delvingbitcoin

Disclosure: LDK Duplicate HTLC Force Close Griefing

Disclosure: LDK Duplicate HTLC Force Close Griefing

Original Postby morehouse

Posted on: January 29, 2025 18:02 UTC

The Lightning Development Kit (LDK) version 0.1 and earlier was found to be vulnerable to a specific griefing attack that could force the closure of a victim's channels.

This issue was addressed in LDK version 0.1.1, with the update available on GitHub. The vulnerability stemmed from how channel commitment transactions are updated for each new or settled payment via lightning channels. Specifically, a brief period exists where a party may hold two valid commitment transactions, leading to potential mismatches between confirmed commitment transactions and the set of current HTLCs (Hashed Time-Locked Contracts).

During an audit of LDK's chain module, it was discovered that once a counterparty's commitment transaction had been revoked, LDK would forget the HTLC source data for that transaction to conserve memory. This approach led to issues if a revoked commitment transaction later confirmed, as LDK would then attempt to match HTLCs solely based on payment hashes and amounts, without considering the HTLC source data. The logic employed for this matching inadvertently allowed a single HTLC on a revoked commitment transaction to prevent all duplicate outstanding HTLCs from being failed back immediately, leaving them outstanding indefinitely.

An attack exploiting this vulnerability involved routing multiple HTLCs with the same payment hash and amount through different channels to a target node (B), then confirming a revoked commitment transaction containing only one of these HTLCs at node M2. This resulted in only one HTLC being failed back, with the rest becoming stuck, eventually leading all affected channels to be force-closed by their respective nodes to reclaim the stuck HTLCs. The cost of executing such an attack is minimal compared to the potential damage, as the attacker can minimize their channel balance before carrying out the attack.

The resolution introduced in LDK version 0.1.1 preemptively fails back HTLCs as their deadlines approach if the downstream channel has been force-closed or is in the process of closing, thereby addressing the bug and preventing the indefinite stalling of duplicate HTLCs. This fix also aims to mitigate cascading force closures due to spikes in mempool fee rates.

This incident underscores the importance of thorough documentation in software development. It was noted that better documentation of the original behavior might have prevented the introduction of this vulnerability. A comment explaining the rationale behind failing back all outstanding HTLCs upon confirmation of a revoked commitment could have provided valuable context to prevent future oversights.

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback