Lightning Network ‘Penalty Scenario’ Works in Old State Channel Incident
Hackers have been repeatedly probing Lightning Network (LN) via various attack vectors. The latest example of the network’s “penalty scenario,” though, came from a user who accidentally broadcast an old, invalid state channel.
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
‘The Penalty Scenario’
LApps developer Alex Bosworth has been in the trenches of the Lightning Network, seeing firsthand many of milestones of the early network. The good, the bad, and the ugly, as it were.
As for the ugly, Bosworth just highlighted what he thought was a hacker experiencing the so-called “penalty scenario,” i.e. losing funds in an attempt to broadcast an old, invalid state.
Lightning DOSers seem organized and motivated, developing specialized software to attack the Beta LND nodes. Node hardening is in progress! We're getting a good opportunity to develop robust p2p deployment strategies. @juscamarena just saw a live test of the penalty scenario. pic.twitter.com/C0ARD1wj5b
— Alex Bosworth ☇ (@alexbosworth) March 26, 2018
But it wasn’t quite so ugly. That’s because Redditors-in-the-know are saying no hack occurred, but rather a user with a corrupted channel database was penalized for broadcasting old states.
As u/chrisrico explained:
“FYI this wasn’t a hacker, but a user on the LND slack who had a corrupted channel database, restored an old backup, then closed his channels. Because the backup was out of date, his node broadcast old channel states and his channel partners’ nodes detected this as fraud and published the penalty transactions.”
So no hacker was apparently involved, though the responsible user did lose the 0.00299095 BTC they had originally deposited into the channel for their starter balance.
— Justin Camarena ⚡️ (@juscamarena) March 26, 2018
Redditor u/vegarde claims they were participating in an affected channel and have since refunded most of the “penalized” bitcoin:
“It’s a successful test of the anti-cheat mechanisms. Now, I was one of those he ‘cheated,’ and I gave him back the money — at least the bulk of it, would have taken a bit more effort than was worth it to find out the remaining few k satoshi I had routed to him.
Right now, there is no good backup mechanisms – which is why developers still warn against putting more money in channels than you’re prepared to lose, worst case. Biggest risk now is still your own operating errors, as shown in this case.”
On Twitter, comments exploded about the success of the “penalty scenario.” Some called the defense “game theory play[ing] out in real life,” while others said the episode was a “great way to field test beta and harden LN from real attacks.”
Detractors Aren’t Convinced
While supporters are saying the “penalty scenario” worked, Redditor detractors on r/btc suggested that the episode rather betrayed that LN is catastrophically flawed.
Many, like u/t9b, suggested that LN supporters are in denial:
“That is completely bizarre. It’s like they think it’s teething troubles when in fact it is a fatal flaw. I bet DoS could bring the network to its knees very quickly — it doesn’t matter how many nodes you have, you just need to have those nodes lie about the state.”
It’s an argumentative line that’s here to stay as long as the bitcoin scaling wars are still raging. And, speaking of DoS attacks …
DDoSers Recently Brought Down 200 LN Nodes
Attackers gonna attack, though, and they’ve been doing just that against the Lightning Network in recent weeks. The most recent high-profile example of this reality came earlier last week, when over 20 percent of the nodes on the fledgling Lightning Network were brought offline from a Distributed Denial of Service attack.
As the attack progressed, LN nodes dropped from over 1,000 to below 870.
It’s clear Lightning has it’s enemies, then. And these enemies are undoubtedly going to keep probing the premature second-layer scaling project.
What’s your take? Do you think LN has a target on its back? Sound off in the comments below.
Images via Lifewire, netralnews