In recent days a new update was presented on the Bitcoin Lightning network. It was a correction to what would be a security flaw that allowed a loss of BTC from the payment channels.
The update in question was released on October 4. Lightning programmer Alex Bosworth public on his Twitter that people who are using LND (Lightning Network Daemon Client) should update immediately. However, as published on the Lightning-Dev Antoine Riard mailing list, the update in question would be directed to LND, c-lightning (lightweight implementation of LND and used by many wallets Bitcoin) and the Eclair wallet, specifically.
The flaw, or vulnerability, was in the commission rate. When creating a payment channel, a minimum amount is set in satoshis, whose value is known as “dust_limit_satoshis”. When the commitment transaction is created, which is the one that is propagated in the blockchain once the channel is closed, this value defines what the average commission to pay would be. Due to a bug, an attacker, could “change” this value and cause the counterparty to lose funds within the channel, which would go to pay for network fees.
Although it is not a direct theft that could be applied to the payment channel, since the loss would go to the miners, the attacker, as described by Antoine Riard, could participate together with malicious miners to obtain these specific funds. Of course, the miner should compete against other honest miners, who will want to mine such a transaction. In either case, this will mean the loss of funds to the victim..
As highlighted by the timeline on the monitoring of this failure, wallets such as Muun Wallet and Electrum Wallet, would have been notified about the present problem.
Antoine Riard, among the solutions that stands out is to set a “dust_limit_satoshis” for both parts of the channel, generating a kind of commitment between peers. In this sense, also apply a new variable to the equation that would be the “dust_buffer_feerate” value that would define the value to be paid per tariff based on the consumption of electrical energy consumed by the creation of the transaction.
These values, together with other definitions described in the mail, they will prevent the transaction from being propagated in the network of not complying with these requirements. In such a case, an error will simply be displayed about the transaction to send.
The update is already available in the different repositories of Lightning clients, in the case of portfolios such as Eclair, which as described by Riard requires updating, the current status is unknown. Umbrel SO, for example, of which CriptoNoticias reported the launch of a Bitcoin + Lightning node with this operating system, announced that the upgrade it was available in your app store.