Bug took down part of Lightning Network – Bitcoin Magazine
Below is a direct excerpt from Marty’s Bent Issue #1278: “Another LND/btcd error pops up.” Sign up for the newsletter here.
For the second time in less than a month, btcd (an alternative implementation of Bitcoin) and by extension LND (one of the Lightning implementations) became incompatible with the rest of the Bitcoin network due to the interference of a developer named Burak.
On the 9th of October, Burak completed a 998-0f-999 tapscript multisig transaction that btcd recognized as invalid while Bitcoin Core and other implementations (correctly) recognized it as valid. Since LND’s implementation of the Lightning Network depends on btcd, it became incompatible with the rest of the Lightning Network, therefore disrupting the ability of all users to trade safely. Not ideal.
Fast forward to yesterday and Burak was back again to disrupt btcd and LND with the type of transaction you see above: a P2TR (pay-to-taroot) spend containing N OP_SUCCESSx with 500,001 pushes, exceeding the limit hardcoded into btcd. While 998-of-999 the tapscript multisig transaction appeared to be an honest mistake, yesterday’s transaction was blatantly exploitative in nature by Burak.
Something to note about this OP_SUCCESSx transaction is that it will not normally be included in a block. However, it appears that Burak bribed miners by placing a particularly high fee on this transaction that F2Pool could not resist.
This situation has surfaced a lot of debate in the last two days. Was it wrong for Burak to exploit this flaw in nature on the mainnet? Should he have properly disclosed the vulnerability to btcd and LND privately so they could patch the code before the bug was exploited in the wild? Should LND be dependent on btcd, which is an alternative implementation of Bitcoin that doesn’t get nearly as much attention and review as Bitcoin Core receives?
Your Uncle Marty certainly doesn’t have the right answers to all of these questions, but it’s important for you freaks to be aware of this, so I thought I’d bring it to your attention.
This is the nature of open source distributed systems. There may be many vulnerabilities lurking out there, and there is no clear way to deal with the problems. Many will favor responsible disclosure in private, while others will favor overt acts of resistance that force the issue forward. This is one of the trade-offs you make when you decide to join a free market money network.