Author: Antoine Riard 2023-01-23 14:15:07
Published on: 2023-01-23T14:15:07+00:00
LDK developer Antoine Riard has conducted a third-party security audit of the Validating Lightning Signer (VLS) project's core mechanisms, identifying critical vulnerabilities and attack vectors. Riard said the VLS module development was advanced enough to be functional with both deployment of LDK and CLN nodes but there were missing not-implemented critical policy rules, and invoices and payments flows still needed hardening with a consistent security model. The issues have been communicated to the VLS team ahead of the report publication and they’re committed to address them. The VLS architecture could also be generalized to other Bitcoin contracting protocols where spending policies are also leveraged to introduce fine-grained control of custodied Bitcoin funds between cold and warm wallets.
Updated on: 2023-06-01T19:14:43.851935+00:00