Published on: 2020-11-23T15:11:52+00:00
The Lightning Network's anchor output specification update introduced a potential vulnerability related to the new usage of SIGHASH_SINGLE for HTLC transactions. This vulnerability allows a malicious party to inflate fees committed on HTLC input/output pairs and redirect the inflated fee to a single-controlled output. An example given in the context shows how Alice gained 125600 sats through the exploitation of this vulnerability.To mitigate this vulnerability, several countermeasures can be taken. One approach is to tighten channel policies by further limiting the number of accepted HTLCs or restricting the acceptance of `update_fee` requests. Another suggestion is to adopt a scorched earth approach with Justice transactions, where their feerate is bound to the maximum value. This increases the odds of winning the feerate race and deters attackers. However, this approach introduces a griefing attack vector where the counterparty can burn more fees than the victim punishes its revoked balance.In conclusion, there is a need to address the vulnerability in the Lightning Network's anchor output spec update. Possible solutions include tightening channel policies, adopting a scorched earth approach with Justice transactions, or patching the current anchor specification to remove the application of `feerate_per_kw` on 2nd-stage transactions. Further discussions and thoughts on countermeasures are welcomed.It is worth noting that in lnd, anchors are currently behind a build flag, but the plan is to enable them by default for their upcoming 0.12 release.
Updated on: 2023-07-31T23:03:11.099149+00:00