31 sats \ 1 reply \ @Zepasta 20 Oct 2023 \ on: Large lightning vulnerability concern bitcoin
deleted by author
Courtesy of ChatGPT:
The attack referred to is a transaction-relay jamming attack which could cause a loss of funds in lightning channels, specifically during the routing of Hashed Timelock Contracts (HTLC) traffic. The author mentions this attack as a "replacement cycling attack" which doesn't require significant resources from an attacker, just access to basic Bitcoin and Lightning Network software, albeit with a decent amount of technical know-how. This attack creates a situation where certain transactions in the Lightning Network could get jammed, making it hard for nodes to properly settle their transactions, which in turn could lead to loss of funds.
The "replacement cycling attack" is a sophisticated attack aimed at exploiting the transaction relay mechanisms within the Bitcoin network, especially as it pertains to the Lightning Network. Here's how it's performed, based on the detailed explanation provided in the email:
-
Initiation of Attack: A malicious channel counterparty initiates the attack by broadcasting a transaction known as an HTLC-preimage transaction, with both a higher absolute fee and a higher fee rate compared to the honest HTLC-timeout transaction broadcasted by the victim lightning node, triggering a replacement in the mempool (the holding area for transactions before they get confirmed).
-
Manipulation of Transactions: In both legacy and anchor output channels, an HTLC-preimage on a counterparty commitment transaction is malleable, meaning additional inputs or outputs can be added. This HTLC-preimage spends an unconfirmed input from an unrelated parent transaction and conflicts with its child transaction.
-
Replacement in Mempool: Due to the higher fees associated with the malicious HTLC-preimage transaction, it gets accepted in the mempool, replacing the honest HTLC-timeout transaction which is then evicted from the mempool.
-
Further Malicious Replacement: The malicious counterparty can then replace the parent transaction with another candidate transaction that satisfies the replacement rules, triggering the eviction of the malicious HTLC-preimage from the mempool since it was a child of the parent transaction.
-
Cycling the Attack: This process can be repeated for each rebroadcast attempt of the HTLC-timeout by the honest lightning node until the expiration of the inbound HTLC timelock. Once this height is reached, a new HTLC-timeout is broadcast by the malicious counterparty, colluding with another party on the outgoing link who broadcasts its own HTLC-preimage.
-
Double-Spending: The honest Lightning node ends up being "double-spent" in its HTLC forwarding due to this cycling attack, creating a loss of funds scenario.
-
Impact and Connectivity: The success of this attack could be further exacerbated if the malicious transactions are included in the block template of the miner winning the block race. A replacement cycling attack might over-connect to miners' mempools and public reachable nodes to succeed in a fast eviction of the honest transactions.
reply