According to Decrypt, Bitcoin Core contributor, Blockstream co-founder Matt Corallo and the payment team Square’s crypto team have discovered a potential Bitcoin Lightning network vulnerability. When reviewing a new aspect of the lightning network transaction mechanism, Corallo accidentally discovered this vulnerability, which theoretically allows users to withdraw funds held in Hash Time-Locked Contract (HTLC). HTLC is essentially a smart contract that requires payment recipients to confirm transactions by generating encrypted evidence of payment, or to give up the ability to require full payment. If the payment is not confirmed, the sender can request a refund. The vulnerability allows the recipient to refuse the sender to receive this refund. Corallo submitted several fixes, but none of them were particularly easy or “normal”. But he pointed out that this is not a pressing issue because it is not practical to exploit the loophole. Nonetheless, considering that only one-tenth of Lightning Network nodes hold 80% of their Bitcoins, this use may cause more problems than originally thought.
Please follow and like us: