pull down to refresh
130 sats \ 4 replies \ @theariard OP 14 Nov 2023 \ parent \ on: Taking a sabbatical from Bitcoin FOSS meta
I don’t need a node public IP to launch a channel jamming of your node, as long as you’re announcing your local topology to the rest of the network.
Feel free to share your Lightning node pubkey. My pleasure to do a public demonstration of the fixes “robustness” at your own expenses. As a note, I suggested most of the fixes implemented by LN open-source maintainers.
Lessons of human sciences, conflict is not necessarily a negative situation as it’s an opportunity for newer norms, ideas and solutions to emerge.
Why don't you just release channel jamming code? If it's a real exploit, people should be experimenting with it openly.
reply
First reason, I don’t know who you are, I have no public track records available on your intentions and what you would do with such offensive toolchain.
Second reason, I’m not your bitch and I don’t owe you this code.
As a side-note, other lightning researchers have already done demonstration of channel jamming: https://bitcoinmagazine.com/technical/good-griefing-a-lingering-vulnerability-on-lightning-network-that-still-needs-fixing
On replacement cycling attacks, I’m still looking for volunteers, you’re free to share me your lightning node pubkey, though I would need a social proof or fingerprint this is really your node and you’re fully consenting to your funds being powned as a bug bounty.
I’m sure the community will thank you for your financial contribution to the advance of Bitcoin research.
reply
First reason, I don’t know who you are, I have no public track records available on your intentions and what you would do with such offensive toolchain.
The fastest ways to get issues fixed is demonstrations. Same as the rest of the security industry has learned. And it may make for better fixes as more people can experiment with the issues and find ways to improve on the attacks.
reply
As is posted on the mailing list at time of disclosure, I’ve been looking for someone among other lightning devs run and play the “defensive” side in replacement cycling attacks, in a traditional “blue / red” fashion. No one has raised the hand.
You’re still free to publish your mainet lightning node pubkey and give me your private consent for demonstration / experimentation. Beyond, I did test replacement cycling attacks locally and it was working well.
We did test some lightning attacks in the past in a real-world setup, though I think you’re missing point than you have so much known attacks affecting lightning that senior protocol devs don’t have time to test, experiment, research and fix them anymore. And as such, jeopardizing their end-users bitcoin financial interests.
reply