delvingbitcoin

DoS Disclosure: LND Onion Bomb

DoS Disclosure: LND Onion Bomb

Original Postby ariard

Posted on: June 18, 2024 23:27 UTC

The discussion revolves around the potential exploitability of a vulnerability concerning LND nodes, specifically whether versions before or after 0.17.0 are susceptible.

The Lightning Network's BOLT8 specification already caps the maximum message size at 65,535 bytes, as detailed in the lightning message specification. The vulnerability in question involves an "LND Onion Bomb," where the onion payload is equal to or greater than 4 GB, which must be transmitted to the LND node via either a update_add_htlc command (as per BOLT2) or an onion_message command (according to BOLT4). These messages are secured using the Noise_XK protocol, which provides encrypted and authenticated transport. However, it's noted that the protocol currently does not support the fragmentation of messages across multiple transport frames. Additionally, there is uncertainty regarding whether a fuzz target has been established for testing this vulnerability within a simulated half-peer lightning connection stack. This technical inquiry underscores the complexities involved in securing cryptocurrency protocols against potential exploits, particularly in the context of the evolving standards and practices within the lightning network's infrastructure.