Recently Bitcoin’s Lightning Networks Developer Rusty Russel published the network’s vulnerability which he accompanied with a solution to overcome it.
As described by Russel the vulnerability was noticed while opening the funding channels, while explaining the process further the receiver usually is not required to check if the transaction is sent by a specific funder in terms of amount and the actual scriptpubkey.
What is Scriptpubkey?
Scriptpubkey describes as an output transaction script that requires specific condition to be observed for a receiver to spend their Bitcoin.
Further explaining the file:
“A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise an attacker can claim to open a channel but either not pay to the peer, or not pay the full amount. Once that transaction reaches the minimum depth, it can spend funds from the channel. The victim will only notice when it tries to close the channel and none of the commitment or mutual close transactions it has are valid.”
So a possible solution for the vulnerability as proposed by Russel it that as soon the funding transaction is seen peers must check for the outpoint as described in funding_created in the funding transaction output with the amount described in open channel source.
The file mentioned above also warns that the current c-lightning versions 0.7.1 and above are able to follow up and perform the above mentioned process, thus urging its users to upgrade the older version of their Lightning nodes to the latest one.
On the 10th of September the CTO of lightning network (LN) focused on the start-up and advised them to update there lightning version as soon as possible to as to overcome the vulnerability and instances of fund loss .
Due to this on 26th of September the number of Bitcoin’s Lightning Nodes (LN) reached 10,000 for the first time.