pull down to refresh

Hopefully this is a wakeup call to the lnd team...
Can't believe nobody stole thousands of dollars worth from unsuspecting nodes.
The scariest thing is this:
"LNsploit does not yet broadcast transactions with a held HTLC payment still in flight, which would allow you to steal funds in hours rather than the ~2-week channel timelocks."
@TonyGiorgio I asked some of the people you credit in the end of the blog post - would you care to clarify how this can actually be achieved? Perhaps even an edit on the post would help for future readers - but it sounds super scary that the 2-week lock can be circumvented through some way. Doesn't that point to a greater critical flaw in the protocol?
It has to do with the CLTV values of HTLCs as payments are flowing through the network. I think most implementations have those set to just 40 blocks. So I believe there's going to be wider discussions that LN devs have to increasing that. The con to that is that stuck payments may mean that your funds are locked up longer and from a senders POV, a particular payment might look like it's pending for longer periods of time.
reply