New Bitcoin Lightning Network Error: Unwritten Payment Routing
Bitcoin developers are discussing a new Lightning Network bug that could cause payment routing errors without attribution. This bug can cause Lightning Network payments to fail without the parties involved knowing why.
Unlike base layer Bitcoin where thousands of node operators validate transactions, Lightning payments can involve as few as two people. Users purposefully sacrifice the security of Bitcoin’s blockchain in exchange for faster speeds and cheaper fees.
Within the Lightning Network, payments can fail if something goes wrong with any step in various multi-signature processes. For example, the end recipient may refuse to release a preview image confirming they received the payment, or a Lightning Network node may go offline.
An unattributed payment routing error means that users wouldn’t even know what went wrong. Either an error message was destroyed on the way back to the sender, or they never received a message. They can keep trying to use a faulty node without even realizing there is a problem.
If users receive a notification about what went wrong, they can try again after making a few adjustments, such as switching to a different Lightning Network node.
Possible solutions for the payment routing error
Developer Joost Jager anticipated this problem and proposed a solution in 2019. He noticed that a payment channel could take a long time to confirm that the transaction went through. He recommended adding two timestamps to the messages that nodes send back to the transaction’s sender. One timestamp will represent the time the node received the transaction and the other timestamp when the node forwarded the transaction to the next stop. Both timestamps would give senders an idea of which channels are slow to forward transactions and avoid these channels in the future.
On October 19, 2022, Jager released an updated version of the payment routing bug fix that would improve error messages so they wouldn’t look like gibberish to a sender. The improved messages will allow senders to identify the exact node that caused their transaction to fail, allowing them to exclude it from future transactions.
Rusty Russell proposed an alternative: Each routing node would be paid once even when a transaction fails. Dispatchers could tell which routing node was failed by compare the number of satoshis sent with the number of satoshis they received back. This satoshi counting technique would work even if an error message was broken. (Note: One satoshi equals one hundred millionth of a bitcoin.)
LND implementations of Lightning Network plagued with errors
On November 1, 2022, Lightning Labs released an emergency update to fix a bug that caused LND nodes to fail to parse transactions that needed a lot of witness input. Nodes that do not update may fail to prevent malicious channel closure when time locks expire.
A developer known as “Burak” triggered the error with a transaction which contains the message “you want to run CLN [Core Lightning] and you will be happy.”
Burak triggered a similar bug on October 9, 2022, when the anonymous developer sent a 998-of-999 tapscript multisig transaction. This type of transaction would have required 998 private key signatures to authenticate, making it difficult to complete. He boasted to do so for a fee of $4.90.
Read more: Bug freezes bitcoin inside Lightning Network for hours
Twitter user Stadicus called the attacks a “savage takedown” and suggested starting a bug bounty program.
A hacker named Anthony Towns claimed he tried to warn Lightning Network developers about the flaw, but says the btcd repo seems to lack a mechanism to report security flaws.
Two Lightning Network developers proposed possible solutions to the problem of payment routing errors. By improving the messages, Joost Jager’s proposal would make it easier to find out where the problem originated. Russell’s proposal would costs senders a few more satoshis, but makes it possible to track down the problem even if a message does not return to the sender. Meanwhile, developers are fixing bugs that could cause LND nodes to fail in the first place.
For more informed news, follow us further Twitter and Google News or listen to our investigative podcast Newly created: Blockchain City.
