Happy Sat-urday Stackers,
For those not subscribed to the bitcoin-dev or lightning-dev mailing lists, you might've missed that @theariard disclosed a lightning protocol vulnerability. The flaw impacts all current lightning protocol implementations, though many have added at least partial safeguards. According to @theariard, a respected lightning security researcher, without a bitcoin soft fork, the vulnerability is bound to affect all future lightning implementations.
Many protocol leaders responded on the lists. Laolu, CTO of Lightning Labs, describes it as "a rather fragile attack." Matt Corallo of Lightning Developer Kit and Bastien of Eclair, used by Phoenix wallet, mirrored Laolu's sentiment adding, "more fundamental work most likely needs to happen at the bitcoin layer to allow L2 protocols to be more robust against that class of attacks." Long time core contributors like Peter Todd have already begun proposing consensus changes to close the attack vector.
Given the attack hasn't been seen on the network yet, and all lightning implementations have countermeasures in place, the practicality of the attack is debateable. The prevailing sentiment among protocol developers however is that the attack is real and serious.
Expect a comprehensive summary in the upcoming Bitcoin Optech newsletter.
Have a great weekend!
Top Posts
  1. @Natalia schools us on traveling on a bitcoin standard.
  2. Bitcoin is for everyone but some political tribes are more resistant to bitcoin than others. @siggy47 shares his success helping his friends appreciate bitcoin.
  3. When you factor in simplicity and cost, Payjoin is the most powerful privacy protocol for bitcoin. @davidw reminds us all.
  4. Is Starlink moving the internet's backbone to the sky? In another top post, @davidw explores what we can expect.
  5. An early testnet demo of BitVM, provided by @supertestnet himself, goes live.
Don't miss
Top meta
Top Monday meme
  1. Everything Engineer #2 \ Stacker News \ Austin or Remote
Yeehaw, Keyan A guy who works on Stacker News
Watch or Listen to SN's top stories every week.
You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.
From the Bitcoin dev signup form. Idk what to call it, but don鈥檛 call it a password lol
That's from the mailman software, and dates back probably 30 years. If you don't enter a password one is made up for you.
Peter, FYI : #291420
Yea, I did see that later on!
Great job as always. Thank you!
Forgot to cross post this to nostr. Crabs!
Also forgot to include the book club!!! Arrrrggggg