Blockstream’s Rusty Russel has released the disclosure of a crucial Lightning Network (LN) vulnerability that could lead to a loss of funds.
It’s high time to upgrade nodes
LN is a layer-2 protocol that allows creating payment channels between two parties. The information about their transactions is later recorded on the Bitcoin Blockchain.
Since there is no requirement to verify the funding transaction output, bad actors could spend funds in a channel without notifying the other party. After attempting to close the channel, it will become apparent for the victim that these transactions were invalid.
Once the funding transaction is seen, peers MUST check that the outpoint as described in `funding_created` is a funding transaction output with the amount described in `open_channel`,” the disclosure states.
Those LN users with version 0.7 and below have been advised to update their nodes as soon as possible given that they can be still susceptible to potential attacks.
Not a suitable solution
During the peak of crypto hype in December 2017, it was obvious that Bitcoin wasn’t able to handle a large number of transactions. The scalability problem gave birth to the off-chain solution, but it failed to live up to the expectation.
Some Twitter users point out that the recently discovered vulnerability is the reason why LN will never see mainstream adoption.
that's why Lightning will never be widely adopted regardless of UX— TH (@thomas_hg3) September 27, 2019