Updated on January 9, 2023 12:50 PM
On Tuesday morning, a user going by the handle "Burak" (@brqgoo) on Twitter allegedly executed a non-standard Bitcoin transaction that blocked users from forming new Lightning channels (connections between Lightning nodes), causing a significant portion of the Lightning Network to go into disarray.
The layer 2 network known as Lightning sits on top of the Bitcoin blockchain and enables faster and less expensive transactions without the need to individually validate each one.
Burak's legitimate but unconventional transaction led Bitcoin nodes using the btcd Bitcoin implementation to reject legitimate incoming blocks. All LND nodes had a comparable glitch as a result of this. Because LND nodes rely on data from btcd Bitcoin nodes, the error led LND nodes to reject all requests to start new channels.
Burak’s shenanigans disrupted a good chunk of the Bitcoin and Lightning ecosystems nevertheless the community’s anti-fragility was on full display
"It's never easy to prepare for a new bug. I suppose more bug bounty and review schemes for responsible disclosure could be helpful”,Pickhardt.
Pieter Wuille, a Bitcoin engineer, agrees that controlling exploits and addressing problems is not always an easy task.
"I don't think it's always that easy. It would be logical to think that this required assistance from miners (or at least those with non-standard mempool/relay policy), making it more difficult to pull off and It's difficult to correct this one-line without drawing suspicion,” Wuille tweeted.
The Lightning Network-using developers now have two weeks to implement the change. After then, any active channel timelocks will expire, making the nodes once more susceptible.
Burak found and tweeted about the most current flaw, which affects the Lightning Network's btcd wire parsing module.
The developer jokingly left the following statement in the blockchain transaction that served as an example of the bug: "you'll run cln. And you'll be happy.
A related bug that was found on October 9th was also found by the developer. In that case, Burak constructed a multisig transaction with a 998 out of 999 success rate that was instantly rejected by both the LND and btcd nodes.
Due to this, the whole block the transaction was recorded in was rejected, which resulted in a pitiful transaction fee of just $5.16.
Anthony Towns, a white hat hacker, is also said to have informed a lead Lightning Network developer about this issue.
A hotfix, version 0.15.4-beta, was made available roughly three hours after the fault was found, thanks to the efforts of alert community member Burak and proactive developers.
“ This emergency hot patch release addresses an issue that could prevent lnd nodes from parsing specific transactions with a high number of witness inputs.”
These two bugs, which were reported in good faith and were quickly fixed, still sparked requests for a bug bounty scheme for the Lightning Network. Without incentives for ethical hackers to find and report related defects, it's impossible to predict who will find future problems first.