Disclosure: Eclair Preimage Extraction Exploit

This vulnerability, which allowed attackers to steal node funds by exploiting a flaw in how Eclair monitored the blockchain for preimages during a force-close of a channel, highlights a crucial oversight. Specifically, Eclair's code only checked for HTLCs (Hash Time-Locked Contracts) that were present in its local commitment transaction, neglecting the possibility that an older, valid commitment transaction broadcasted by a malicious channel partner could contain an HTLC not present in the local version. This resulted in the victim’s inability to claim their funds on the blockchain.

The issue was rectified in Eclair 0.12.0, where the extractPreimages function was updated to check for HTLCs across all relevant commitment transactions, including those from remote and next-remote commitments. This change ensures that nodes can correctly identify and extract the necessary preimage to claim their funds, even if an old state is broadcasted by a malicious party. The fix was part of a larger pull request that also introduced splicing features to the protocol and was discreetly merged to mitigate the vulnerability without drawing undue attention prior to a broader public disclosure.

This incident came to light through a collaborative effort within the community, emphasizing the value of sharing knowledge and conducting cross-compatibility tests between different implementations. It also led to the introduction of a new force-close test suite designed to prevent similar vulnerabilities from occurring in the future. Moreover, the situation serves as a reminder of the potential benefits of adopting comprehensive testing frameworks like lnprototest, despite the complexities involved in achieving widespread implementation.

The chain of events from the discovery of the vulnerability to its resolution and subsequent public disclosure illustrates a mature approach to handling security issues in open-source projects. Developers are reminded of the necessity to regularly audit their code, especially when dealing with critical components related to security and fund management. Additionally, it reinforces the advice for users to keep their software updated to protect against known vulnerabilities.

For further details, the original discussion and code snippets illustrating the vulnerability and its fix can be found in a verbatim blog post on morehouse.github.io, and the updated Eclair version addressing the issue is available at Eclair 0.12.0.