Pages:
Author

Topic: [2019-09-29] A Dangerous Bug in Bitcoin’s Lightning Network Has Been Fixed - page 2. (Read 358 times)

legendary
Activity: 1526
Merit: 1179
Agreed because nothing happened. However, there was a dangerous bug that would have been exploited. What would the news be if someone exploited the bug?
He didn't say that nothing has happened. In fact, there have been reports of losses that I read about on Twitter. It's probably so deeply buried that crypto news outlets are too stupid to find them.

I already know their headlines.... LN is not secure and therefore Bitcoin isn't secure either. I'm sure they will exaggerate by a factor ten just to make people click on their articles and generate a few pennies.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
In any case, are the receivers of channels not required to verify the amount of the funding transactions?

If you're connecting to peers running old versions of lnd, then yes.

Agreed because nothing happened. However, there was a dangerous bug that would have been exploited. What would the news be if someone exploited the bug?

I suppose there would be nasty sounding headlines for a few days and then everyone would move on? People working on Lightning have repeated ad nauseam, "don't put funds on LN that you can't afford to lose."

Now there is a pull request to the specification to add the requirement. Bottom line, we'll have a more robust specification now. This is what beta testing is all about.
hero member
Activity: 3094
Merit: 929
However, I shake my head on how the Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money.

LN has never been secure. For example, you're forced to pick between run a full node (expensive), use watchtower (privacy loss) or custodial wallet to make sure another party won't cheat you by broadcast earlier state of channel.

There's no reason for drama.At the end of the day,nobody is obligated to use Lightning Network.Everyone should use LN at their own risk.Nothing is 100% safe and secure in the digital world.The good thing is that LN has an active team of developers,that handles such issues.
legendary
Activity: 3010
Merit: 1460
However, I shake my head on how the Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money.

if you think that's right, you obviously don't understand what happened


and if it's that easy to fool yourself into thinking something that's not true, it would be really easy for you to get tricked by other people.


Wise up

Agreed because nothing happened. However, there was a dangerous bug that would have been exploited. What would the news be if someone exploited the bug?

In any case, are the receivers of channels not required to verify the amount of the funding transactions?
legendary
Activity: 1526
Merit: 1179
I never saw any Lightning enthusiasts telling other people to start using Lightning for real transactions right now.
It depends on how you explain it to people. Using a third party LN works extremely well, which I have been for a while. I only top up my balance once or twice a month with $25-$50 at most, which is enough to start with.

I know the risks of what I am doing because I did my research, and whenever I explain people how it works, I'll be sure to point out the risks so that they understand what they are getting themselves into.

Most of this LN nonsense comes from the Bcash, Dash, BSV, XRP camps. It by no means is secure in any way, but it's perfectly usable if you understand what the risks are. If it was total garbage there wouldn't be 800BTC tied up in liquidity.
legendary
Activity: 3514
Merit: 1963
Leading Crypto Sports Betting & Casino Platform
Well, could it be that they delayed telling the public until they fixed the bug.  Wink  How helpful would it have been to tell everyone and expose them to the exploit and only then start working on the solution.  Roll Eyes

Nobody can realistically expect any new technology to be without bugs, even if it was tested thoroughly in it's beta testing phase. The Lightning Network still have some minor issues and it is still a work in progress, so let's just ignore all the fud that are being spread about it.  Angry

Nobody said it was perfect.
legendary
Activity: 3024
Merit: 2148

Do not listen to people who are encouraging everyone to be reckless.

I never saw any Lightning enthusiasts telling other people to start using Lightning for real transactions right now. "Reckless" is just a meme from Twitter, don't take it too seriously. Developers of the Lightning protocol and Lightning clients always warn users that the software is still in beta stage.
legendary
Activity: 2170
Merit: 1427
However, I shake my head on how the Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money.

Do not listen to people who are encouraging everyone to be reckless.

I don't see what the actual problem is? Lightning in no shape or form has been said to be totally secure at this stage, hence the reason it is continuously stressed that you only use small amounts when you experiment with it.

What you do is blame beta code for containing bugs. Let me tell you, every critical bug that is discovered at this stage, is going to make the network exponentially more secure in the long run. This is the time these bugs should be discovered and fixed, so don't be surprised if we get to see more bugs be exposed in the forthcoming months, because the more use the network experiences, the more likely it is for people to spot them.
legendary
Activity: 3430
Merit: 3080
However, I shake my head on how the Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money.

if you think that's right, you obviously don't understand what happened


and if it's that easy to fool yourself into thinking something that's not true, it would be really easy for you to get tricked by other people.


Wise up
legendary
Activity: 3010
Merit: 1460
However, I shake my head on how the Lightning network can quickly transform bitcoin as secure money into bitcoin, the unsafe money.

Do not listen to people who are encouraging everyone to be reckless.



A popular payments network running atop the bitcoin blockchain suffered from a long-standing code vulnerability – one where attackers could drain users’ of their money.

While initially flagged to the public on Aug. 30 by bitcoin developer Rusty Russell, the full disclosure detailing how this vulnerability could be exploited by an attacker was released Friday.

“An attacker can claim to open a [lighting payments] channel but either not pay to the peer, or not pay the full amount,” Russell wrote in the full disclosure.

Without the proper checks, an attacker could pretend to open a new payments channel and send fake transactions. Being duped, an honest user could then send back real money to the attacker not knowing the previous transactions had been completely artificial. It’s unclear how many users fell victim to such attacks.

Lightning developers, he added, did not want to risk revealing the vulnerability until absolutely sure no users were at risk.

“There are always problems. Even on the bitcoin protocol, there have been bugs,” Padiou said, adding:

"There will always be bugs. What matters the most is how to handle this in the best way to protect users."


Read in full https://www.coindesk.com/a-dangerous-bug-in-bitcoins-lightning-network-has-been-fixed

Full disclosure https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html
Pages:
Jump to: