Skip to content

Do not claim/reject all inbound HTLCs at once based on preimage/hash #168

Closed
@TheBlueMatt

Description

@TheBlueMatt

As of #167 we track HTLCs separately as required by BOLT 2 for privacy. However, we currently reject/accept all to-us HTLCs at once when the user gives us a preimage/no-such-preimage callback. This allows an attacker to (in a really race-y way) query us if we are the intended recipient of a payment that was routed through them by simply sending us a small value HTLC with the same hash as the one they saw. This will likely require an API change, and users may end up needing to do something like tracking the expected value of a payment and only fulfilling HTLCs that match the expected value (to the single-msat level).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions