lightning-dev
Combined summary - Disclosure of a fee blackmail attack that can make a victim loose almost all funds of a non Wumbo channel and potential fixes
The Lightning Network, a protocol for faster and cheaper Bitcoin transactions, has been found to have vulnerabilities.
One vulnerability is a blackmail attack that exploits the update_fee mechanism and unbounded commitment transaction size inflation. To mitigate this issue, one solution is to cap commitment size and limit HTLC exposure. Another solution is BIP-119 Congestion Control trees, which bucket a tree based on HTLC size. Additionally, a technique called "coupe commitments" adds a layer of indirection to how HTLCs are manifested within commitment transactions.In an email thread, Dave explains how an attacker can force a victim to pay for numerous P2WSH outputs, causing significant costs. Lowering the max number of HTLCs in-flight is suggested as a solution, but some believe it makes it easier to jam a channel. Anchor commitments allow for second-level HTLC aggregation, saving on fees. The attacker can route a payment through the victim's channels, forcing the victim to pay on-chain fees to recover funds.Laolu suggests adding a layer of indirection to mitigate up-front costs. This involves adding an HTLC indirect block to commitment transactions, spent by a transaction that creates HTLC outputs. Jeremy Rubin suggests BIP-119 Congestion Control trees to bucket HTLCs and prevent interference. Antoine Riard discusses capping commitment size, dynamic dust limits, encoding all HTLCs in a Taproot tree, and other potential solutions.The discussion also touches on fee futures, hinting at where and how to disclose attacks and vulnerabilities. The vulnerabilities highlight the need for ongoing development of second-layer solutions for Bitcoin transactions. The attack involves flooding the network with large transactions, freezing channels, and demanding blackmail payments. Several fixes have been proposed, including not using the maximum value of HTLCs, implementing bitcoin core PR #15681, and finding ways to aggregate HTLCs.Overall, the Lightning Network vulnerability emphasizes the importance of addressing security issues and improving second-layer solutions for Bitcoin transactions.