Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Handling of secret reveals allows for incorrect acceptance of RemoveLockExpired #2835
In a mediated transfer, the mediator can learn about a secret of the HTL in two ways:
These reveals have different semantics in interaction with the HTL's expiration.
An on-chain reveal freezes the expiration at the time of the on-chain reveal.
An off-chain reveal should be followed by an updated balance proof with the HTL amount unlocked (
On the other hand, a failed transfer, which secret is never revealed, will lead to locked tokens that will drain the channel. In order to revive the channel's capacity, the payers in such a transfer will send
Currently, a mediator could potentially be attacked by making it accept a RemoveExpiredLock update to the partners balance proof (i.e. agreeing on a timed-out/failed transfer), although the secret was revealed on-chain. This is due to incorrect state handling after an off-chain reveal. The code paths for an on-chain reveal do no-op in case of an already known secret in the state, so the node will ignore later off-chain reveals.
Affected code sections
The attack could be an eclipse attack, where the attacker controls Initiator and Target node and depletes the mediating Victim's forward deposit to the Target. After the Target node reveals the secret to the Victim, the Victim will send an unlocked balance proof to the Target. Following the protocol, the Victim will reveal the secret to the Initiator. The attacker will never respond to the reveal. Now the Victim needs to stop the expiration by revealing on-chain. After the original timeout, the attacking Initiator will send a RemoveExpiredLock message to the Victim, which will accept it, because of the incorrect handling. Now the Victim would be in a state where it believes the "empty" balance proof of the Initiator, and the Target will have received all of the Victims token.
Applicability / PoC