Is the Lightning Network sufficiently secure and well tested for wumbo channels?

Has the Lightning Network reached a level of security and maturity where I can open wumbo channels (channels over the previous 0.1677 BTC limit) and be reasonably confident that I won't lose funds or have my funds locked up for long periods?

Answers 1

  • Lightning is great but one can't say it is battle-tested. If script kids would be interested, they could take down those shiny new 5 BTC wumbo channels with negligible cost and no effort at all.

    The underlying issue is that a channel cannot hold more than 483 HTLCs at a time, regardless of the channel capacity. Sending 483 micro-payments to yourself and holding on to the HTLCs is enough to incapacitate a channel for up to two weeks.

    By utilizing the max route length to add loops, each payment can consume up to 9 HTLC slots on the target channel. If the script kid is lucky, they only need to send 54 payments to get it done. A single tiny channel takes double-digit amounts of Bitcoin out of business.

    Below is me locking up approximately 5,800,000 satoshis with a refundable 18 satoshi payment looping five times through three mainnet channels owned by Bitfinex and OpenNode. For basically as long as I want. This happened today.

    Joost locking up sats

    Wanting to become the world's payment system sounds good but we can't have trivially exploitable vulnerabilities like this. Walk the talk.

    Therefore I started a new project called Circuit Breaker: a firewall for Lightning nodes. The primary goal is to encourage thinking about this problem with the potential to grow into a full-fledged Lightning protection system.

    joost debug output

    This question was answered by Joost Jager on Twitter.


Related Questions