Details of Lightning Network security vulnerability discovered in September have been released
September 27, 2019, 1:13PM EDT
1 min read
Full details of the security vulnerability found on Bitcoin's Lightning Network late last month have been published on Friday by software developer Rusty Russel.
According to the disclosure, the vulnerability was in the process of creating and funding a Lightning Network channel. When a channel is created, the receiver of the channel was not required to verify the amount of the funding transaction output or the scriptpubkey, a script that ensures certain conditions are satisfied before an output is spent.
Because the Lightning Network protocol does not require this verification, an attacker "can claim to open a channel but either not pay to the peer, or not pay the full amount," the disclosure states. This enables an attacker to spend the funds in a channel created with a victim, without alerting the victim. Only when a victim closes their channel with the attacker will they notice that none of the committed transactions between their channels were valid.
While Lightning Network developers have pushed updates to this vulnerability, older implementations are still affected. Users are advised to upgrade the following affected Lightning Node versions:
- LND nodes version 0.7 and below
- c-lightning nodes version 0.7 and below
- eclair nodes version 0.3 and below
Developers have also created a tool for users to check if their LND Lightning nodes were affected. In mid-September, developers warned that the vulnerability was exploited. The size of this exploit, however, was not disclosed.
Delivering on a vision for an interoperable global standard for dollar digital currency, Circle and TRON have partnered to make USD Coin (USDC) available on the TRON blockchain, which has grown to more than 56 million accounts and nearly 2.5 billion transactions since its founding just four years ago. TRON is home to a broad ecosystem for digital assets in Asia and around the world, and the TRON community can now benefit from easy access to the world's fastest-growing, regulated dollar digital currency.
The Block Research was commissioned by Algorand to create Layer-1 Platforms: A Framework for comparison, which provides a “look under the hood” at seven platforms: Algorand, Avalanche, Binance Smart Chain, Cosmos, Ethereum/Ethereum 2.0, Polkadot, and Solana.
We assess their technical design, related ecosystem data, and qualitative factors such as key ecosystem members to get an understanding of how they differ. Having done this analysis, we draw some insights for what the future of the broader smart contract landscape could look like for years to come.
LMAX Group robust technology and familiar institutional grade trading infrastructure (currently processing over 2 billion orders per day in the global FX market) is the solid backbone of LMAX Digital, delivering access to deep institutional liquidity, transparent price discovery, a regulated trading environment and a full custodian trading solution.