Can someone explain the #lightning vulnerabilities referenced? Seems serious.
https://twitter.com/whalewire/status/1715686930476655030?s=46
#zaps #nostr #bitcoin
Discussion
From what I understand it’s an attack when opening a channel.
This leads to funds getting stolen.
Seems to be a core issue that "might" not be fixable due to main chain issues.
Why didn’t they call out lightning labs?-Seems weird.
Does it matter if you run your own node and channels?
From what I understand it’s a major flaw & that it does not matter.
It’s an attack vector at the base transaction when opening a channel.
Channels that are already open are safe I believe.
(Disclaimer I could be a retard)
no. this is not it at all.
attacker (with collaborator) opens 2 channels with you, is routing through like this..
attacker -> you -> collab -> destination
funds locked in htlc along the way. while your funds locked, collab doesnt return and goes offline. fees go up higher then the transactions you and collab originally signed. eventually attacker can broadcast their older state before the spend you have locked in htlc without the preimage returned by collab. attacker can bid up tx for new fee rates.
See I am retarded not afraid to admit it lol thank you for better clarification
Based on what I gathered from that X post comment, I think someone discovered that their is backdoor code on lightning network code.
It’s kind of like discovering a glitch in a video game that lets players cheat. This specific cheat is referred to as a “cycling attack”. In essence, someone could potentially exploit the lightning network by repeating certain actions in a way that wasn’t intended.
The Bitcoin community has tried to patch up this glitch, but there are concerns that it might not hold up against someone who really knows their stuff. Antoine, the guy who highlighted this issue, is basically saying, “Hey, we tried to fix it, but I’m not sure it’s completely secure. We need to be super careful moving forward.”
He’s emphasizing that when it comes to digital currency and security, you want to get things right from the get-go, because fixing mistakes after the fact can be really challenging.