Author: Bastien TEINTURIER 2023-09-07 13:05:33+00:00
Published on: 2023-09-07T13:05:33+00:00
Runes/macaroons do not provide any protection if the machine issuing the RPCs is compromised. In such a scenario, an attacker can modify the parameters of the RPC call, and the lightning node will still execute it without any issues. However, it is important to note that the purpose of Runes/macaroons is to protect certain RPCs that involve payment transactions, such as channel open, channel close, and pay invoice.On the other hand, for "read" RPCs like listing channels, Runes/macaroons are not useful. This means that these types of RPCs can be accessed without any protection. The reason behind this is that performing on-chain operations or making payments through invoices is relatively infrequent for most nodes. Therefore, it makes sense to manually validate these operations.Furthermore, it is worth mentioning that the configuration of Runes/macaroons is fully customizable. This allows users to choose which RPCs they want to protect using Runes/macaroons and which ones they prefer to keep accessible without any additional security measures.In summary, while Runes/macaroons provide protection for specific RPCs involving payments, they do not offer any safeguard if the machine issuing the RPCs is compromised. It is essential to understand the intended use cases and configure the protection accordingly.
Updated on: 2023-09-08T01:53:29.994502+00:00