Author: Andrea RASPITZU 2019-01-03 12:40:16
Published on: 2019-01-03T12:40:16+00:00
In this message, Andrea raises a concern about the reuse of payment_hash in lightning invoices. The BOLT11 example currently uses a donation invoice that seems to be "permanent" with a payment_hash that doesn't change after receiving a donation. Andrea believes that reusing known payment_hash is a security issue because an intermediary node routing a donation for the second time already knows the preimage, allowing it to pull the htlc from downstream without forwarding it to upstream. This means that a malicious receiver could provide an invoice with assisted routes where among those they control a node, which won't forward to the htlc but instead steal the funds. As the preimage is known to the intermediate node, it will be claimed that the payment hasn't been received. Andrea suggests that there should be at least a warning in the spec regarding the reuse of payment_hash in invoices.
Updated on: 2023-06-02T16:59:02.410976+00:00