Rusty Russel, developer of Bitcoin Lightning Network (LN), has released the document that elaborates on the network’s bug discovered in August, and also the relevant solution. Russel clarified that the bug became active when funding channels are opened.
The described procedure does not necessitate validation from receivers if a transaction correlates with the one guaranteed by the sender in terms of sum involved and original scriptpubkey.
Scriptpubkey is basically an output transaction script that necessitates exclusive conditions to be followed for a receiver to spend BTC. The file elaborates the process as follows:
“A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount. Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid.”
Russel also suggested a way out of the above discussed issue. Once the financing transaction is viewed, peers “must check that the outpoint as described in `funding_created`[1] is a funding transaction output[2] with the amount described in `open_channel`[3].”
The file also cautions that c-lightning versions 0.7.1 or higher carryout the procedures perfectly, stressing users to move to newer versions of their Lightning Nodes.
Olaoluwa Osuntokun, CTO at LN-focused startups Lightning Labs and ACINQ, also asserted to have identified cases of bugs being abused. To prevent the risk of losing funds, Osuntokun stressed users to immediately update to the latest LN versions.
The versions which were found to contain vulnerabilities are Osuntokun, c-lightning nodes version 0.7 and below, LND nodes version 0.7 and below, and eclair nodes version 0.3 and below.
For the first time, two days before, the number of Bitcoin LN nodes hit 10,000. Notably, Andreas Antonopoulos detailed about his latest “Mastering Lightning Network” book, co-authored by René Pickhardt and Lightning Labs CTO Olaoluwa Osuntokun.