Author: Antoine Riard 2019-12-09 18:04:07
Published on: 2019-12-09T18:04:07+00:00
The article discusses time-dilation attacks on offchain protocols, specifically focusing on the Lightning Network (LN). The security model of LN is based on revocation of previous states and contestation periods. The article explains two scenarios where Eclipse attacks can be used to exploit the time-sensitive nature of LN's security model. In the first scenario, an attacker targets the CSV security delay by eclipsing a peer's node and delaying blocks by 2 minutes. After maintaining the eclipse for a week, the attacker can broadcast a revoked commitment transaction at a height ahead of the victim's view of the blockchain. In the second scenario, an attacker targets the per-hop CLTV-delta by eclipsing a peer's node and gaining a lead of 15 blocks. The attacker can then claim back a payment with an HTLC-timeout transaction. The article acknowledges that countermeasures have been implemented but indicates that it may still be possible for off-path attackers to carry out this kind of attack. Moreover, it highlights the difficulty of mapping LN nodes to their full-nodes and suggests using inter-layer mapping techniques such as funding transaction broadcasts or knowledge of onchain utxo graph leaked by addressed reused to fund channels. The article also suggests various on-chain and off-chain countermeasures that could be taken to mitigate these attacks. The article concludes by stating that time-dilation attacks are a significant threat to off-chain protocols relying on time for their security model. While funds may not be at risk presently, there remains a need for further research and development in this area.
Updated on: 2023-06-02T22:08:20.867451+00:00