LND Nodes Within Lightning Network Suffers Second Critical Bug This Month

By kev_nag | kev_nag | 2 Nov 2022


Bitcoin Lightning Network is a Layer-2 solution to the Bitcoin blockchain. The addition of this Network allows transactions between parties to be processed off-chain. The basic effect of this is to remove multiple micro-transactions from Bitcoin’s main chain by offering transactions at near zero cost as well as instantaneous processing speeds. [See, e.g. Get to Text. Bitcoin: The Lightning Network victim of a critical bug. (Accessed November 2, 2022)].

This saga was initiated by a twitter user identified as ‘Burak’ (@brqgoo). On Tuesday morning (November 1, 2022) ‘Burak’ allegedly caused major chaos and interruption within the Lightning Network by creating a non-standard Bitcoin transaction having the effect of preventing Network users from opening necessary connections between Lightning nodes. Here it gets slightly technical as the initiated non-standard transaction evoked Bitcoin nodes running ‘btcd’ to reject all valid incoming blocks. Then, as all Lightning Network Daemon (LND) nodes depend on information received from ‘btcd’ nodes, the LND nodes likewise denied all new channel opening requests. [See, e.g. Munawa, F. Rogue Actor Disrupts Lightning Network With a Single Transaction. (Accessed November 2, 2022)].

As a result of this problem with the ‘btcd’ wire parsing library as set forth above, some LND nodes stopped syncing. But within three hours of the system failure, a ‘hot fix’ identified as [v. 015.4] was published to Github by Lightning Labs. At that time, the Lightning community was advised to update their nodes to the updated version. [See, e.g. Kiran, S. Bitcoin Lightning Network’s LND nodes record 2nd critical bug in a month. (Accessed November 2, 2022)].

20221102 4.png
Photo Source

By reviewing the Github posting of the update, Lightning Labs emphasized:

This is an emergency hot fix release to fix a bug that can cause lnd nodes to be unable to parse certain transactions that have a very large number of witness inputs. This release contains no major features, and is instead just a hotfix applied on top of v0.15.3.

[Lightning Network. lnd v0.15.4-beta. (Accessed November 2, 2022)].

Furthermore, per Lightning Labs, only the LND nodes were affected by this. In two weeks when the channel timelocks expire, any nodes remaining without the update will be subject to malicious channel closures. [See, e.g. Kiran, supra].

It should be stressed that to commence this action, ‘Burak’ took to twitter, tweeting:

20221102 6.png
Photo Source

On October 9, 2022, the very same ‘Burak’ commenced a prior exploit of the Lightning Network by tweeting:

20221102 8.png
Photo Source

His action of creating a 998-of-999 multisig transaction had its desired effect of having the transaction rejected by the btcd and LND nodes resulting in the rejection of that entire block as well as the cascading effect of every block’s rejection following it. Lightning Labs was again required to issue a quick ‘hot fix’ for the ‘Burak’ problem. [See, e.g. Pereira, A.P. Lightning Network releases emergency update after critical bug on LND nodes. (Accessed November 2, 2022)].

In the aftermath of both of these exploits, those users who are taking to Twitter seem to believe the time is right to employ a ‘bug bounty program’ for this recurring LND node problem:

20221102 11.png
20221102 12.png
Photo Source

How do you rate this article?

29


kev_nag
kev_nag

Just an ordinary casual crypto investor.


kev_nag
kev_nag

Retired, finally. I enjoy learning about crypto and sharing my discoveries. Also, I follow the News closely and enjoy discussing current events. I have no political agenda, but advance views based in reality with a slant toward real world consequences.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.