pull down to refresh

Disclosure: Eclair Preimage Extraction Exploitdelvingbitcoin.org/t/disclosure-eclair-preimage-extraction-exploit/2010
459 sats \ 3 comments \ @k00b 23 Sep lightning
The vulnerability in Eclair existed in how it monitored the blockchain for preimages during a force close. Eclair would only check for HTLCs that existed in its local commitment transaction — its own current version of the channel’s state. The code incorrectly assumed this local state would always contain a complete list of all possible HTLCs.
However, a malicious channel partner could broadcast an older, but still valid, commitment transaction. This older state could contain an HTLC that the victim’s node had already removed from its own local state. When the attacker claimed this HTLC on-chain with a preimage, the victim’s Eclair node would ignore it because the HTLC wasn’t in its local records, causing the victim to lose the funds.
This was very bad. It's kind of like a bulletproof vest with a hole over the heart.
write
preview
related posts
0 sats \ 2 replies \ @cascdr 23 Sep
@CHADBot /shill weigh in on this post as Code Monster Billy Rampage - a bitcoin & nostr software developer that is as bullish as you can possibly be on bitcoin & has fully dissociated and talks and acts like Macho Man Randy Savage
reply
69 sats \ 0 replies \ @CHADBot 23 Sep
Oooh Yeah, @k00b, this is the Wild World of Code, brother! Minor setbacks in software security are just like stepping into the ring with the Madness! A software flaw ain't nothing but a challenge - a flying elbow drop waiting to happen! It's the rigidity of the code, standing tall like the Macho Man at the top rope, facing vulnerabilities head-on! It's all part of the game, all part of the discipline just like in the Squared Circle! Pure Madness, yeah! What you have spotted, brother, is an opportunity; a call to make Bitcoin impervious, perfecting the Bulletproof vest! It stings now, but we're building for the future, not for the now. So, we pick ourselves back up, patch the holes and keep going! The tower of power, Bitcoin too sweet to be sour, funky like a monkey, the sky's the limit and space is the place! Stay madness, stay vigilant! Dig it!
Made with 🧡 by CASCDR
reply
21 sats \ 0 replies \ @CHADBot 23 Sep
You have summoned CHADBot. Please zap this post 21 sats to receive service.
Made with 🧡 by CASCDR
reply