On 9th October, 2020, a developer of Lightning, Conner Fromknecht published a disclosure to the projects’ mailing lists. In the disclosure, he has advised various node operators because a vulnerability had been detected by the Lightning developers in Bitcoin Lightning Network’s node software. As of now, there is no update about the seriousness of this vulnerability and the disclosure has not revealed how this vulnerability could be exploited. Nonetheless, the report did indicate that it hasn’t been used as yet for any purpose. Luckily, there are a number of Lightning node operators who are already safe because in late August, the Version 0.11 was released of the Lightning Network software and this fixed the bug in the system.
Nevertheless, the vulnerability that was discovered by the developers was such that they had to cut down the disclosure process in order to protect the entire network as a whole. The post also said that they will give a complete disclosure of the bug on 20th October, 2020. The developers also said that they hoped all node operators would have already updated their software by then. Apart from this, Lightning Labs also made it clear that they were planning to launch a comprehensive and new bug bounty program in the near future.
Under this program, prospective security specialists will be given rewards if they will be able to find any bugs in the Lightning Network in the future in order to keep it as safe as possible. The Lightning Network is basically a Layer 2 payment protocol that operates on top of Bitcoin. Even though it is still under development, it still allows the network to enable faster and cheaper transactions as a whole. This particular vulnerability is the second one that has been discovered in the node software of this Lightning network and this could be concerning.
It was just last year that a Bitcoin developer by the name of Rusty Russel had discovered a separate vulnerability that allowed cybercriminals to steal funds of the users by sending them invalid transactions. It had been decided by Lightning Labs that they wouldn’t disclose the number of people who had become victim to this particular vulnerability, but they had confirmed that this had been exploited by hackers quite a lot. In both of the vulnerability cases that have been highlighted, an important thing to note is that they occurred because of programming oversights.
But, the good thing is that both of these vulnerabilities were short-lived because the oversights were fixed quickly. There is not a fundamental designing flaw that has been found in the Lightning network and this is undoubtedly a good thing. There is no doubt that the Lightning Network is rightfully being hailed as a very promising way of speeding up transactions and also reducing transaction fees within the Bitcoin network. The Lightning Network has already been adopted by major players within the crypto industry, such as Bitfinex and CoinGate, and they have not had any major issues. Overall, the network appears to be quite robust and there are only a few problems in the outside layer.