In June 2019, a bug was discovered in the lightning network. The bug allowed lightning bitcoins that were actually not backed by bitcoins to be spent. However, the issue has been addressed in a new development full disclosure that was released through a report on Friday.
The lightning network insists that they have resolved the issue even though security concerns still linger concerning the already greatly examined protocol. It remains to be seen if a proper release of LN is actually practicable anytime soon.
Rusty Russell discovered the bug on June 27 while checking the network. He is a developer with the lightning network. Since the bug was not autonomously flagged by malicious entities, it is not likely that significant damage was incurred. Even so, conclusive evidence indicates that some exploitation of the bug was undertaken on September 7.
A hush solution and fix were drummed up, and the issue was brought to light in August after most users had upgraded leading to September 27 when the release of the full disclosure report was undertaken.
Part of the report States “A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. Otherwise, an attacker can claim to open a channel but either not pay or not pay the full amount. Implementations did not always do this check.”
It is also noted that there were some limitations only required for partial data, which was necessary for the confirmation of the authenticity of transactions. The report continues to state that, “it did not, however, require the receiver to actually check that the transaction is the one promised by the funder: both the amount and the actual scriptpubkey.”
it would appear, as of current that all systems are back online and that the bug report did provide an opportunity to check communications and the methodologies of an upgrade across the entire lightning network ecosystem.
Even with the bug report out, skepticism still lingers as a number of users and enthusiasts of the platform are grave of the trust that is required for them to use the network anymore. A number of controversial ideas such as watchtowers have not helped folks take a shine to lightning network. This amount of skepticism can be attributed to the potential the bug issues hold for surveillance bodies like police and the government to influence and affect liquidity.
For newcomers to the lightning network, the lightning network has made a move to post an easy-to-understand illustrated video that will help remove any skepticism. In the event that lightning network should ever come out of its experimental phase, then it will be possible for the market to have a good run with it. The problem is that some people are still wondering if that day will ever come following the skepticism and the issues surrounding the lightning network.