\n
![](\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTEvYTlkYjdlNDktZWRmMS00ZTA2LTgwZWMtY2ZhMjMwNmIwY2I4LmpwZw==.jpg\")
<\/p>\n
\n<\/p>\n
An emergency update was\u00a0released<\/a> to all of Lightning Network’s LND node operators on Nov. 1, after a critical bug caused LND nodes to fall out of sync chain. This was the second critical bug experienced by the network in less than a month.\u00a0<\/p>\n According to Lightning Labs, developer of the Bitcoin Lightning Network, some LND nodes stopped syncing due to an issue with the btcd wire parsing library. The hot fix (v.015.4) was released nearly three hours after the break. The release stated:<\/p>\n \u201cThis is an emergency hot fix release to fix a bug that can cause lnd nodes to be unable to parse certain transactions that have a very large number of witness inputs.\u201d<\/p><\/blockquote>\n As per the\u00a0issue<\/a> on GitHub, non-updated nodes will be vulnerable to malicious channel closings once channel timelocks expire in two weeks. The bug impacted only LND nodes, making the current chain state outdated, although payments transactions were still available. Some versions of electrs were also impacted, according to another\u00a0issue<\/a> on GitHub. <\/p>\n The bug was triggered by a developer dubbed Burak on Twitter, with a message in the transaction saying: \u201cyou’ll run cln. and you’ll be happy.\u201d <\/p>\n Sometimes to find the light, we must first touch the darkness.https:\/\/t.co\/dhCwF0DxpE<\/a><\/p>\n \u2014 Burak (@brqgoo) November 1, 2022<\/a><\/p><\/blockquote>\n Burak was also responsible for triggering a similar bug on Oct. 9, when they\u00a0created a 998-of-999 multisig transaction that was rejected by btcd and LND nodes, leading to the rejection of the whole block and all blocks following the transaction. On the same day, Lightning Labs released a patch to fix the issue.<\/p>\n I just did a 998-of-999 tapscript multisig, and it only cost $4.90 in transaction fees.https:\/\/t.co\/CvBHaRAqPu<\/a><\/p>\n \u2014 Burak (@brqgoo) October 9, 2022<\/a><\/p><\/blockquote>\n Related:\u00a0What is the Lightning Network in Bitcoin, and how does it work?<\/a><\/strong><\/p>\n On Twitter, users suggested that it was time for an LND bug bounty program:<\/p>\n Savage takedown of LND lightning nodes by exploiting a consensus discrepancy between Bitcoin Core and btcd with a single Bitcoin transaction.<\/p>\n Encoded message: Probably not a “responsible disclosure”. Time for an LND bug bounty program? https:\/\/t.co\/sLZQIsS4Zt<\/a> pic.twitter.com\/S8HwKXdoip<\/a><\/p>\n \u2014 Stadicus (@Stadicus3000) November 1, 2022<\/a><\/p><\/blockquote>\n Hacker Anthony Towns also\u00a0claimed<\/a> to have disclosed the vulnerability to LND developers two weeks ago, noting, \u201cThe btcd repo doesn’t seem to have a reporting policy for security bugs, so not sure if anyone else working on btcd found out about it.\u201d<\/p>\n The Lightning Network is a second layer added to Bitcoin\u2019s (BTC<\/a>) blockchain that allows off-chain transactions, i.e. transactions between parties not on the blockchain network.<\/p>\n<\/div>\n\n
\n
\n
“you’ll run cln. and you’ll be happy.”<\/p>\n