In the past week, the discovery of a major security vulnerability affecting the Bitcoin Lightning Network has contributed to a slew of negative publicity and threatened to upend users’ trust in the platform.
Thankfully, Lightning Network stakeholders have moved quickly to minimize the risks of a so-called “cycling replacement attack.” But current mitigating measures only attend to basic versions of the attack. And now the cat’s out of the bag, a more long-term solution is needed.
The term cycling replacement attack was coined by Lightning Developer Antoine Riard, who published a paper on the vulnerability last Monday, October 16.
Riard’s discovery relates to the Lightning Network’s Hashed Timelock Contracts (HTLCs), a kind of security contract that is created by each Lightning transaction, protecting payment channels from being duped without having to verify each transaction on the Bitcoin mainnet.
For a receiving address to release a Lightning payment from the contract, they need to create a secret code known as a preimage. If they don’t do so within a given timeframe, the sender can reclaim the funds.
When sending Bitcoin via the Lightning Network, however, payments don’t always move from A to B. Rather, funds can move through multiple nodes on their journey, hopping from A to B via C, for example.
In essence, a cycling replacement attack would intentionally jam the network, taking advantage of HTLCs’ timeout function to steal funds from middle-hop nodes engaged in contracts with sending and receiving addresses. That is to say, the attack would allow A to redeem its funds after C has already created the redemption clause needed to fulfill its contract with B, which would then be able to steal the value of the transaction from C.
After he initially publicized the existence of the Lightning Network’s HTLC vulnerability, on Friday, October 20, Riard said it puts the technology in “a very perilous position.”
Although he acknowledged mitigations employed after the discovery of the vulnerability “are worth something in [the] face of simple attacks,” he added that more advanced attacks could still pose a major threat.
Nevertheless, on Saturday, after media widely reported the vulnerability, Riard expanded on his position, arguing that very few actors would be able to pull off such an attack.
“More advanced attacks can only be mounted if you have sufficient p2p and mempool knowledge,” he stated, adding that it could “years to acquire for average Bitcoin developers.”
Looking ahead, Riard noted that changes to Bitcoin’s security architecture might be necessary to fully remove the risks posed to the Lightning Network.
However, building the consensus necessary for such upgrades is notoriously difficult. As Riard acknowledged, “those types of changes are the ones necessitating the utmost transparency and buy-in of the community as a whole.”