The below is a direct excerpt of Marty’s Bent Issue #1278: “Another LND/btcd bug emerges.” Sign up for the newsletter here.
via GitHub
For the second time in less than a month, btcd (an alternative implementation of Bitcoin) and, by extension, LND (one of the Lightning implementations) became incompatible with the rest of the Bitcoin network due to some meddling from a developer named Burak.
On October 9, Burak completed a 998-0f-999 tapscript multisig transaction that btcd recognized as invalid while Bitcoin Core and other implementations (correctly) recognized it as valid. Since LND’s implementation of the Lightning Network depends on btcd, it became incompatible with the rest of the Lightning Network, therefore disrupting all of their users’ ability to transact safely. Not ideal.
Fast-forward to yesterday and Burak was back again to disrupt btcd and LND with the type of transaction you see above: a P2TR (pay-to-taproot) spend containing N OP_SUCCESSx with 500,001 pushes, which exceeds the limit hardcoded into btcd. While the 998-of-999 tapscript multisig transaction seemed to be an honest mistake, yesterday’s transaction was an overt exploit in the wild by Burak.
Proof Burak knew this would break LND
Something to note about this OP_SUCCESSx transaction is that it typically wouldn’t be included in a block. However, it seems that Burak bribed miners by attaching a particularly high fee to this transaction that F2Pool couldn’t resist.
This situation has surfaced a lot of debate over the last two days. Was Burak wrong to exploit this bug in the wild on mainnet? Should he have properly disclosed the vulnerability to btcd and LND in private, allowing them to patch the code before the bug was exploited in the wild? Should LND be dependent on btcd, which is an alternative implementation of Bitcoin that doesn’t get nearly as close to the amount of attention and review that Bitcoin Core receives?
Your Uncle Marty certainly doesn’t have the right answers to all of these questions, but it’s important for you freaks to be aware of this stuff so I thought I’d bring them to your attention.
This is the nature of open source distributed systems. There could be a lot of vulnerabilities lurking out there and there is no clear way to handle the problems. Many will advocate for responsible disclosures in private while others will advocate for overt adversarial actions that force the issue. This is one of the trade-offs you choose when you decide to opt into a free market monetary network.
