An emergency replace was launched to all Lightning Community’s LND node operators on Nov 1., after a essential bug brought about LND nodes to fall out of sync chain. This was the second essential bug skilled by the community in lower than a month.
In keeping with Lightning Labs, developer of the Bitcoin Lightning Community, some LND nodes stopped syncing because of a difficulty with the btcd wire parsing library. The new repair (v.015.4) was launched almost three hours after the break. The discharge said:
“That is an emergency sizzling repair launch to repair a bug that may trigger lnd nodes to be unable to parse sure transactions which have a really giant variety of witness inputs.”
As per the subject on GitHub, non-updated nodes shall be susceptible to malicious channel closings as soon as channel timelocks expire in two weeks. The bug impacted solely LND nodes, making the present chain state outdated, though funds transactions have been nonetheless obtainable. Some variations of electrs have been additionally impacted, in line with one other subject on GitHub.
The bug was triggered by a developer dubbed Burak on Twitter, with a message within the transaction saying: “you will run cln. and you will be completely satisfied.”
Generally to search out the sunshine, we should first contact the darkness.https://t.co/dhCwF0DxpE
— Burak (@brqgoo) November 1, 2022
Burak was additionally chargeable for triggering an analogous bug on Oct. 9, once they created a 998-of-999 multisig transaction that was rejected by btcd and LND nodes, resulting in the rejection of the entire block and all blocks following the transaction. On the identical day, Lightning Labs launched a patch to repair the difficulty.
I simply did a 998-of-999 tapscript multisig, and it solely value $4.90 in transaction charges.https://t.co/CvBHaRAqPu
— Burak (@brqgoo) October 9, 2022
Associated: What’s the Lightning Community in Bitcoin, and the way does it work?
On Twitter, customers recommended that it was time for an LND bug bounty program:
Savage takedown of LND lightning nodes by exploiting a consensus discrepancy between Bitcoin Core and btcd with a single Bitcoin transaction.
Encoded message:
“you will run cln. and you will be completely satisfied.”In all probability not a “accountable disclosure”. Time for an LND bug bounty program? https://t.co/sLZQIsS4Zt pic.twitter.com/S8HwKXdoip
— Stadicus (@Stadicus3000) November 1, 2022
Hacker Anthony Cities additionally claimed to have disclosed the vulnerability to LND builders two weeks in the past, noting that “The btcd repo would not appear to have a reporting coverage for safety bugs, so undecided if anybody else engaged on btcd came upon about it.”
The Lightning Community is a second layer added to Bitcoin’s (BTC) blockchain that enables off-chain transactions, i.e. transactions between events not on the blockchain community.