Bug Disrupted Lightning Network – Bitcoin Magazine

Because of the interference of a programmer by the name of Burak, an alternative Bitcoin implementation called btcd and one of the Lightning implementations called LND became incompatible with the rest of the Bitcoin network for the second time in a little under a month.

On October 9, Burak successfully completed a 998-of-999 tapscript multisig transaction. However, btcd and other implementations of Bitcoin identified it as invalid, despite the fact that Bitcoin Core and other implementations accepted it as valid. Because the Lightning Network implementation provided by LND is dependent on btcd, it became incompatible with the remainder of the Lightning Network. As a result, the users of both networks experienced a disruption in their capacity to conduct secure transactions. Not the best.

It is inevitable that open-source distributed systems will have flaws that might be exploited due to their design. The question is, however, whether these vulnerabilities should be made public or kept confidential.
Evidence that Burak was aware that doing so would violate LND

It's important to keep in mind that a transaction with the OP SUCCESSx status wouldn't normally be included in a block like this one is. On the other hand, it would appear that Burak corrupted miners by offering them a bribe in the form of a particularly large charge, which F2Pool was unable to refuse.

The events of the past two days have brought up a lot of discussion around this subject. Is it possible that Burak made a mistake by exploiting this problem in the wild on mainnet? Should he have done the right thing and properly revealed the vulnerability to btcd and LND in private, giving them the opportunity to repair the code before the flaw was exploited in the wild? Should LND rely on btcd, which is an alternate Bitcoin implementation that does not receive anywhere near the same amount of attention and review that Bitcoin Core does?

Your Uncle Marty very definitely does not know the correct responses to all of these questions, but I believe it is essential for you freaks to be aware of this information, and therefore I thought I'd bring it to your notice.

This is the nature of distributed systems that use open source software. It is possible that there are a great number of vulnerabilities hiding out there, but there is no obvious solution to deal with the issues. Many people will argue in favor of appropriate disclosures being made in private, while others will argue in favor of openly antagonistic activities that are designed to drive the issue. When you elect to participate in a monetary system that is based on free markets, you will have to make this decision as one of the trade-offs.


Orizu Ebube

1345 Blog posts

Comments