Hard blow for the Lightning Network – THE Lightning Network (LN) is a second layer solution of Bitcoin. This specializes in micropayments through the use of “state channels”. Unfortunately, a vulnerability could well undermine network security.
Vulnerability on the Lightning Network
On October 16, Antoine Riarddeveloper Bitcoin identified a critical vulnerability on the Lightning Network on Bitcoin. He described the flaw as well as ways to resolve it in a report published on GitHub.
Antoine Riard subsequently decided to leave the Lightning Network development team the flaw is so important. Indeed, he believes that only a modification of the Bitcoin protocol would make it possible to implement a lasting solution to this flaw. However, the latter knows how difficult it is to evolve Bitcoin.
“Effective now, I am no longer participating in the development and implementation of the Lightning Network, including coordinating the handling of security issues at the protocol level. »
>> Euro > Crypto at the best price in 1 click! (commercial link) <<
Replacement Cycling: the fault that shakes the LN
In practice, the attack targets a flaw in transaction replacement mechanism.
As a reminder, it is possible to replace a transaction on Bitcoin and the Lightning Network. This can usually occur in several cases, for example, to increase the fees of a transaction, or to replace a transaction in which there is an error.
For its part, this flaw exploits the ability to replace an unconfirmed transaction in the mempool with a transaction that spends the same entries.
To do this, the attacker must open two payment channels with his victim. It sends a payment through these channels, creating an HTLC (Hashed Timelocked Contracts) contract.
Normally, if an HTLC is not settled on time, the victim can broadcast an “htlc-timeout” transaction to recover their funds.
This is where the attacker can exploit transaction replacement. It uses this function to continually replace the victim’s transaction with their ownthereby preventing the victim’s transaction from being confirmed.
If the attacker manages to do this long enough, he can cancel the htlc-timeout, and the victim loses the payment money.
Fix and solutions
The idea proposed by Antoine Riard is to reimagine the HTLC protocol. Its purpose is to prevent additional entries from being added to the HTLC so that they cannot be replaced.
However, this requires a soft fork to be put in place. An unlikely situation given the ossification of Bitcoin.
Otherwise he proposed other solutions potentially less reliable in the long term:
- Increased lock delay : to make the attack more difficult and costly to carry out;
- Monitoring the mempool : users can monitor the mempool to spot the htlc-timeout transaction before it is replaced;
- Using watchtowers : a more centralized version of mempool monitoring;
- Changing Relay Policies : in order to propagate the replaced transactions so that they still reach the victim.
In any case, this problem is no longer the responsibility of Antoine Riard. It will now be up to the developers of the Lighting Network or those of Bitcoin to find a solution.
What if the Lightning Network was soon obsolete? This is the bet of many teams developing zk rollups solutions on Bitcoin. This is particularly the case of ChainWay which has already developed a proof of concept.
Cryptos and blockchain technology are still young and volatile sectors. Every investment involves risk. As an informed investor, have you done your own research and decided to take the plunge? Current prices are an opportunity to add a few satoshis to your wallet! To do this, register on Swissborg Euro > Crypto at the best price in 1 click (commercial link).