Renowned blockchain developer Antoine Riard has issued an urgent plea for updates to Bitcoin’s source code.

Antoine Riard’s research paper delves into the critical vulnerabilities within the Lightning Network, shedding light on a particular category of transaction-relay jamming attacks known as “replacement cycling.”

Replacement Cycling Attacks on the Lightning Network

The Lightning Network was created to solve Bitcoin’s scalability problems. However, Riard’s paper describes a new type of attack called replacement cycling, which can effectively steal funds from Lightning channels. Unlike other known attacks, replacement cycling doesn’t need extensive computational power or interference at the network level.

According to Riard’s research, it is possible to completely take control of the channel capacity of Lightning routing hops in specific situations. An attacker can interfere with the transaction relay on the base-layer Bitcoin network, manipulating the fee-bumping mechanism to purposely delay or prevent the confirmation of other transactions. This type of attack is particularly concerning because it can be executed regardless of network congestion.

The vulnerability has serious implications for the broader Bitcoin ecosystem, which boasts at least 50,000 nodes running the BTC protocol as of October 2023. This flaw could undermine trust in second-layer solutions like the Lightning Network, which is crucial for Bitcoin’s scalability and adoption.

Proposed Solutions and Future Steps

Riard’s paper outlines a series of mitigations at both the Lightning Network and Bitcoin base-layer levels. These include local mempool monitoring, aggressive rebroadcasting strategies, and transaction-relay and mempool rule changes. However, the blockchain developer states that the existing mitigations implemented by major Lightning implementations are insufficient against advanced adversaries.

Riard calls for fundamental changes in Bitcoin’s source code to prevent such vulnerabilities. “This isn’t about patchwork fixes anymore. We need foundational changes in the Bitcoin source code to secure the Lightning Network effectively,” he stated. “It’s a call to action for all of us in the blockchain community to rethink and re-engineer how Bitcoin and Lightning Network interact,” Riard concluded.

The study also introduces a unique transaction-relay jamming attack category that impacts existing and upcoming protocol versions. Uniquely, these practical attacks enable the unauthorized extraction of money from Lightning channels without network mempool congestion, simplifying the conditions required for a sophisticated Lightning attack.

The attacks can target all funds up to the permitted in-flight HTLC value. A modified form of this attack could also compromise future peer-to-peer extension package relays.