📝 Summary: LNbits discovered an exploit allowing attackers to create fake balances by manipulating invoices. They have patched the issue and urge users to update their software. Suggestions were made to support self-payment of invoices, which would benefit custodial Lightning service providers. Lnd supports self-payment of invoices through its API.
👥 Authors:
• Rusty Russell ( @Rusty Russell [ARCHIVE] )
• fiatjaf ( @fiatjaf [ARCHIVE] )
• Olaoluwa Osuntokun ( @Olaoluwa Osuntokun [ARCHIVE] )
• Martin Habovštiak ( @Martin Habovštiak [ARCHIVE] )
• David A. Harding ( @David A. Harding [ARCHIVE] )
• callebtc ( @callebtc [ARCHIVE] )
• Rusty Russell ( @Rusty Russell [ARCHIVE] )
• fiatjaf ( @fiatjaf [ARCHIVE] )
• Olaoluwa Osuntokun ( @Olaoluwa Osuntokun [ARCHIVE] )
• Martin Habovštiak ( @Martin Habovštiak [ARCHIVE] )
• David A. Harding ( @David A. Harding [ARCHIVE] )
• callebtc ( @callebtc [ARCHIVE] )
📅 Messages Date Range: 2023-07-06 to 2023-07-16
✉️ Message Count: 7
📚 Total Characters in Messages: 16138
Messages Summaries
✉️ Message by Rusty Russell on 06/07/2023:
LNbits discovered an exploit that allowed attackers to create fake balances by manipulating invoices, urging users to update their software.
LNbits discovered an exploit that allowed attackers to create fake balances by manipulating invoices, urging users to update their software.
✉️ Message by callebtc on 06/07/2023:
LNbits discovered an exploit in their system that allowed attackers to create fake balances by manipulating invoices. They have patched the issue and urge users to update their software.
LNbits discovered an exploit in their system that allowed attackers to create fake balances by manipulating invoices. They have patched the issue and urge users to update their software.
✉️ Message by David A. Harding on 12/07/2023:
LNBits discovered an exploit allowing attackers to create balances by abusing a quirk in how invoices are handled. A suggestion was made to support self-payment of invoices.
LNBits discovered an exploit allowing attackers to create balances by abusing a quirk in how invoices are handled. A suggestion was made to support self-payment of invoices.
✉️ Message by fiatjaf on 13/07/2023:
The author suggests asking developers of Lightning Network node implementations to support self-payment of invoices, which is currently not possible but would be a valuable feature for custodial Lightning service providers.
The author suggests asking developers of Lightning Network node implementations to support self-payment of invoices, which is currently not possible but would be a valuable feature for custodial Lightning service providers.
✉️ Message by Martin Habovštiak on 15/07/2023:
The author suggests that implementing self-payment of invoices in Lightning node implementations would be beneficial for testing and custodial service providers.
The author suggests that implementing self-payment of invoices in Lightning node implementations would be beneficial for testing and custodial service providers.
✉️ Message by Olaoluwa Osuntokun on 16/07/2023:
Lnd supports paying invoices it generates by setting the
Lnd supports paying invoices it generates by setting the
allow_self_payment field. This can be done through the API provided. ✉️ Message by Martin Habovštiak on 16/07/2023:
The user is testing LND <-> app integration and wants a flag to enable self-payment without going through the network.
The user is testing LND <-> app integration and wants a flag to enable self-payment without going through the network.