- New vulnerability casts dark cloud over Bitcoin Lightning Network.
- Users could lose funds through complex targeted attacks.
- The vulnerability “will be fixable,” says Bitcoin developer Ben Carman.
Bitcoin Lightning Network developer Antoine Riard has blown the whistle on a newly-discovered vulnerability, which he says puts the Bitcoin scaling solution in a “perilous position” and would require complex changes to fix.
Riard disclosed the vulnerability, which takes the form of a so-called replacement cycling attack, in an October 16 message to the Lightning-dev mailing list. He said the vulnerability “immediately exposed” Lightning Network users to security risks which could cost them funds sent over the network.
Although Riard’s warnings cast a dark cloud over the Lightning Network’s promise to scale Bitcoin to the masses, not all developers share his view.
Ben Carman, a Bitcoin developer and co-founder of Lightning Network wallet Mutiny, told DL News that he doesn’t think “it’s a big deal” because “it’s pretty expensive and complicated to pull off.”
And the vulnerability “will be fixable,” Carman said.
Discussions on the Lightning-dev mailing list are ongoing and Riard stated he will “wait until the week of October 30th to discuss further what is the best fix.”
Making Bitcoin cheaper and faster through the Lightning Network
The Lightning Network is a second network built on top of Bitcoin designed to speed up transactions and reduce costs. It does this by letting users open direct, off-chain channels with each other to send and receive Bitcoin without waiting for transactions to process on the main Bitcoin network.
“This new class of replacement cycling attacks puts Lightning in a very perilous position,” Riard said in a follow up message on October 20.
He shared his view that fixing the vulnerability would require changes to the underlying Bitcoin network, such as changing the way Bitcoin’s mempool — a kind of waiting room for unprocessed transactions — remembers previous transactions.
However, Riard said, due to the Bitcoin network’s decentralised architecture and commitment to transparency among its developers, implementing such fixes could be difficult.
“There might be a lesson in terms of Bitcoin protocol deployment, we might have to get them right at first try,” Riard said. “[There’s] little second chance to fix them in flight.”
Replacement cycling attack vulnerability
The replacement cycling attack vulnerability works due to a timing mismatch between Bitcoin and the Lightning layer built on top of it.
An important mechanism of Lightning transactions is the timelock, where a sender can retrieve their funds after a fixed amount of time in the event the recipient is unresponsive.
There’s also a delay when sending transactions on the underlying Bitcoin network, too.
Users can replace previously submitted transactions in the Bitcoin mempool with new ones with a higher fee. Transactions with higher fees are usually processed faster because they are more profitable for miners to include in blocks.
Riard discovered that two malicious actors can collude together to take advantage of the Lightning Network’s timelocks and the way Bitcoin’s mempool works to steal funds from users sending payments via the Lightning Network.
Malicious actors could repeatedly broadcast transactions with slightly higher fees to jam the victim’s timeout transaction and freeze their funds. When repeated long enough, the malicious actors can settle the transaction via their timeout path and steal the victim’s Bitcoin.
Multiple Bitcoin developers told DL News that due to the complex nature of the vulnerability it doesn’t pose an immediate threat to Lightning Network users.
“There’ve been a bunch of mempool related attacks on Lightning before and there will be more in the future,” Carman said.
“Lightning is for channel counterparties you trust to not to do a ton of work to build novel software to attack you,” Matt Corallo, a Bitcoin core developer and Spiral BTC team member, said in an X post. “This hasn’t changed.”
A possible fix?
A proposal put forward by Bitcoin core developer Peter Todd suggests adding a new operation code — or opcode — to Bitcoin’s Script programming language to fix the vulnerability.
An opcode is a computer code command that performs a limited, predefined function.
This new opcode would help render the attack ineffective, but requires direct changes to the main Bitcoin network through a soft fork. Like with changes to Bitcoin’s mempool, organising a soft fork may be difficult — especially if the changes could have unknown consequences.
Carman said he had seen Todd’s proposal for a new opcode and soft fork but doubted it would go anywhere.
Yet Riard continues to ring the alarm.
In another message to the Lightning-dev mailing list on October 21st, he explained that more advanced replacement cycling attacks are possible, but would require knowledge that takes “years to acquire for average Bitcoin developers and months of preparation to attempt.”
Tim Craig is DL News’ Edinburgh-based DeFi correspondent. Reach out to him with tips at firstname.lastname@example.org.