How big of a threat is lightning fee siphoning?
904 sats \ 8 comments \ @AJ1992 3 Apr devs
Hey guys, I just became aware of lightning fee siphoning and the issues it caused in the past on major lightning enabled platforms. If you aren't aware of what this is you can learn about it here and see just how much damage his test run did to these platforms. https://lightningnetwork.plus/posts/37
Questions for discussion: -How big of a threat does this still pose to the implementation and sustainability of the lightning network?
-Does this have the potential to threaten any major lightning enabled platforms anymore?
-How can this threat be completely eradicated by lightning developers? Is that even possible?
write
preview
related posts
22 sats \ 2 replies \ @k00b 3 Apr
How big of a threat does this still pose to the implementation and sustainability of the lightning network?
None it’s an application level detail that’s easy to avoid.
reply
0 sats \ 1 reply \ @AJ1992 OP 3 Apr
That's relieving. For real. However, Sats4likes has been a recent victim of this scam. Any advice.for psuedozach?
reply
121 sats \ 0 replies \ @k00b 3 Apr
Make people pay for their own withdrawal fees.
reply
150 sats \ 1 reply \ @WeAreAllSatoshi 3 Apr
The fee charged by OKex seemed to be strictly equal or higher than the cost to route the payment. There is no way one could make a net profit from OKex using this attack.
This seems to be a viable solution, as noted in the post. So if services offering LN withdrawals adhere to this, then they’re fine
reply
0 sats \ 0 replies \ @AJ1992 OP 3 Apr
Relieved to hear that this isn't much of an issue anymore. However, the reason I became aware is because our friend Pseudo Zach over Sats4likes has been getting victimized by this recently in numerous attacks.
reply
10 sats \ 2 replies \ @nym 3 Apr
If major nodes and platforms are susceptible to having their liquidity drained, that undermines the trust and reliability of the whole system. Users need to have confidence that their funds are safe and that transactions will be processed as expected. The fact that it was possible at all suggests there may be other vulnerabilities yet to be discovered.
reply
6 sats \ 1 reply \ @AJ1992 OP 3 Apr
I have the same mindset especially about other undiscovered vulnerabilities.
reply
0 sats \ 0 replies \ @nym 3 Apr
True that.
reply