 October, but just a bit more insidious. At block 761,248, lnd suddenly stopped. This is Lightning Labs' lightning implementation used by many nodes.

This block contained an unusual transaction. It was once again Burak playing around with parameters bínnen bitcoin, but which were not picked up properly within bitcoind (which uses lnd as an underlay).

https://twitter.com/brqgoo/status/1587397646125260802

The peculiarity: the transaction had a message in the OP_RETURN, referring to Core Lightning - lnd's competitor: 'you'll run cln. and you'll be happy'". Burak also shared the solution directly on GitHub:

- Changing the maxWitnessItemsPerInput parameter from 500,000 to 4,000,000 solves the issue.

What caused the problem in lnd was rather technical. In bitcoin, there is a consensus rule that the limit on 'stack items' is a maximum of 1,000. In a Pay-to-Taproot payment, he was able to exceed this rule with 500,001 empty 'pushes'. This created a conflict between btcd and Bitcoin Core.

On the mainchain, the payment worked fine, but this same payment caused lnd-nodes to quit.


Solutions




The problem was fixed immediately and node services such as Umbrel, MyNode and Razpiblitz all soon came out with updates allowing users to switch to LND v0.15.4-beta. If you're running an lnd node, it's a good idea to take a moment to get active with this!

Incidentally, the problem was already known to Lightning Labs, as Anthony Towns raised this a fortnight ago.

Burak also found this problem but however took the opportunity to exploit it by doing the transaction on the mainnet. He could have addressed this in other ways (with a testnet payment or a vulnerability disclosure).

As a result, Burak's actions have also been criticised. Is this really ethical?

https://twitter.com/r32a_/status/1587409132973334532

On Bitcoin Focus a fortnight ago, you could already read a detailed story about the first issue! In edition #110, you read: Short circuit on lightning puts part of network down.
https://www.indexuniverse.eu/problem-with-lightning-network-again-bug-in-lnd-implementation/

Comments

Post a Comment