Author: ZmnSCPxj 2022-05-10 00:40:26
Published on: 2022-05-10T00:40:26+00:00
In a conversation about Lightning signers, ZmnSCPxj raises concerns that without active mitigation against eclipse attacks, compromised nodes can lie to the signer and cause a loss of funds in forwarding cases. They ask devrandom whether their "UTXO Set Oracle" informs the lightning-signer about block height and facilitates transaction broadcast. They also ask what happens if the connection between these remote devices is interrupted. ZmnSCPxj describes a scenario where a `lightning-signer` would need to be attached to a Bitcoin node capable of actively finding and connecting to multiple Bitcoin peers, checking the block header chain, and broadcasting unilateral closes and HTLC timelock claims for outgoing HTLCs. Without these capabilities, there is a risk of funds loss. They reference a potential exploit listed on https://gitlab.com/lightning-signer/docs/-/wikis/Potential-Exploits, which involves an HTLC being failed and removed on the input before it is removed on the output, leading to a loss of funds. They ask whether there is a mitigation planned or implemented against this exploit.
Updated on: 2023-06-03T08:39:51.672455+00:00