Is LND damaged? Or was the ridiculously massive transaction that unsynched it a direct assault on the LND implementation? Does all of this have an effect on the bigger Lightning Network? And what in regards to the bitcoin community? This story begins with every kind of questions and might\u2019t promise to reply all of them. The recreation is afoot. Something\u2019s occurring. It\u2019s exhausting to find out what, although. And it looks like extra shall be revealed, like we nonetheless don\u2019t have all the information.<\/span><\/p>\n Let\u2019s study what we do have and attempt to resolve this. And all of it begins with a abstract of the story up to now.\u00a0<\/span><\/p>\n On October ninth, a developer referred to as <\/span>Burak announced<\/span><\/a> \u201cI just did a 998-of-999 tapscript multisig, and it only cost $4.90 in transaction fees.\u201d That curious transaction unsynched the Lightning Network, which missed producing one block. The Lightning Labs workforce, accountable for the LND implementation, launched a repair in a matter of hours. The incident made abundantly clear that the Lightning Network continues to be a piece in progress and the implementations are susceptible to assaults.\u00a0<\/span><\/p>\n Today, Burak stroke once more. \u201cSometimes to find the light, we must first touch the darkness,\u201d <\/span>he tweeted<\/span><\/a> accompanying <\/span>another huge transaction<\/span><\/a>. This time, the affect solely hit LND nodes. Everybody else remained in synch, whereas LND was caught. For some time there, LND nodes might route funds however have been unaware of the state of the chain. Lightning Labs acknowledged the bug of their official channels and started working on <\/span>a hotfix that was released<\/span><\/a> a number of hours later.<\/span><\/p>\n With the assistance of the @lightning<\/a> Labs workforce (h\/t @guggero<\/a>), us at @GaloyMoney<\/a> and our CI pipelines the @BTCBeachWallet<\/a> nodes are up to date with the bugfix inside 31 blocks after 73be398c4bdc43709db7398106609eea2a7841aaf3a4fa2000dc18184faa2a7e hit. \u2014 openoms (@openoms) November 1, 2022<\/a><\/p>\n<\/blockquote>\n To clarify the implications to the remainder of us, Applied Cryptography Consultant <\/span>Peter Todd analyzed<\/span><\/a> the state of affairs. \u201cBecause LN is _not_ a consensus system, having different implementations is a good thing. Some of the network is down right now. But there\u2019s no real harm in the rest staying up. Meanwhile, the root cause of the problem is buggy btcd code,\u201d he tweeted.<\/span><\/p>\n So far, every part sounds fantastic. The transaction\u2019s intention appears to focus on a vulnerability with out inflicting appreciable harm. The factor is, Burak wrote, \u201cyou\u2019ll run cln. and you\u2019ll be happy\u201d within the OP_RETURN DATA. And \u201ccln\u201d refers to Core Lightning, LND\u2019s major competitors. A <\/span>Blockstream product<\/span><\/a>.<\/span><\/p>\n Another pseudonymous developer <\/span>wrote to Burak<\/span><\/a>, \u201cThe ethical thing to do is to a vulnerability disclosure to the Lightning Labs team instead of taking down majority of the nodes in the network.\u201d Then, one more developer named <\/span>Anthony Towns delivered<\/span><\/a> a mandatory plot twist, \u201cFor what it\u2019s worth, I also noticed this bug and disclosed it to Olaoluwa Osuntokun about two weeks ago. The btcd repo doesn\u2019t seem to have a reporting policy for security bugs, so not sure if anyone else working on btcd found out about it.\u201d<\/span><\/p>\n \u201cThe initial report was to the wrong place and was missed, I followed up a week later on the 19th and Olaoluwa Osuntokun replied with some thoughts on why this wasn\u2019t caught already and how to do better,\u201d Towns additional elaborated. Later on, Osuntokun confirmed the report and revealed, \u201cas the post was public I deleted it then followed up w\/ him via email. We had a patch ready to go for the minor release (w\/ some other memory optimizations), but obv this preempted it.\u201d<\/span><\/p>\n additionally @ajtowns<\/a> did contact me, by making a difficulty on my public fork of btcd w\/ particulars, because the put up was public I deleted it then adopted up w\/ him through electronic mail<\/p>\n we had a patch able to go for the minor launch (w\/ another reminiscence optimizations), however obv this preempted it<\/p>\n \u2014 Olaoluwa Osuntokun (@roasbeef) November 1, 2022<\/a><\/p>\n<\/blockquote>\n He additionally identified an essential factor, \u201cI didn\u2019t imagine someone would work w\/ miners to mine it.\u201d This specific bug required miner participation to go by means of. There may\u2019ve been extra to this assault than meets the attention. However, there have been over $700 in charges hooked up to the transaction. That exorbitant payment may\u2019ve been sufficient to go the weird transaction by means of.\u00a0\u00a0<\/span><\/p>\n This is the place every part will get tough, as a result of it looks like Burak was beforehand sponsored by Blockstream to work on liquid covenants on Bitmatrix. In a sequence of then-deleted tweets, Lightning Labs CEO Elizabeth Starks appears to be accusing Blockstream of not less than sponsoring the assaults. When questioned by a Blockstream worker, Starks replied, \u201cIs this not true that it\u2019s a sponsored dev?\u201d and \u201cYou appear to have left out the deleted tweet where I specifically mentioned it was clear that this attack was not part of what was sponsored.\u201d<\/span><\/p>\n Is this not true that it is a sponsored dev? My level was not that *this* work was funded, however as you wrote this individual is “def sponsored by blockstream.” pic.twitter.com\/s1SHZnnbo5<\/a><\/p>\n \u2014 elizabeth stark \ud83c\udf60 (@starkness) November 1, 2022<\/a><\/p>\n<\/blockquote>\n Enter Suredbits founder<\/span> Chris Stewart, who took it even further<\/span><\/a> and straight up requested Adam Back to verify \u201cthat Blockstream isn\u2019t sponsoring these attacks on LND as a promotional tool for core lightning.\u201d Adam Back denied any sponsorship and defined what he thinks Burak meant. \u201cCould infer from the op_return message is about the risks of using a non Bitcoin core full node for consensus & Core Lightning uses Bitcoin core. maybe Burak is making that point, empirically. It\u2019s a known limitation from LANGSEC security it\u2019s near impossible to bit-wise compatible.\u201d<\/span><\/p>\n To put every part to mattress, Blockstream researcher <\/span>Christian Decker went on the record<\/span><\/a> and tweeted, \u201cThis is terrible, the Core Lightning team does not condone attacks of any nature. And namedropping a competitor is in really bad taste. Please follow responsible disclosures, and avoid publicity stunts like this, it\u2019s not helping, and causing a lot of issues!\u201d<\/span><\/p>\nWhat\u2019s With LND And These Huge Transactions?<\/span><\/h2>\n
\n
Can this keep the report now? pic.twitter.com\/Utrabq86jF<\/a><\/p>\n![\"BTCUSD](\"https:\/\/bitcoinist.com\/wp-content\/uploads\/2022\/11\/BTCUSD_2022-11-01_18-24-41-640x356.png\")
<\/p>\nBTC value chart for 11\/01\/2022 on Bitstamp | Source: BTC\/USD on TradingView.com<\/a><\/pre>\n
Did Someone Report The LND Bug Well Before The Attack?<\/span><\/h2>\n
\n
Is Blockstream Responsible For The Attack?<\/span><\/h2>\n
\n
Featured Image by Bethany Laird<\/a> on Unsplash<\/a> | Charts by TradingView<\/a><\/pre>\n
![\"Stripe,](\"https:\/\/bitcoinist.com\/wp-content\/uploads\/2022\/05\/lightning-g34645fb93_1280-640x380.jpg\")
<\/p>\n<\/p><\/div>\n