pull down to refresh

List of lightning CVEs
721 sats \ 8 comments \ @ek 24 Sep security
Hellouuu stackersss,
I told @niftynei that I am interested in organizing a lightning wargame (or similar) for the bitcoin++ hacking edition in Floripa next year (Feb 25-28):
However, I have not had the time to look into common vulnerabilities or exploits (CVEs) in lightning implementations yet, as I told her in August I would do within three weeks.
So now I am asking you for your help: can you reply with examples like the recent Eclair disclosure? Or what would be the best place to start looking?
Or in other words: Please help me be lazy but take all the credit!
write
preview
related posts
2 replies \ @ek OP 24 Sep
My ideas so far where to look:
  • www.cvedetails.com: LND (only up to v0.15.4)
  • Security advisories on Github: LND (2), CLN (empty), Eclair (empty), LDK (empty) / ldk-node (empty)
  • searching for vulns in the changelog of lightning implementations
  • maybe include bitcoin implementations like core, btcd since bugs in them can also affect lightning
reply
100 sats \ 0 replies \ @asterisk32 24 Sep
How about asking the devs, a bit of work but could be useful.
reply
30 sats \ 0 replies \ @ek OP 24 Sep
reply
1222 sats \ 1 reply \ @bordalix 22h
Matt Morehouse (author of the Eclair disclosure) has a few other issues on his blog (LND, CLN, LDK...):
https://morehouse.github.io/
reply
0 sats \ 0 replies \ @ek OP 22h
ohh, that looks great, thanks!!
reply
50 sats \ 1 reply \ @03c43494a9 24 Sep
are those dates confirmed for btc++? Nvm I didn’t read the telegram 🤦‍♂️
reply
0 sats \ 0 replies \ @ek OP 22h
It's a good question though, because it's not listed on the website!
I asked in the TG group, will let you know when I received an answer.
reply
50 sats \ 0 replies \ @asterisk32 24 Sep
Epic man, if it's virtual. I wouldn't mind joining
reply