In less than a month, the Lightning team had to fix two critical bugs.
Bitcoin Lightning Network, Bitcoin blockchain’s second layer allowing off-chain transactions, has recently launched an emergency update.
According to the report shared by Lightning Labs infrastructure engineer Oliver Gugger, the update was issued to fix a bug that caused LND nodes to fall out of the sync chain.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer videos every week!
Moreover, the report noted that LND nodes faced an error due to an issue with the btcd wire parsing library. The description read:
This is an emergency hot fix release to fix a bug that can cause lnd nodes to be unable to parse certain transactions that have a very large number of witness inputs. This release contains no major features and is instead just a hotfix applied on top of v0.15.3.
The bug was triggered by a developer named Burak on Twitter. On November 1st, the developer shared a link to the transaction, which demonstrated how the bug works, and left a comment stating: “you’ll run cln. And you’ll be happy.”
The update was launched about three hours after being discovered. According to Gugger, if left unattended and attacked by malicious actors, the bug could have stopped transactions from completing.
It is vital to highlight that developers using Lightning Network have two weeks to apply the update. If not updated, nodes will become vulnerable and not protected.
It is worth noting that it is the second time the Lightning team has fixed critical bugs in less than a month. On October 9th, the same developer, Burak, unveiled a similar bug on Bitcoin Lightning Network. Then, the developer created a 998-of-999 multisig transaction, which was rejected by btcd and LND nodes.
Due to this reason, the whole transaction block was rejected, making the transaction fee only $4.90. While the developer was happy with its discovery, other community members were not.
One Twitter user, dubbed Reza, replied to Burak’s tweet: “the ethical thing to do is to a vulnerability disclosure to the @lightning Labs team instead of taking down majority of the nodes in the network.”
Following multiple bugs found on Lightning Network, the community is raising questions about whether it is time for Lighting to launch its Bug Bounty program.
by Gile K. – Crypto Analyst, BitDegree
Source link