🏷️ Categories: Lightning-dev
quoting naddr1qq…s9n5📝 Summary: LNbits found an exploit that lets attackers create balances by manipulating invoices. The attacker can use a payment hash from one payment to create a malicious invoice that tricks the system into thinking it's a different payment. Developers can prevent this by using additional checks. A patch has been released.
👥 Authors: • Antoine Riard ( <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1vjzmc45k8dgujppapp2ue20h3l9apnsntgv4c0ukncvv549q64gsz4x8dd" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Antoine Riard [ARCHIVE]</span> (<span class="italic">npub1vjz…x8dd</span>)</a></span> ) • callebtc ( <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1wlhtt0d2g4yu7plwqq4rnwfrda8du7xlvs8v57c32u0wear0v8tq6h90xk" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>callebtc [ARCHIVE]</span> (<span class="italic">npub1wlh…90xk</span>)</a></span> )
📅 Messages Date: 2023-06-19
✉️ Message Count: 2
📚 Total Characters in Messages: 6791
Messages Summaries
✉️ Message by callebtc on 19/06/2023: LNbits discovered an exploit that allows attackers to create balances out of thin air by abusing a quirk in how invoices are handled internally. The attacker can insert a bolt-11 payment hash of payment A into a different payment, creating a malicious invoice B that can trick the backend into believing that B == A. The mitigation is simple, and developers should use additional checks to ensure that the invoice details have not been messed around with. The attack requires a fundamental understanding of bolt-11 and custom tooling to produce the malicious invoice.
✉️ Message by Antoine Riard on 19/06/2023: LNbits discovered an exploit allowing attackers to create balances by abusing a quirk in how invoices are handled internally, which may affect other Lightning applications. A patch has been released.
Follow <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1j3t00t9hv042ktszhk8xpnchma60x5kz4etemnslrhf9e9wavywqf94gll" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Lightning Mailing List</span> (<span class="italic">npub1j3t…4gll</span>)</a></span> for full threads
⚠️ Heads up! We've now started linking to replaceable long-form events (NIP-23), which allow for dynamic display of thread details like summaries, authors, and more. If you're unable to see this, your client may not support this feature yet.