Huge Transaction Brought Down LND For The 2nd Time. Is Blockstream Responsible? | Bitcoinist.com
Is LND damaged? Or was the ridiculously giant transaction that unsynched it a direct assault on the LND implementation? Does all of this have an effect on the bigger Lightning Community? And what concerning the bitcoin community? This story begins with all types of questions and may’t promise to reply all of them. The recreation is afoot. One thing’s occurring. It’s exhausting to find out what, although. And it looks as if extra will likely be revealed, like we nonetheless don’t have all the information.
Let’s look at what we do have and attempt to unravel this. And all of it begins with a abstract of the story up to now.
What’s With LND And These Huge Transactions?
On October ninth, a developer often called Burak announced “I just did a 998-of-999 tapscript multisig, and it only cost $4.90 in transaction fees.” That curious transaction unsynched the Lightning Community, which missed producing one block. The Lightning Labs group, accountable for the LND implementation, launched a repair in a matter of hours. The incident made abundantly clear that the Lightning Community continues to be a piece in progress and the implementations are weak to assaults.
At this time, Burak stroke once more. “Sometimes to find the light, we must first touch the darkness,” he tweeted accompanying another huge transaction. This time, the influence solely hit LND nodes. All people else remained in synch, whereas LND was caught. For some time there, LND nodes may route funds however had been unaware of the state of the chain. Lightning Labs acknowledged the bug of their official channels and started working on a hotfix that was released a couple of hours later.
With the assistance of the @lightning Labs group (h/t @guggero), us at @GaloyMoney and our CI pipelines the @BTCBeachWallet nodes are up to date with the bugfix inside 31 blocks after 73be398c4bdc43709db7398106609eea2a7841aaf3a4fa2000dc18184faa2a7e hit.
Can this keep the report now? pic.twitter.com/Utrabq86jF
— openoms (@openoms) November 1, 2022
To clarify the implications to the remainder of us, Utilized Cryptography Advisor Peter Todd analyzed the scenario. “Because LN is _not_ a consensus system, having different implementations is a good thing. Some of the network is down right now. But there’s no real harm in the rest staying up. Meanwhile, the root cause of the problem is buggy btcd code,” he tweeted.
Up to now, every thing sounds wonderful. The transaction’s intention appears to spotlight a vulnerability with out inflicting appreciable harm. The factor is, Burak wrote, “you’ll run cln. and you’ll be happy” within the OP_RETURN DATA. And “cln” refers to Core Lightning, LND’s important competitors. A Blockstream product.
BTC value chart for 11/01/2022 on Bitstamp | Supply: BTC/USD on TradingView.com
Did Somebody Report The LND Bug Effectively Earlier than The Assault?
One other pseudonymous developer wrote to Burak, “The ethical thing to do is to a vulnerability disclosure to the Lightning Labs team instead of taking down majority of the nodes in the network.” Then, one more developer named Anthony Towns delivered a obligatory plot twist, “For what it’s worth, I also noticed this bug and disclosed it to Olaoluwa Osuntokun about two weeks ago. The btcd repo doesn’t seem to have a reporting policy for security bugs, so not sure if anyone else working on btcd found out about it.”
“The initial report was to the wrong place and was missed, I followed up a week later on the 19th and Olaoluwa Osuntokun replied with some thoughts on why this wasn’t caught already and how to do better,” Cities additional elaborated. In a while, Osuntokun confirmed the report and revealed, “as the post was public I deleted it then followed up w/ him via email. We had a patch ready to go for the minor release (w/ some other memory optimizations), but obv this preempted it.”
additionally @ajtowns did contact me, by making a problem on my public fork of btcd w/ particulars, because the submit was public I deleted it then adopted up w/ him by way of e-mail
we had a patch able to go for the minor launch (w/ another reminiscence optimizations), however obv this preempted it
— Olaoluwa Osuntokun (@roasbeef) November 1, 2022
He additionally identified an vital factor, “I didn’t imagine someone would work w/ miners to mine it.” This specific bug required miner participation to move by means of. There may’ve been extra to this assault than meets the attention. Nonetheless, there have been over $700 in charges hooked up to the transaction. That exorbitant price may’ve been sufficient to move the bizarre transaction by means of.
Is Blockstream Responsible For The Assault?
That is the place every thing will get tough, as a result of it looks as if Burak was beforehand sponsored by Blockstream to work on liquid covenants on Bitmatrix. In a collection of then-deleted tweets, Lightning Labs CEO Elizabeth Starks appears to be accusing Blockstream of not less than sponsoring the assaults. When questioned by a Blockstream worker, Starks replied, “Is this not true that it’s a sponsored dev?” and “You appear to have left out the deleted tweet where I specifically mentioned it was clear that this attack was not part of what was sponsored.”
Is this not true that it is a sponsored dev? My level was not that *this* work was funded, however as you wrote this individual is “def sponsored by blockstream.” pic.twitter.com/s1SHZnnbo5
— elizabeth stark 🍠 (@starkness) November 1, 2022
Enter Suredbits founder Chris Stewart, who took it even further and straight up requested Adam Again to substantiate “that Blockstream isn’t sponsoring these attacks on LND as a promotional tool for core lightning.” Adam Again denied any sponsorship and defined what he thinks Burak meant. “Could infer from the op_return message is about the risks of using a non Bitcoin core full node for consensus & Core Lightning uses Bitcoin core. maybe Burak is making that point, empirically. It’s a known limitation from LANGSEC security it’s near impossible to bit-wise compatible.”
To place every thing to mattress, Blockstream researcher Christian Decker went on the record and tweeted, “This is terrible, the Core Lightning team does not condone attacks of any nature. And namedropping a competitor is in really bad taste. Please follow responsible disclosures, and avoid publicity stunts like this, it’s not helping, and causing a lot of issues!”
Featured Picture by Bethany Laird on Unsplash | Charts by TradingView
Source link
#Huge #Transaction #Brought #LND #2nd #Time #Blockstream #Responsible #Bitcoinist.com