Published on: 2019-01-24T18:00:51+00:00
A recent incident raised concerns about the reuse of payment hashes in Lightning Network invoices. A user contacted Anton Kumaigorodski claiming that they did not receive payment, even though the payer was able to provide a preimage. It was discovered that the user had reused an expired invoice, which led to the payment not being fulfilled. This incident highlights the need for action to prevent potential theft through QR reuse.ZmnSCPxj, a Bitcoin and Lightning Network contributor, stated that the possession of the payment preimage is considered sufficient proof of payment, regardless of what the receiver claims. However, the reuse of payment hashes should be strongly discouraged as it can enable theft by intermediate routing nodes. Andrea RASPITZU suggested that this issue should be clarified in BOLT11, the specification for Lightning Network invoices.The knowledge of a preimage for a specific payment_hash is the only payment proof for the payer. In the case of reuse, the payment preimage possessed by the ultimate payee is considered the entirety of the proof of payment, disregarding what the receiver claims. Reusing payment hashes can lead to theft by intermediate nodes that the receiver does not control.ZmnSCPxj further explained that if the receiver knows they do not have control over the entire Lightning Network, they should not reuse payment hashes. This is because intermediate nodes that the receiver does not control could claim the payment and provide the proof-of-payment to the ultimate payer. Possession of the payment preimage is deemed sufficient proof of payment, regardless of the receiver's claims.Andrea highlighted the security issue of reusing payment_hash in Lightning invoices. The current BOLT11 example uses a donation invoice with a "permanent" payment_hash that does not change after receiving a donation. This allows an intermediary node routing a donation for the second time to pull the htlc from downstream without forwarding it to upstream, effectively stealing the funds. Andrea suggested adding a warning in the specification regarding the reuse of payment_hash in invoices to address this concern.
Updated on: 2023-07-31T21:22:41.107641+00:00