List of lightning CVEs \ stacker news ~security

pull down to refresh

721 sats \ 9 comments \ @ek 24 Sep security

Hellouuu stackersss,

I told @niftynei that I am interested in organizing a lightning wargame (or similar) for the bitcoin++ hacking edition in Floripa next year (Feb 25-28):

However, I have not had the time to look into common vulnerabilities or exploits (CVEs) in lightning implementations yet, as I told her in August I would do within three weeks.

So now I am asking you for your help: can you reply with examples like the recent Eclair disclosure? Or what would be the best place to start looking?

Or in other words: Please help me be lazy but take all the credit!

view all related items

2 replies \ @ek OP 24 Sep

My ideas so far where to look:

www.cvedetails.com: LND (only up to v0.15.4)
Security advisories on Github: LND (2), CLN (empty), Eclair (empty), LDK (empty) / ldk-node (empty)
searching for vulns in the changelog of lightning implementations
maybe include bitcoin implementations like core, btcd since bugs in them can also affect lightning

100 sats \ 0 replies \ @asterisk32 24 Sep

How about asking the devs, a bit of work but could be useful.

30 sats \ 0 replies \ @ek OP 24 Sep

#88061 / lnd/issues/7096 / btcd/issues/1906

1222 sats \ 1 reply \ @bordalix 24 Sep

Matt Morehouse (author of the Eclair disclosure) has a few other issues on his blog (LND, CLN, LDK...):

https://morehouse.github.io/

0 sats \ 0 replies \ @ek OP 24 Sep

ohh, that looks great, thanks!!

122 sats \ 0 replies \ @k00b 25 Sep

https://spiralbtc.substack.com/p/nerd-of-the-month-5-a-castle-of-glass-1f4

50 sats \ 1 reply \ @03c43494a9 24 Sep

are those dates confirmed for btc++? Nvm I didn’t read the telegram 🤦‍♂️