Skip to content

Commit

Permalink
f move 3537 to security
Browse files Browse the repository at this point in the history
  • Loading branch information
@TheBlueMatt
TheBlueMatt committed Jan 15, 2025
1 parent a188f12 commit dbc37ac
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,6 @@
## Bug Fixes
* Fixed a rare case where a BOLT 12 payment may be made duplicatively if the
node crashes while processing a BOLT 12 `invoice` message (#3313).
* Fixed a bug where a counterparty can cause funds of ours to be locked up
by broadcasting a revoked commitment transaction and following HTLC
transactions in specific formats when using an anchor channel. The funds can
be recovered by upgrading to 0.1 and replaying the counterparty's broadcasted
transactions (using `Confirm::transactions_confirmed`) (#3537).
* Fixed a bug where a malicious sender could cause a payment `Event` to be
generated with an `OfferId` using a payment with a lower amount than the
corresponding BOLT 12 offer would have required. The amount in the
Expand Down Expand Up @@ -159,13 +154,19 @@
will have `balance_msat` equal to `next_outbound_htlc_limit_msat` (#3243).

## Security
0.1 fixes a funds-theft vulnerability when paying BOLT 12 offers.
0.1 fixes a funds-theft vulnerability when paying BOLT 12 offers as well as a
funds-lockup denial-of-service issue for anchor channels.
* When paying a BOLT 12 offer, if the recipient responds to our
`invoice_request` with an `invoice` which had an amount different from the
amount we intended to pay (either from the `offer` or the `amount_msats`
passed to `ChannelManager::pay_for_offer`), LDK would pay the amount from the
`invoice`. As a result, a malicious recipient could cause us to overpay the
amount we intended to pay (#3535).
* Fixed a bug where a counterparty can cause funds of ours to be locked up
by broadcasting a revoked commitment transaction and following HTLC
transactions in specific formats when using an anchor channel. The funds can
be recovered by upgrading to 0.1 and replaying the counterparty's broadcasted
transactions (using `Confirm::transactions_confirmed`) (#3537).
* Various denial-of-service issues in the formerly-alpha `lightning-liquidity`
crate have been addressed (#3436, #3493).

Expand Down

0 comments on commit dbc37ac

Please sign in to comment.