I did write a functional test on the sibling eviction PR to bake my claims actually. Branch is here: https://github.com/ariard/bitcoin/commit/04fdc0a77f70a998a433a3839c807422bc2e3bfa
And I did propose on the v3 PR before the merge to do a real-world test on the mitigations on a signet deployment. The “professional” reviewers and the maintainer did prefer to merge.
Talk is cheap, code costlier, deep security flaw in Bitcoin even more expensive.
Code is costlier, but you need consensus and that I am afraid is harder to get and only working examples with proofs will stop what you may see is political...
reply
Certainly consensus code is very costly in itself. However mishandled security failures are even more expensive on the long-term, e.g TheDAO hack and the moral hazard culture this generated in ETH.
Of course, this is always an option to go to publish a pinning toolkit and see the Lightning ecosystem jeopardized. In those matters it’s always good to have ethical self-restraint and respect a strict boundary on how much sensitive information you reveal.
reply
I think that would be a good idea. It would raise awareness into the area and force investment into research.
Without that you get these debates, which ultimately are decided by politics and ones ability to debate...
reply
I’ll go to hack a pinning toolkit, the easy pinnings it’s not that much work.
reply
Maintainer (achow in this case) should step down if PR really introduced vulnerability
reply
In my opinion, this PR is pretending to fix Lightning vulnerabilities, while in fact it lets wide area of attack surface opened.
Sadly, you have to be a cross-layer expert to understand this and I’m not even sure the v3 PR reviewers sufficiently understood what they were reviewing and I did ostensibly call to test more this change. So it sounds like pure “security theater” in my opinion.
“Gradient" solutions are rarely acceptable in network security, as you’re just increasing the re-deployment costs for any future full and sounds mitigation.
I have not seen achow commenting in public on this decision merge.
Overall, calling to have achow stepping down is disproportionate, achow is one of the most reliable maintainers in my experience. However, having achow explaining more this merging decision in the present case would be very welcome.
reply