Disclosure: Replacement Cycling Attacks on the Lightning Network
"End of last year (December 2022), amid technical discussions on eltoo
payment channels and incentives compatibility of the mempool anti-DoS
rules, a new transaction-relay jamming attack affecting lightning channels
"After careful analysis, it turns out this attack is practical and immediately exposed lightning routing hops carrying HTLC traffic to loss of funds security risks, both legacy and anchor output channels. A potential exploitation plausibly happening even without network mempools congestion."
Mitigations have been designed, implemented and deployed by all major lightning implementations during the last months."
Please find attached the release numbers, where the mitigations should be present: - LDK: v0.0.115? - CVE-2023 -40231 (original letter says LDK v0.0.118 which is not out yet.) - Eclair: v0.9.0 - CVE-2023-40232 - LND: v.0.16.1-beta - CVE-2023-40233 (original message says LND v0.17.0-beta but @Roasbeef clarified that all of LND's relevant mitigations were in place by lnd v0.16.1-beta , which was released on April 24th 2023.) - Core-Lightning: v.23.08.01 - CVE-2023-40234
"Please find a list of potential affected bitcoin applications in this full
disclosure report using bitcoin script timelocks or multi-party transactions, albeit no immediate security risk exposure as severe as the ones affecting lightning has been identified. Only cursory review of non-lightning applications has been conducted so far."
"From my understanding the following list of Bitcoin protocols and applications could be affected by new denial-of-service vectors under some level of network mempools congestion. Neither tests or advanced review of specifications (when available) has been conducted for each of them:
"Inviting their developers, maintainers and operators to investigate how replacement cycling attacks might disrupt their in-mempool chain of transactions, or fee-bumping flows at the shortest delay. Simple flows and non-multi-party transactions should not be affected to the best of my understanding."
There is a paper published summarizing replacement cycling attacks on the lightning network.
"A functional test exercising a simple replacement cycling of a lightning channel commitment transaction on top of the nversion=3 code branch is
"Despite the line of mitigations adopted and deployed by current major lightning implementations, I believe replacement cycling attacks are still practical for advanced attackers. Beyond this new attack might come as a way to partially or completely defeat some of the pinning mitigations which have been working for years as a community."