Blog

You are currently viewing Huge Transaction Brought Down LND For The 2nd Time. Is Blockstream Responsible?

Huge Transaction Brought Down LND For The 2nd Time. Is Blockstream Responsible?

[ad_1]

Is LND damaged? Or was the ridiculously massive transaction that unsynched it a direct assault on the LND implementation? Does all of this have an effect on the bigger Lightning Network? And what in regards to the bitcoin community? This story begins with every kind of questions and might’t promise to reply all of them. The recreation is afoot. Something’s occurring. It’s exhausting to find out what, although. And it looks like extra shall be revealed, like we nonetheless don’t have all the information.

Let’s study what we do have and attempt to resolve this. And all of it begins with a abstract of the story up to now. 

What’s With LND And These Huge Transactions?

On October ninth, a developer referred to as Burak announced “I just did a 998-of-999 tapscript multisig, and it only cost $4.90 in transaction fees.” That curious transaction unsynched the Lightning Network, which missed producing one block. The Lightning Labs workforce, accountable for the LND implementation, launched a repair in a matter of hours. The incident made abundantly clear that the Lightning Network continues to be a piece in progress and the implementations are susceptible to assaults. 

Today, Burak stroke once more. “Sometimes to find the light, we must first touch the darkness,” he tweeted accompanying another huge transaction. This time, the affect solely hit LND nodes. Everybody else remained in synch, whereas LND was caught. For some time there, LND nodes might route funds however have been unaware of the state of the chain. Lightning Labs acknowledged the bug of their official channels and started working on a hotfix that was released a number of hours later.

To clarify the implications to the remainder of us, Applied Cryptography Consultant Peter Todd analyzed the state of affairs. “Because LN is _not_ a consensus system, having different implementations is a good thing. Some of the network is down right now. But there’s no real harm in the rest staying up. Meanwhile, the root cause of the problem is buggy btcd code,” he tweeted.

So far, every part sounds fantastic. The transaction’s intention appears to focus on a vulnerability with out inflicting appreciable harm. The factor is, Burak wrote, “you’ll run cln. and you’ll be happy” within the OP_RETURN DATA. And “cln” refers to Core Lightning, LND’s major competitors. A Blockstream product.

BTCUSD price chart for 11/01/2022 - TradingView

BTC value chart for 11/01/2022 on Bitstamp | Source: BTC/USD on TradingView.com

Did Someone Report The LND Bug Well Before The Attack?

Another pseudonymous developer wrote to Burak, “The ethical thing to do is to a vulnerability disclosure to the Lightning Labs team instead of taking down majority of the nodes in the network.” Then, one more developer named Anthony Towns delivered a mandatory plot twist, “For what it’s worth, I also noticed this bug and disclosed it to Olaoluwa Osuntokun about two weeks ago. The btcd repo doesn’t seem to have a reporting policy for security bugs, so not sure if anyone else working on btcd found out about it.”

“The initial report was to the wrong place and was missed, I followed up a week later on the 19th and Olaoluwa Osuntokun replied with some thoughts on why this wasn’t caught already and how to do better,” Towns additional elaborated. Later on, Osuntokun confirmed the report and revealed, “as the post was public I deleted it then followed up w/ him via email. We had a patch ready to go for the minor release (w/ some other memory optimizations), but obv this preempted it.”

He additionally identified an essential factor, “I didn’t imagine someone would work w/ miners to mine it.” This specific bug required miner participation to go by means of. There may’ve been extra to this assault than meets the attention. However, there have been over $700 in charges hooked up to the transaction. That exorbitant payment may’ve been sufficient to go the weird transaction by means of.  

Is Blockstream Responsible For The Attack?

This is the place every part will get tough, as a result of it looks like Burak was beforehand sponsored by Blockstream to work on liquid covenants on Bitmatrix. In a sequence of then-deleted tweets, Lightning Labs CEO Elizabeth Starks appears to be accusing Blockstream of not less than sponsoring the assaults. When questioned by a Blockstream worker, Starks replied, “Is this not true that it’s a sponsored dev?” and “You appear to have left out the deleted tweet where I specifically mentioned it was clear that this attack was not part of what was sponsored.”

Enter Suredbits founder Chris Stewart, who took it even further and straight up requested Adam Back to verify “that Blockstream isn’t sponsoring these attacks on LND as a promotional tool for core lightning.” Adam Back denied any sponsorship and defined what he thinks Burak meant. “Could infer from the op_return message is about the risks of using a non Bitcoin core full node for consensus & Core Lightning uses Bitcoin core. maybe Burak is making that point, empirically. It’s a known limitation from LANGSEC security it’s near impossible to bit-wise compatible.”

To put every part to mattress, Blockstream researcher Christian Decker went on the record and tweeted, “This is terrible, the Core Lightning team does not condone attacks of any nature. And namedropping a competitor is in really bad taste. Please follow responsible disclosures, and avoid publicity stunts like this, it’s not helping, and causing a lot of issues!”

Featured Image by Bethany Laird on Unsplash | Charts by TradingView

Stripe, a lightning over a city



[ad_2]

Source link

Tags: , , , , , , ,

Leave a Reply