search

lnbits / lnbits

LNbits, free and open-source Lightning wallet and accounts system.
https://lnbits.com
MIT License
1.03k stars 336 forks source link

Payment amount + fee can exceed the wallet balance. Not just a few sats, but e.g. 0.01 BTC, repeatedly. Together more than 0.1 was stolen. #440

Closed gorrdy closed 2 years ago

gorrdy commented 2 years ago

I've been attacked.

An attacker just used LNbits to sweep my channels' balance. He used a trick with a malicious routing node with an enormous routing fee that resulted in an ln payment with the amount of 891,000 sats and a fee ~890,000 sats.

The attack vector is quite simple. From the attacker's perspective:

  1. Open a channel with the target node, e.g. 2M sats.
  2. Send payment to an LNbits wallet e.g. 900k sats
  3. Send a payment out of the LNbits wallet to another destination node with an amount e.g. 891,000 sats.
  4. The only path to a destination node is through a malicious node that charges an enormous fee (999,000 ppm).
  5. LNbits will ask LND to send the 891,000 sats to the destination node, but LNbits is not aware of the fee (actually it was in my case because it was a private channel from the malicious so the fees WERE in the invoice. If a public channel is used, there is no information about the fee in the invoice, I get that). LND is aware of the fee but has no problem with that.
  6. LND will pay the invoice because it has no information (e.g. fee_limit) what is the maximum fee it can "spend" from the LNbits wallet. (E.g. wallet balance is 900,000 sats, the attacker tries to send 891,000, then LNbits should send to LND fee_limit=9,000 sats.)
  7. You just lost your sats.

Hope it helps with resolving the issue. Currently, every LNbits site that is publicly accessible is in danger.

Transaction detail: image

Transactions in Thunderhub: image

callebtc commented 2 years ago

Looking into this right now.

callebtc commented 2 years ago

Fix for the expensive routing attack (#442) for LndRestWallet merged into master. Please update your lnbits with git pull. I recommend changing to LndRestWallet if you're using LndWallet.

Note: For LndRestWallet you need to enter the hex string of your macaroon in the .env file. You can get the hex string via xxd -ps -u -c 1000 /path/to/admin.macaroon

arcbtc commented 2 years ago

Closing as resolved

Kixunil commented 2 years ago

I'm not confident that it's entirely resolved. Sure #442 at least allows safe usage with a specific implementation: LND over REST. IMO these additional steps should be made:

However if you feel this should be a separate issue (or multiple) for organizational purposes I have nothing against separating it.