delvingbitcoin

Disclosure: irrevocable fees---stealing from LN using revoked commitment transactions

Disclosure: irrevocable fees---stealing from LN using revoked commitment transactions

Original Postby harding

Posted on: December 11, 2024 00:18 UTC

Old versions of major Lightning Network (LN) implementations were found to be vulnerable to attacks that could enable a miner to misappropriate up to 98% of a channel's funds.

This vulnerability was not only exploitable by malicious users but also presented a risk during normal operations, with potential losses typically being less than the maximum threshold. The issue affected Eclair, LDK, and LND under default configurations, along with Core Lightning when configured with --ignore-fee-limits. While contemporary LN implementations have introduced measures to mitigate the exploit by tightening fee bounds, the underlying vulnerability remains theoretically possible due to inherent fluctuations in onchain transaction fee estimates. Addressing this flaw requires modifications to both the LN protocol and Bitcoin's P2P transaction relay protocol. Updates have been released for Eclair, LDK, and LND, each aiming to limit the extent of the vulnerability.

The criticality of this vulnerability stems from the manipulation of offchain LN commitment transactions, where an attacker reallocates channel balances and adjusts transaction fees to siphon the majority of funds upon confirmation of such a manipulated transaction. Two primary attack vectors were outlined: Type 1, characterized by irreversible allocation of an excessive amount to transaction fees, and Type 2.0, which involves honest users inadvertently creating a state capable of similar exploitation. A Type 2.5 variant further exploits the non-deterministic estimation of onchain fees between channel participants.

Mitigation efforts have focused on limiting the maximum allocable amount to transaction fees and proposing the adoption of static commitment fees to eradicate the vulnerability permanently. These solutions necessitate broader protocol upgrades, notably the introduction of reliable package relay for Bitcoin and corresponding LN protocol adjustments. Additionally, strategies like tracking fee high watermarks were considered but ultimately sidelined in favor of developing more robust and user-friendly mechanisms.

The discovery and disclosure process for this vulnerability involved collaboration among maintainers of various LN implementations and underscored the complexity of managing offchain contract protocols' fee dynamics. It highlighted the ongoing efforts within the Bitcoin and LN communities to simplify and fortify the management of transaction fees, contributing to the resilience and security of offchain payment channels.

For further information on the vulnerability and mitigation measures, refer to the provided links: Eclair 2815, Eclair v0.10.0, LDK 3045, LDK 0.0.123, LND 8824, and LND 0.18.3-beta.