🏷️ Categories: Lightning-dev
quoting naddr1qq…vxgc📝 Summary: LNbits, a Lightning Network service, found an exploit that enabled attackers to create fake balances by manipulating invoices. They have fixed the issue and advised users to update their software. Additionally, a suggestion was made to support self-payment of invoices, which would benefit custodial Lightning service providers.
👥 Authors: • callebtc ( callebtc [ARCHIVE] (npub1wlh…90xk) ) • fiatjaf ( fiatjaf [ARCHIVE] (npub1v2x…makl) ) • David A. Harding ( David A. Harding [ARCHIVE] (npub16dt…4wrd) ) • Rusty Russell ( Rusty Russell [ARCHIVE] (npub1zw7…khpx) )
📅 Messages Date Range: 2023-07-06 to 2023-07-13
✉️ Message Count: 4
📚 Total Characters in Messages: 10478
Messages Summaries
✉️ Message by Rusty Russell on 06/07/2023: LNbits discovered an exploit that allowed attackers to create fake balances by manipulating invoices, urging users to update their software.
✉️ Message by callebtc on 06/07/2023: LNbits discovered an exploit in their system that allowed attackers to create fake balances by manipulating invoices. They have patched the issue and urge users to update their software.
✉️ Message by David A. Harding on 12/07/2023: LNBits discovered an exploit allowing attackers to create balances by abusing a quirk in how invoices are handled. A suggestion was made to support self-payment of invoices.
✉️ Message by fiatjaf on 13/07/2023: The author suggests asking developers of Lightning Network node implementations to support self-payment of invoices, which is currently not possible but would be a valuable feature for custodial Lightning service providers.
Follow Lightning Mailing List (npub1j3t…4gll) for full threads
⚠️ Heads up! We've now started linking to replaceable long-form events (NIP-23), which allow for dynamic display of thread details like summaries, authors, and more. If you're unable to see this, your client may not support this feature yet.