Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package splitting should continue after first conflict #3537

Closed
morehouse opened this issue Jan 14, 2025 · 0 comments · Fixed by #3538
Closed

Package splitting should continue after first conflict #3537

morehouse opened this issue Jan 14, 2025 · 0 comments · Fixed by #3538

Comments

@morehouse
Copy link
Contributor

The package splitting logic in OnchainTxHandler.update_claims_view_from_matched_tx scans confirmed transactions for any spends that conflict with the current package templates. If a conflicting spend for one of the package inputs is found, it splits that input out of the package and attempts to claim the remaining package inputs in a new transaction. Unfortunately the logic to detect conflicts stops once it finds the first conflicting package, so if the counterparty confirms a transaction conflicting with two packages, we fail to split up the second package. As a result, the transaction we create and broadcast for the second package will contain an already-spent input and can never be mined.

The offending line is here:

rust-lightning/lightning/src/chain/onchaintx.rs

Line 967 in 463e432

break; //No need to iterate further, either tx is our or their

In currently released versions of LDK, this bug can be exploited to lock up a victim node's liquidity.

After #3340 the bug can be exploited to steal funds. Note that only v0.1.0-beta1 is vulnerable to the theft attack, and no official (non-beta) releases are vulnerable.

As discussed with @TheBlueMatt and @wpaulino, the bug will be fixed prior to the official v0.1.0 release.
morehouse added a commit to morehouse/rust-lightning that referenced this issue Jan 14, 2025
@morehouse
Fix package splitting logic
a1d6356 
When scanning confirmed transactions for spends that conflict with our
existing packages, we should continue scanning after detecting the first
conflicting package since a transaction can conflict with multiple
packages.

This ensures that we remove *all* inputs from our packages that have
already been spent by the counterparty so that valid claim transactions
are generated.

Fixes lightningdevkit#3537.
@morehouse morehouse mentioned this issue Jan 14, 2025
Merged
TheBlueMatt pushed a commit to TheBlueMatt/rust-lightning that referenced this issue Jan 15, 2025
@morehouse @TheBlueMatt
Fix package splitting logic
de15b0f 
When scanning confirmed transactions for spends that conflict with our
existing packages, we should continue scanning after detecting the first
conflicting package since a transaction can conflict with multiple
packages.

This ensures that we remove *all* inputs from our packages that have
already been spent by the counterparty so that valid claim transactions
are generated.

Fixes lightningdevkit#3537.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix package splitting logic morehouse/rust-lightning
1 participant
@morehouse