pull down to refresh

Yeah, came here to post about this, was hoping to read from others (especially those folks here wiser than myself on these issues; those who have more familiarity with the design/function of lightning infrastructure) what their thoughts were on this claimed vulnerability. I have to do some more reading into this first to determine how worried to be, anyone have any context to share here?
reply
We had some discussion on that here (although less than it deserves): #288995
We also had some more here (@theariard also jumps in): #285407
... It's odd bitcoin magazine has been silent on it. It could really use a rigorous mass market summary.
reply
I wonder if Bitcoin magazine was trying to figure out what the story actually was for themselves? The issue definitely wasn't explained well.
reply
That's probably what it is. Shinobi might not have a grip on it yet.
I'm probably being paranoid but I'm a little afraid we have so many vested interests in the space now we aren't going to be as forthcoming with bad news as we could be.
reply
I understand very little of this, but it's great to see brilliant minds further hardening Bitcoin against attack.
reply
deleted by author
reply
Yes. OP_Evict is a way to fix that problem, by making the HTLC preimage branch of the HTLC invalid once the timeout has been reached.
Traditionally we've been dubious about making it possible for transactions to become invalid in the future. But in the post I argue that it is acceptable if we treat them similar to coinbase outputs, preventing outputs that may expire from being spent until they're 100 blocks deep.
reply