Disclosure: Eclair Preimage Extraction Exploit

A critical vulnerability was discovered in Eclair versions up to 0.11.0, which posed a significant risk by allowing attackers to potentially steal node funds through the exploitation of the software's handling of Hash Time-Locked Contracts (HTLCs) within the Lightning Network. The issue was specifically related to how Eclair monitored the blockchain for preimages during a forced channel closure, relying solely on its local commitment transaction records. This flawed approach failed to account for the possibility that a malicious channel partner could broadcast an older but valid commitment transaction containing an HTLC that had been removed from the victim's local state, thus enabling the attacker to claim the HTLC on-chain and causing the victim to lose their funds.

The exploit involved a complex interaction between nodes and the manipulation of commitment transactions. An attacker would initiate a payment routed through the victim's node, then deliberately fail the payment, manipulating the commitment transactions in such a way that they could force-close the channel with an older state where the HTLC still existed. By claiming the HTLC on-chain using the payment preimage and due to Eclair's failure to detect this preimage because it was not present in the local commitment, the funds would be irretrievably lost to the attacker.

The resolution to this vulnerability was the implementation of a more comprehensive check within the extractPreimages function to include all relevant commitment transactions, not just the local one. This update ensures that even if an older state is broadcasted, the Eclair node will correctly identify and extract the necessary preimage to claim the funds, thereby mitigating the risk presented by the original vulnerability. The fix was discreetly incorporated into a larger pull request that also included features for splicing and was released in Eclair version 0.12.0.

This vulnerability was uncovered accidentally during a routine discussion, emphasizing the serendipitous nature of some security discoveries in complex systems. Following the identification and subsequent resolution of the issue, additional measures were taken to prevent similar vulnerabilities in the future, including the introduction of a force-close test suite aimed at identifying potential weaknesses in the handling of channel closures.

The disclosure and handling of this vulnerability underscore the importance of continuous testing, auditing, and updating of node software within the Lightning Network to safeguard against potential exploits. Users are strongly advised to keep their node software updated to the latest versions to protect their funds against known vulnerabilities. For further details and technical insights into the matter, readers can refer to the original blog post here and access the updated Eclair release here.