Author: Mats Jerratsch 2016-03-08 15:36:21
Published on: 2016-03-08T15:36:21+00:00
On the Lightning-dev mailing list, Mats Jerratsch of Blockchain.com has discovered a vulnerability in onion routing that could allow an attacker to initiate a probing attack by setting too short of an absolute CLTV refund timeout. Rusty Russell suggests mitigating this particular attack by remembering the onion and always failing an identical one. Furthermore, Rusty suggests randomizing the timeout for the next hop, at least subtracting (MIN_TIMEOUT to MIN_TIMEOUT*2), and also questions what the HTLC timeout should be set to initially. Rusty suggests using timestamps in the onion object as the described attack vector still exists.
Updated on: 2023-05-23T22:39:14.281935+00:00