Published on: 2020-10-20T22:56:09+00:00
A vulnerability has been discovered in the Lightning Network protocol that could allow attackers to steal in-flight HTLCs. This vulnerability is due to lightning nodes not verifying the tx-relay standardness of counterparty signatures, making them susceptible to malicious high-S signatures. Bitcoin Core 0.10 implemented a check against high-S signatures, which LND did not have prior to v0.10. The verification method used by LND does not enforce the lower-S form of the signature. To address this issue, LND adopted a solution to normalize high-S signatures to a tx-relay standard one, which can be done by the receiver. However, a more proactive solution was proposed to fail the channel upon receiving a high-S signature. Lightning node security is crucial as each party owns a different version of the transaction and must own a valid witness at any time. Commitment transactions include signatures that might have been maliciously malleated by an attacker. Lightning node operators should be aware that they are running a Bitcoin bank in plain sight and any failure might be observed and exploited by an attacker. This vulnerability highlights the importance of transaction standardness, which affects other time-sensitive multi-party protocols such as vaults/CoinSwaps. Tx-relay standardness issues pose a systematic risk for layer 2 protocols relying on time-sensitive transactions.Another vulnerability has been identified in the Lightning Network protocol related to the expiration of a preimage with outdated utility. This vulnerability is similar to the one described in the Flood & Loot paper and could lead to the exploitation of channel timelocks. The vulnerability has been addressed in two pull requests (PR) on the lightning-rfc repository, PR #764 and PR #772. A wider discussion on the topic can be found on the bitcoin-dev mailing list.To avoid potential attacks, it is recommended that Lightning Network users upgrade their software to the latest version. The LND team has released versions 0.10.0-beta and 0.11.0-beta to fix the vulnerabilities. CVE-2020-26895 has been assigned to the first vulnerability.
Updated on: 2023-07-31T23:13:03.551246+00:00