Bitcoin scaling solution Lightning Network is in hot waters again as researchers have unfolded a new attack vector which can lead to massive amounts of BTCs getting locked up and becoming inaccessible with an attacker spending a minuscule amount.
In a research paper titled “Congestion Attacks In Payment Channel Networks” and published on Feb 18 ‘20, blockchain security researchers Ayelet Mizrahi and Aviv Zohar analyze a low-cost on the Bitcoin’s Lightning Network, which can lead to it’s paralyzation and being rendered useless for a long time.
The attack described in the research paper aims to accomplish three things.
- Locking of high liquidity channels for extended periods.
2. Disconnection of node pairs communicating with each other
3. Isolation of hub from the rest of the network
The report notes that Bitcoin’s Lightning Network currently has a total of more than 14.000 nodes, 37.000 channels and capacity of 1100 BTC (worth $54.7 M @ 49.735 per BTC). It concludes by noting that Lightning Network “can be disrupted with less than half a Bitcoin”.
Description Of The Congestion Attack On Lightning Network
- The attacker opens channels with the source and target of a route, requests small payments massively decreasing the number of simultaneously available Hash Time Locked Contracts (HTLCs).
- The attacker is both the source and destination of these transactions. The final execution of the payment can be delayed, congesting up the network. Rinse and repeat.
Fundamental Limitations Of The Lightning Network
It isn’t possible to close this attack vector, because it’s permitted by the very design and nature of the Lightning Network off-chain payment network. First, the trustless execution of payments using conditional payment contracts are exchanged between parties and only settled on the blockchain, in case of a conflict.
The contracts size grows with pending payments and total pending payment is limited by tx sizes. The other factors assisting the attack are long expiration times, a facility provided to the nodes for recovering funds in case a malicious partner closes a channel with pending payment.
This allows sufficient time to appeal, but due to the inflexible nature of Bitcoin base layer, HTLC expiration time grows over the payment route and can require upto 2 weeks of Bitcoin blocks processing to clear. Lastly, since the payments are onion routing to obfuscate the origin and destination of payments, attacker can’t be traced easily.
Congestion Attacks Can Be Mitigated Slightly, But Not Stopped Altogether
The research paper also notes several ways to mitigate these attacks, but observes that they aren’t possible to be stopped altogether, because of the fundamental limitations imposed by the Lightning Network. It helps if the max concurrent payments available are set by trust level and loops are avoided.
The primary way to mitigate is by enforcing fast HTLC resolution times, time out mechanisms and disconnecting misbehaving nodes from the rest of the network, if the HTLC secrets aren’t propagated fast enough. Other ways are reducing route length and the number of hops the transaction has to go through