typical vulnerabilities in lightning apps
play

Typical vulnerabilities in Lightning Apps Igor Korsakov / - PowerPoint PPT Presentation

Jan 02, 2024 •481 likes •701 views

Typical vulnerabilities in Lightning Apps Igor Korsakov / bluewallet.io / Berlin / October, 2019 Plan 1. Double spends with hold-invoices; anatomy of sendPayment 2. Stealing free fees 3. Race-condition attacks

  1. Typical vulnerabilities in Lightning Apps Ололо пыщь пыщь Igor Korsakov / bluewallet.io / Berlin / October, 2019

  2. Plan 1. Double spends with hold-invoices; anatomy of sendPayment 2. Stealing free fees 3. Race-condition attacks 4. Negative amounts 5. ... 6. Profit! 7. Best practices

  3. What is a Lapp? A web app that can interact with the Lightning network: Receive payment ● Send payment ● Authenticate (sign with node’s key) ●

  4. Hold-invoice attack Anatomy of SendPayment HTLC Bob Alice 1. Create preimage HTLC 2. payment_hash = hash(preimage) 3. Create bolt11 invoice with payment_hash, amount, description, signature 4. Give invoice to Alice 5. Alice sends HTLC to Bob protected by payment_hash Charlie promising that Charlie has solution to hash 6. Bob sends HTLC to Charlie protected by same hash 7. Charlie reveals preimage in order to get the payment

  5. Hold-invoice attack router.post('/payinvoice', function (req, res) { if (userBalance >= num_satoshis) { // got enough balance lightning.sendPayment(invoice, function (err, result) { // callback with result of sent payment reduceUserBalance(num_satoshis); }); } });

  6. Hold-invoice attack. Execution

  7. Hold-invoice attack. Execution $ # in lnd folder $ make tags="invoicesrpc" && make install tags="invoicesrpc" $ cat invoices.sh PREIMAGE=$(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 64 | head -n 1) HASH=`node -e "console.log(require('crypto').createHash('sha256').update(Buffer.from('$PREIMAGE', 'hex')).digest('hex'))"` echo "lncli settleinvoice $PREIMAGE" >> settle.sh INV=`lncli addholdinvoice $HASH --expiry 600 --amt 99` INV2=`echo $INV | awk '{print $3}' | sed "s/[^a-zA-Z0-9']//g"` echo "pre = $PREIMAGE hash = $HASH" echo $INV2 echo $INV2 | qrcode-terminal

  8. Hold-invoice attack. Execution

  9. Hold-invoice attack. Protection Atomically lock out full withdrawal amount (with fees) before doing anything ● else Lock should not auto-expire. Release lock only when payment is in ● determined state (either failed or went through) Check stuck payments periodically (usually up to ~1day): ● $ lncli listpayments or smth like that Disregard invoice expiry ●

  10. Stealing free fees HTLC Bob - fees Alice - 666% payer 1. Offer free withdrawals HTLC 2. Someone sets intermediate node with high fees 3. ... 4. Profit! Charlie - destination FEE LIMIT won’t help!

  11. Stealing free fees. Protection 1. Don’t giveaway fees: feelimit - lock payment amount + feelimit 2. OR calculate route’s fees and add them to amount when charging user

  12. Probe route example

  13. Race-condition attacks router.post('/payinvoice', function (req, res) { if (userBalance >= num_satoshis) { // got enough balance lightning.sendPayment(invoice, function (err, result) { // callback with result of sent payment reduceUserBalance(num_satoshis); }); } });

  14. Race-condition attacks. Protection router.post('/payinvoice', function (req, res) { if (!(await lock.obtainLock())) { return errorTryAgainLater(res); } if (userBalance >= num_satoshis) { // got enough balance lightning.sendPayment(invoice, function (err, result) { // callback with result of sent payment reduceUserBalance(num_satoshis); }); } });

  15. Negative amounts router.post('/addinvoice', function (req, res) { if (req.body.amt < 0) return errorBadArguments(res); ... });

  16. Negative amounts. Protection Write tests!

  17. Worth nothing! Other risks Unsafe zero-amount invoices ● Unsafely-opened channels ● DDOS to prevent you from issuing retaliate tx ● Observing counterparty offline/online patterns to choose best timing to issue ● old state tx All web-app vulnerabilities apply to you! XSS, injections, fuzzing, etc. Study ● OWASP! As LN economy grows, be sure. Black hats will come. Tooling will be made, exploits will be written.

  18. Best practices 1. Don’t store user balance as single variable. It should be a sum of all transactions 2. Don’t store amounts as float, only as int. Signed int is ok, no point to enforce unsigned int everywhere 3. RDBMS and Transactional databases are nice to have 4. Log everything, and keep all logs 5. Do regular accounting. At least daily, and investigate if actual values differ from expected 6. Don’t be obsessed with MVP

  19. Acknowledgements 1. Justin Camarena from Bitrefill 2. Andrey Samokhvalov from Bitlum/Zigzag 3. Great guys from https://ion.radar.tech

  20. “Not great, just ok” “Only one coin” “Just another wallet” “Meh” i@bluewallet.io “Could be better” “Some features” ← even Roger is not impressed

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

STRUCK BY LIZ LIGHTNING PRODUCTIONS PRESENTS: L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L orado versus F L orida By: Elizabeth Liz Lightning Prasse Why lightning? Personal survivor

423 views • 23 slides
All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do companies gain by getting your permission? Typical permissions requested by apps How to check up on apps already on your phone App safety

134 views • 11 slides
Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER

Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER

Common Vulnerabilities on iOS Apps by ivan r QconSF @ivRodriguezCA @ivRodriguezCA DISCLAIMER the views and opinions expressed on this talk are solely my own and do not reflect the views or opinions of my employer. @ivRodriguezCA

1.18k views • 82 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps David Sounthiraraj Justin Sahs Garret Greenwood Zhiqiang Lin Latifur Khan University of Texas at Dallas February 26, 2014

671 views • 40 slides
HEV-E Hazards, Exposures and Vulnerabilities Explorer Dr. Giovanni Allegri Ing. Simone

HEV-E Hazards, Exposures and Vulnerabilities Explorer Dr. Giovanni Allegri Ing. Simone

HEV-E Hazards, Exposures and Vulnerabilities Explorer Dr. Giovanni Allegri Ing. Simone Giannecchini About Us Around since 2006 Expertise GeoSpatial Data Fusion, Web Mashups, Mobile Apps OGC, ISO, INSPIRE Standards

565 views • 30 slides
LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning

LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning

LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning presentation at our 2019 Annual Meeting. Please read ALL of these instructions carefully. PRESENTATION TIMING AND NUMBER OF SLIDES You have 1 minute to make

386 views • 3 slides
Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can crash OS wants to be your friend Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

548 views • 17 slides
LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual

LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual

LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual Meeting. Please read ALL of these instructions carefully. PRESENTATION TIMING AND NUMBER OF SLIDES You have 1 minute to make a pitch that attracts

691 views • 3 slides
Achieving Secure Continuous Delivery (cont..) --lightning talk-- Nikos / Jesus / Lucian

Achieving Secure Continuous Delivery (cont..) --lightning talk-- Nikos / Jesus / Lucian

Achieving Secure Continuous Delivery (cont..) --lightning talk-- Nikos / Jesus / Lucian April 2018 Typical discussions X Pain points Same problem in 2018! Security requirements appear (dark magic!) when project is almost finished

320 views • 13 slides
Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a.

Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a.

Virtual Lightning Talk Overview and Steps I. Virtual Lightning Talks Technical Requirements a. The Virtual Lightning talks should not be more than 6 minutes in length. i. Additional time uses up valuable memory and will be downgraded during

282 views • 3 slides
LEAP . Welcomes you to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam or

LEAP . Welcomes you to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam or

Insert your client logo LEAP . Welcomes you to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam or LDJ Prepared by LEAP LDJ is a Creative Problem-Solving Loop Prepared by LEAP Lightning Decision Jam Values Prepared

465 views • 30 slides
F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS CEO of large social network in annual development conference 2 months ago Shared vision for next 2 decades: past : with advent of PCs, companies

498 views • 14 slides
Lightning and Amateur Radio Thoughts on keeping you and your rigs safe! Useful Facts About

Lightning and Amateur Radio Thoughts on keeping you and your rigs safe! Useful Facts About

Lightning and Amateur Radio Thoughts on keeping you and your rigs safe! Useful Facts About Lightning Lightning is extremely hot air around a strike is 5xs hotter than the surface of the Sun. On average 2,000 people are killed

276 views • 14 slides
Welcome to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam LDJ

Welcome to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam LDJ

Welcome to your Lightning Decision Jam Prepared by LEAP Lightning Decision Jam LDJ Prepared by LEAP LDJ is a Creative Problem-Solving Loop Prepared by LEAP Lightning Decision Jam Values Prepared by LEAP Getting started is more

1.86k views • 28 slides
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android

Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications Daniele Gallingani, Rigel Gjomemo , V.N. Venkatakrishnan, Stefano Zanero Android Message Passing Mechanism Android apps are composed of

566 views • 23 slides
Agricultural Practices in Sweden Animal and Environmental Animal and Environmental Welfare; The

Agricultural Practices in Sweden Animal and Environmental Animal and Environmental Welfare; The

Agricultural Practices in Sweden Animal and Environmental Animal and Environmental Welfare; The Swedish Perspective Welfare; The Swedish Perspective Sweden Sweden Area: Area: 450,000 sq km (175,500 sq mi) 450,000 sq km (175,500 sq mi)

458 views • 22 slides
Status report of the large 23m diameter LST telescope North South M P I R e v i e w M

Status report of the large 23m diameter LST telescope North South M P I R e v i e w M

Status report of the large 23m diameter LST telescope North South M P I R e v i e w M e e t i n g D e c e m b e r 2 0 1 2 All sky observatory o m a s S c h w e i z e r T h LST 23m SST

731 views • 44 slides
MICROMEGAS for imaging hadronic calorimetry Jan BLAHA CALOR2010, 9 14 May, Beijing, China 1

MICROMEGAS for imaging hadronic calorimetry Jan BLAHA CALOR2010, 9 14 May, Beijing, China 1

MICROMEGAS for imaging hadronic calorimetry Jan BLAHA CALOR2010, 9 14 May, Beijing, China 1 Outline 1. Introduction 2. MICROMEGAS basic performance 3. Readout electronics and DAQ 4. 1m 2 prototype design and test 5. Simulations 6.

491 views • 18 slides
WP : physics@colliders Goal 2014-2016: Preparing for Run @13TeV and physics analyses Also :

WP : physics@colliders Goal 2014-2016: Preparing for Run @13TeV and physics analyses Also :

WP : physics@colliders Goal 2014-2016: Preparing for Run @13TeV and physics analyses Also : detectors, preparing upgrades or post-LHC jeudi 27 fvrier 2014 The Higgs Is the 125 GeV Higgs the SM Higgs? measurement of standard decay

296 views • 8 slides
Positron Fraction and Lepton Fluxes in Cosmic Rays with AMS-02 Li TAO (LAPP-IN2P3-CNRS) On

Positron Fraction and Lepton Fluxes in Cosmic Rays with AMS-02 Li TAO (LAPP-IN2P3-CNRS) On

Positron Fraction and Lepton Fluxes in Cosmic Rays with AMS-02 Li TAO (LAPP-IN2P3-CNRS) On behalf of AMS collaboration FFP14 @ Marseille in France July 2014 Our goals With AMS, we search for primodial antimatter and evidence of dark matter;

298 views • 25 slides
Main features of cosmic ray induced air showers measured by the CODALEMA experiment Lilian MARTIN

Main features of cosmic ray induced air showers measured by the CODALEMA experiment Lilian MARTIN

Main features of cosmic ray induced air showers measured by the CODALEMA experiment Lilian MARTIN 1,3 , R. Dallier 1,3 , A. Escudie 1 , D. Garca-Fernndez 1 , F. Gat 1* , A. Lecacheux 2 and B. Revenu 1,3 . 1 SUBATECH, Nantes 2 LESIA,

347 views • 16 slides
Designing proof systems from programming features: states and exceptions considered as dual

Designing proof systems from programming features: states and exceptions considered as dual

Designing proof systems from programming features: states and exceptions considered as dual effects Dominique Duval LJK, University of Grenoble July 5., 2011 PPS Groupe de Travail S emantique Outline Introduction 1. Duality, at

530 views • 48 slides
Congruence of Bisimulation in a Non-Deterministic Call-By-Need Lambda Calculus Matthias Mann

Congruence of Bisimulation in a Non-Deterministic Call-By-Need Lambda Calculus Matthias Mann

Congruence of Bisimulation in a Non-Deterministic Call-By-Need Lambda Calculus Matthias Mann Johann Wolfgang Goethe-Universit at, Frankfurt, Germany Congruence of Bisimulation p. 1/21 Lambda Calculi and Equality Abramsky (90)

653 views • 21 slides

More recommend