Lightning Network, a layer 2 protocol that enables faster Bitcoin transactions, has issued an emergency hot fix release to patch a bug on the network.
The fix, posted to GitHub on Tuesday by Lightning Labs’ infrastructure engineer Oliver Gugger, addressed the unsynced nodes. The bug had unsynced Lightning Network Daemon (LND) nodes – full implementation Lightning Network nodes that comrpise btcd, bitcoind, and neutrino.
A pseudonymous developer called Burak set off the bug, then alerted the community by sharing a block explorer link to the transaction that caused it.
Burak had encoded a message within the transaction that triggered the break in node consensus: “you’ll run cln. and you’ll be happy.” CLN refers to Core Lightning – a new modular Lightning implementation.
Several people faulted Baruk for not disclosing the bug to the team responsibly. “The ethical thing to do is to [make] a vulnerability disclosure to the Lightning Labs team instead of taking down [the] majority of the nodes in the network,” tweeted Synonym CTO Reza Bandegi.
Another tweeter, Anthony Towns, said he noticed the same bug two weeks ago and told a member of the Lightning Labs team, raising questions as to whether it could have been prevented.
Chaincode Labs engineer Pieter Wuille said that fixing the bug without raising suspicion would have been hard to pull off, making it a hard choice for the Lightning Team.
Lightning Labs CEO Elizabeth Stark also tweeted her disapproval with Burak’s disclosure. “I don’t agree with the approach taken,” she said.
“We acknowledge there was another bug exploited by cooperating with miners, which was clearly not great, and fixed it within ~2 hours,” tweeted Stark, referring to another LND bug which was exploited on Oct. 9 by the same person.
Stark said that Lightning Labs was working on a bug bounty program that would pay out for responsible disclosures.