0 sats \ 13 replies \ @patrick1 20 Oct 2023 \ on: Large lightning vulnerability concern bitcoin
Welp, might be time to just turn off my routing node after nearly three years of running it.
It's never turned a profit anyway.
Since this attack requires the channel to be closed to work, a simple mitigation is to just reduce the maximum amount that can be in flight in HTLCs to some %, eg 10%. I don't know off the top of my head if LND can do that. But it should if it doesn't.
reply
Yes LND and CLN can do that.
Here I explained in my routing fees experiment that is even indicated to do that (limit min/max HTLC) and also Rene Pickhardt came to the same conclusion in his latest study (link is in my article)
reply
Not quite. I'm not suggesting that a single HTLC be limited in size. I'm suggesting that the sum of all simultaneous HTLCs for a given channel be limited.
Of course, setting the maximum HTLC value and the maximum number of HTLCs does that indirectly. But not as efficiently as a max HTLC sum limit.
Also, in your article you have links to specific lines in files on GitHub. Those links are broken because you linked to master, rather than a specific git commit. You can hit the "y" key to get a stable URL for a specific git commit in GitHub.
reply
I run mine for privacy reasons... Not keen to turn it off.
reply
I do too, but I may just use mutiny and then get my sats out of lightning immediately with a swap whenever it's a significant amount.
Kinda sad.
reply
Yeah my issue is with spending privately though, I want to pay LN invoices in a self custodial and private manner. Mutiny (the hosted version) can't give me that unfortunately.
reply
What gives you the view that you can't use mutiny to spend self custodially and privately?
reply
Hey Tony an honor to answer a question from you.
Pretty much the main things giving me this view are
- accidentally leaking my IP to Mutiny's web servers. My daily driver is (gasp) iOS and I can't enforce kill switch VPN, so there is a possibility of leaking my IP. Using Zeus and Tor-only mode I can eliminate operator (me) errors
- 2 hop scenario listed here https://abytesjourney.com/lightning-privacy/ (I just re-read the solution about opening additional public channels, and not entirely sure how that mitigated this)
reply
Thanks for that answer. We don't know anything about individual users or lightning payments since we don't run an LSP and thus don't process payments.
But we came out with a self hosting guide here so you can limit the IP concerns.
We could also probably add something for people to enforce that payments sent are at least 2 public hops before the destination. You wouldn't be able to pay other mutiny users with this setting if they share the same LSP but it would protect you from that edge case. Alternatively you can open your own channels too and go without an LSP in mutiny.
Having at least 2 public channels means that the source of funds might not have originated from you, but from someone beyond the other public channel. Only having unannounced channels aren't routeable by others so when you make a payment, it's clear it's from you. So a direct unannounced channel to unannounced channel payment with one up in the middle makes it clear who the sender and final destination was.
reply
I sat down now to test out your self hosting instructions, but I'm staring at this $12/month Digital Ocean cost and thinking about ROI and now my head is spinning.
I saw a "should be OK with 1GB/1CPU" so giving that a whirl on Linode. Found 1 or 2 issues in the setup instructions but made notes and will write it up.
Just a quick Q: if I don't want any old random to use my server, I was thinking of locating the site at https://mysite.net/uuid instead of just https://mysite.net
However seems the Mutiny stack is expecting a lot stuff at /
Any suggestions for locking it down a bit? basic auth UX sucks ass on mobile so anything but that
Thanks for clearing up the 2 hop thing, I'll definitely open another public channel in that case.
reply
Update : I have a channel open 😅
The Bitcoin wallet seems to work for the most part, but on the lightning side I can't pay invoices to things that should be highly connected such as wallet of Satoshi - payment failed unable to find route. Which logs should I check out on my server? Might hop onto Matrix if that's easier.
run private nodes
https://darthcoin.substack.com/p/private-lightning-nodes
reply