Bitcoin Lightning Network Bug – The Worst Near Miss?

To two fingers of disaster – The Lightning Network is a second layer network solution Bitcoin. This aims to allow instant and low-cost payments on Bitcoin. However, the network could have found itself in the heart of the turmoil after a bug slipped into the code following theenable Tapscript.

Tapscript: opening up to a new type of multisig

It’s been almost a year since Taproot has been activated on the Bitcoin network. Indeed, the update was deployed at the beginning of November 2021, via a soft fork.

This update allowed the deployment of three components:

  • Taproot ;
  • Tapscript (which is closely related to Taproot);
  • The signatures of Schnorr.

Without going into the details of these three components, they aim to reduce the size of transactions, improve confidentiality and develop Script, the language for creating spending conditions on Bitcoin.

The deployment of Tapscript also allowed toimprove so-called multi-signature transactions or multisig. As a reminder, this type of transaction requires the signature of several addresses in order to authorize the expense.

Previouslythe multi-signatures had a limit on the Bitcoin network, ranging from 15 to 20 different signers, depending on the type of script used. However, this limit could be withdrawn thanks to Tapscript. Therefore, multi-signatures are no longer limited by the Script language, but by the size of the blocks.

Lightning Network removes limit on multisig transactions

>> Looking for bold returns for your cryptos? Register on AscendEX (commercial link) <<

A critical bug on Lightning Network

On October 9, the developer, known under the pseudonym burak, wanted to test this new feature. To do this, he performed a multi-signature “998 out of 999”. In fact, to be spent, the funds require the signature of 998 addresses among the 999 defined in the conditions.

Burak announces having made a multisig 998 of 999
Burak announces having made a multisig 998 of 999 – Source: Twitter

However, as quickly raised several users, his test revealed a bug on two clients. In effect, NDLthe Lightning Network client, and btcdthe alternative Bitcoin client to Bitcoin Core, were both affected by this test.

But why ? Both implementations had failed to update part of their source code to stick to the new specifications induced by the deployment of Taproot. Both clients had indeed modified the consensus rules in correlation with Taproot. Therefore, the limit on the number of signers of a multisig has been removed.

Nevertheless, customers make a second series of checks, during the peer-to-peer communication of blocks, in order to ensure that an invalid block is not propagated. It is at this level that the limit did not have not been removed. Result: Although the client considers the block valid, it will not propagate it to the rest of the network because it detects an error at the multisig limit.

Millions of Dollars at Risk on Lightning Network

This bug could have train the loss of millions of dollars on the Lightning Network. Indeed, a malicious user could have used the verification error on the Lightning Network to his advantage.

To do this, the attacker must send a transaction similar to the one issued by Burak. Obviously, this will be blocked, because the node responsible for processing it is not able to propagate it to the network because of the verification error.

As the node finds itself stuck on this block, it is no longer able to keep up to date on the state of the network. Therefore, the attacker can submit old channel status of payment on the Lightning Network, without the other party being able to dispute the published state.

The situation was perfectly described by shinobiinvited to talk about this bug by our colleagues from Bitcoinmagazine.

“An individual, or a group of people, could very easily have opened up a large number of channels on the LN and traded all the money from those channels to their address on the Bitcoin blockchain via an ‘underwater exchange’, leaving all the channel funds on the other side, then submit a large Taproot transaction like Burak did, immediately shutting down their channels using a stale state. »

Fortunately, a patch was quickly published following the discoveries that resulted from the Burak transaction. Moreover, it would seem that the fault didn’t have not been exploited before the patch is released.

For its part, the course of Bitcoin picks up colors. Indeed, the queen cryptocurrency of the market is back above the symbolic bar of 20,000 dollars.

Will you support the Bitcoin revolution? It’s up to you to get on the crypto train! Get solid returns for your cryptocurrencies with AscendEX Earn. Join AscendEX today (commercial link).

We would love to give thanks to the author of this short article for this remarkable web content

Bitcoin Lightning Network Bug – The Worst Near Miss?

We have our social media profiles here , as well as other related pages here