Bug freezes bitcoins within the Lightning Network for hours
Late Sunday, researchers discovered a critical validation bug in LND, a popular Lightning Network implementation backed by Lightning Labs.
Specifically, LND’s full Bitcoin node implementation, BTCD, had a bug in its Taproot implementation. BTCD is a full node implementation for Bitcoin which is popular with Lightning Network users.
The bug affects LND versions 0.15.1 and earlier. LND has asked all its users to update it to version 0.15.2.
During Sunday night, Bitcoin developer Jameson Lopp recommended LND node operators not to do anything until a new version was released. “I hope payments and routing [de pagamentos] still work. What is not working is opening and closing channels because blockchain synchronization is stuck.”
Notes for lnd node operators:— Jameson Lopp (@lopp) October 10, 2022
Your node is currently safe. I wouldn't touch it until the new version is released.
I expect payments and routing still work. What won't work is channel opens / closes because the blockchain sync is stuck.
Update in the next 2 weeks if you can.
Without the ability to close channels, bitcoins on the Lightning network (from whoever operates this particular LN implementation) were essentially frozen there for a few hours, with no possibility of being moved to the first-tier network.
Taproot’s multi-sig transaction revealed the bug
The researchers discovered the bug when testing the limits of the Bitcoin Scripting Language, a Bitcoin programming language. They wanted to test an extremely advanced smart contract that required co-authentication by numerous parties.
To perform this test, a researcher, Burak, created a large multi-sig transaction in Taproot. This required 998 private key signatures to authenticate the sending of bitcoin, an extraordinary amount of co-signers.
To put this number into context, consider that Lightning Network users typically open channels using only 2-of-2 multi-sig transactions.
Transaction 998-of-999 was accepted by test block producers. The transaction was later mined into a block of Bitcoin from the main network. Then the transaction broke the LND.
This transaction confused the method used by LND to calculate what the most recent block was. Specifically, LND was unable to parse a new block due to its faulty library.
The following message appeared in the error logs: “Unable to complete string resizing: readScript: script item is larger than the maximum allowed size.”
Lightning Labs immediately began work on fixing the bug, updating the BTCD wire analysis library, and announced the release of version 0.15.2.
how was lnd affected?— Olaoluwa Osuntokun (@roasbeef) October 10, 2022
lnd uses this library to parse blocks we get from either the full node backend or p2p network, due to this bug lnd wasn't able to parse a new block, but was able to continue to forward as normal (synced_to_chain: false)
Need for cross-implementation watchtower services
After the bug fixing process, researchers began to express the need for observation services, which are implemented independently.
This bug only affected LND, a popular implementation of the Lightning Network. Other implementations include Éclair and Core Lightning.
The watchtower service is a third party that monitors the publicly visible Lightning Network and allows users to seek restitution for misbehavior and can monitor all deployments to protect users during outages of any particular deployment.
For example, since most users adhere to Lightning as a 2-of-2 multi-sig transaction, they often trust a counterparty not to lie about the final balance of bitcoin held by each other when they close the channel and exit the channel. network to mainnet Bitcoin.
If someone lies about the bitcoin in their possession when trying to close a Lightning channel, a user who can prove this lie can post the call. Justice Transaction (Justice Transaction), and receive 100% of the bitcoins in your channel as a reward for catching the lie.
A watchtower that monitors all implementations (LND, Core Lightning, Éclair, etc.) can protect a user during bugs or hacks, allowing them to publish Justice Transaction if someone tries to steal their money during service outages.