Conversation Details

📝 Summary: LNbits discovered an exploit allowing attackers to create fake balances by manipulating invoices. They have patched the issue and urge users to update their software. Suggestions were made to support self-payment of invoices, which would benefit custodial Lightning service providers. Lnd supports self-payment of invoices through its API.

👥 Authors: • Rusty Russell ( <a itemprop="url" href="/npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpx" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1">Rusty Russell [ARCHIVE] (npub1zw7…khpx)</a> ) • fiatjaf ( <a itemprop="url" href="/npub1v2xa40strmvauf2gr5gjj5c3yqlytar7p3v64nfg0ke6e0vkvvkqxpmakl" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1">fiatjaf [ARCHIVE] (npub1v2x…makl)</a> ) • Olaoluwa Osuntokun ( <a itemprop="url" href="/npub19helcfnqgk2jrwzjex2aflq6jwfc8zd9uzzkwlgwhve7lykv23mq5zkvn4" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1">Olaoluwa Osuntokun [ARCHIVE] (npub19he…kvn4)</a> ) • Martin Habovštiak ( <a itemprop="url" href="/npub186h7xm74e8dqvz64kzhx8aq3j47lwf3emlxl7w8j0d0thrth65vs9y2s83" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1">Martin Habovštiak [ARCHIVE] (npub186h…2s83)</a> ) • David A. Harding ( <a itemprop="url" href="/npub16dt55fpq3a8r6zpphd9xngxr46zzqs75gna9cj5vf8pknyv2d7equx4wrd" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1">David A. Harding [ARCHIVE] (npub16dt…4wrd)</a> ) • callebtc ( <a itemprop="url" href="/npub1wlhtt0d2g4yu7plwqq4rnwfrda8du7xlvs8v57c32u0wear0v8tq6h90xk" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1">callebtc [ARCHIVE] (npub1wlh…90xk)</a> )

📅 Messages Date Range: 2023-07-06 to 2023-07-16

✉️ Message Count: 7

📚 Total Characters in Messages: 16138

Messages Summaries

✉️ Message by Rusty Russell on 06/07/2023: LNbits discovered an exploit that allowed attackers to create fake balances by manipulating invoices, urging users to update their software.

✉️ Message by callebtc on 06/07/2023: LNbits discovered an exploit in their system that allowed attackers to create fake balances by manipulating invoices. They have patched the issue and urge users to update their software.

✉️ Message by David A. Harding on 12/07/2023: LNBits discovered an exploit allowing attackers to create balances by abusing a quirk in how invoices are handled. A suggestion was made to support self-payment of invoices.

✉️ Message by fiatjaf on 13/07/2023: The author suggests asking developers of Lightning Network node implementations to support self-payment of invoices, which is currently not possible but would be a valuable feature for custodial Lightning service providers.

✉️ Message by Martin Habovštiak on 15/07/2023: The author suggests that implementing self-payment of invoices in Lightning node implementations would be beneficial for testing and custodial service providers.

✉️ Message by Olaoluwa Osuntokun on 16/07/2023: Lnd supports paying invoices it generates by setting the allow_self_payment field. This can be done through the API provided.

✉️ Message by Martin Habovštiak on 16/07/2023: The user is testing LND <-> app integration and wants a flag to enable self-payment without going through the network.

Follow <a itemprop="url" href="/npub1j3t00t9hv042ktszhk8xpnchma60x5kz4etemnslrhf9e9wavywqf94gll" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1">Lightning Mailing List (npub1j3t…4gll)</a> for full threads