Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



4 Commits

Repository files navigation


This a tool to check if your lnd node was targeted by CVE-2019-12999, which was recently fully disclosed on. The tool will check if your node accepted an invalid channel, as well as attempt to quantify the total amount of lost coins, if any.

Note that this tool is only for lnd, however both eclair and c-lightning also have tools for detection as well:


You can build the tool with

go build -mod=vendor -v

Checking Your Node

Once the tool has been installed, you can check a target node with the following command:


If your node wasn't affected, then you should see something like:

2019/09/27 10:35:10 Your node was not affected by CVE-2019-12999!

Otherwise, a break down of each invalid channel along with the invalid forwards will be shown.

The default execution of the command assumes the binary is being run from the same machine as the target node, and the node is using default locations for it's config/cert. Arguments of the tool have been provided to allow the tool to check against a remote node:

   ./chanleakcheck -h
Usage of ./chanleakcheck:
  -host string
    	host of the target lnd node (default "localhost:10009")
  -macdir string
    	path to the readonly macaroon for the target lnd node (default "")
  -network string
    	the network the lnd node is running on (default:mainnet) (default "mainnet")
  -tlspath string
    	path to the TLS cert of the target lnd node (default "")


A tool to check if your lnd node was targeted by CVE-2019-12999






No packages published