Lightning Labs team will disclose details of the vulnerability on October 20. All node operators are encouraged to update their software to the latest version.
The Lightning Labs team discovered a previously unknown vulnerability in the Lightning Network (LN). The head of the crypto engineering department of the startup Conner Fromknecht published a post in which he recommended that all node operators update their software to version 0.11.0 as soon as possible.
Partial LND Vulnerability Disclosure, Update to 0.11.x
Full disclosure will be published on October 20th 2020.https://t.co/1vnXLDME7G
— Conner Fromknecht (@bitconner) October 9, 2020
According to Fromknecht, the vulnerability is contained in LND clients of versions 0.10.x and earlier. The specialist promised that Lightning Labs will disclose details of the vulnerability on October 20. He also stressed that his team found no evidence that the exploit was used in a real-world environment.
“Full disclosure will be published on October 20th 2020,” Fromknecht writes.
The Lightning Network is the 2 layer protocol that allows smart -contracts to be used to provide higher bandwidth to the blockchain network. Since LN is deployed on top of the main blockchain, the network retains the characteristics of a peer-to-peer system.
The main idea of LN is to keep funds off the blockchain. This allows users to make transactions using the minimum resources of the main network. At the same time, they always have the opportunity to return assets to the blockchain.
At the end of last month, independent developer Joost Jager discovered a vulnerability that could compromise Wumbo channels designed to carry large transactions. Wumbo’s technical solution was presented to the community in August. The development expands the limits for transferring funds through LN channels, which simplifies large transactions and reduces commissions for opening and maintaining new channels.
Jager discovered that thanks to the technical features of the Wumbo, the communication channel opened with its help could be disabled for two weeks. To do this, it is enough to exceed the limit of HLTC-contracts stored in the channel (hash time lock contract), which is limited at 483 units.