Latest Strikes 67 - January 8th-14th 2024

A painting showing a giant walking across the land towards the sun as clouds rise in the sky.
"Blind Orion Searching for the Rising Sun", Nicolas Poussin, 1658. The MET Open Access.

Hey there, Lightninger! Last sunday was the Lightning white paper anniversary: already 8 years that this historic piece was published! But that's not the only interesting thing that happened last week, so grab a hot drink and let's rewind the latest Lightning developments together!


Decentralized Robosats Is Coming

Robosats is a Lightning-native simple and privacy-preserving peer-to-peer Bitcoin on/off-ramp. Users can post offers to buy/sell Bitcoin, or take an existing offer. The whole thing is managed by a coordinator, which receives offers and interfaces between both ends of a trade in order to route Lightning payments and solve disputes. There was initially only one coordinator, operated by Robosats' development team, but that time is now over. Anyone can now become a coordinator and join the Federation (provided they have the necessary skills and infrastructure), and clients will connect to all coordinators, resulting in a unified marketplace.

Version 0.6.0 of Robosats will bring this federated P2P on/off-ramp, and while it is still being polished, it is already available for testing (Tor/Clearnet). However, keep in mind that:

  • it's still an alpha version,
  • you need to make sure you trust a coordinator when partaking in a trade they host, since coordinators can always steal from users. The market for coordinators will hence be driven by reputation, quality of service, and fees.

Anyway, that's a huge step forward for decentralized, P2P, privacy-preserving and Lightning-first on/off-ramp. Looking forward to the stable release!

Speaking of Lightning on/off-ramp, Breez released FiatLink, an open standard defining a common interface between Lightning apps (e.g. wallets) and Bitcoin brokers. Any wallet implementing the FiatLink specification could seamlessly let their users buy Bitcoin from any FiatLink-compliant broker, and redemption of the sats would occur through LNURL-Withdraw.

Swiss brokers such as Relai or PocketBitcoin were consulted for this first draft of the specification and, per Roy's post, "FiatLink includes Swiss brokerages" (probably Relai and PocketBitcoin), which means non-Swiss users will be able to onramp (up to 1000 CHF per transaction) with no additional KYC that than of the bank they use to send fiat to the broker, which is both sensical and a huge win for user experience. Additionally, FiatLink offers optional support for AOPP which, while it still presents privacy risks and has debatable results when it comes its stated goal (curbing money laundering) at least has the added benefit of making LNURL-Withdraw links a bit more secure, since a condition can be added so that only the user's node (identified by its public key) can pull funds from the link (whereas LNURL-Withdraw link can typically be seen as bearer bounds).

Ultimately, the Bitcoin brokers space is quite wide, and nothing prevents P2P methods such as Robosats from using the standard. If this catches on, it could be a real game changer for Bitcoin and Lightning adoption!

Mash Rewards

Mash continues to bring innovation to online media with the power of Lightning. Their latest addition lets your community claim Bitcoin rewards through a "Reward Page", the link to which you can for example hide in your latest article, incentivizing your community to carefully read through. As always with Mash, the spear point is ease of use, and creators can easily create Reward Pages without any code, while community members can claim their rewards with any Lightning wallet.

Now, I sometimes find myself a bit uneased at the prospect of paying readers/viewers/listeners to engage with "content". After all, in a perfect world, the quality of a production should speak for itself and warrant engagement and recognition. However, we're not in perfect world, but rather in one where makers compete more and more for a crumb of their audience's attention. Incentivizing engagement through sats can be a powerful tool in that regard, with the added benefit of circumventing the traditional online advertising cabal.

Automatic Withdrawals In StackerNews

As part of its move toward a "half-custodial wallet", StackerNews added a new feature called "attach wallet" which lets users link an external wallet, hopefully self-custodial, to which they will automatically receive funds sent to them on the platform.

As of now, the only option for attaching a wallet is by registering a Lightning Address and specifying the "desired balance" to keep on the user's StackerNews custodial account. Any funds in excess of this desired balance will automatically be withdrawn to the user's Lightning Address.

A screenshot of the form to attach a Lightning Address to your StackerNews account by inputing the address, desired balance and maximum fee to pay as a percent of the withdrawal amount.
Attaching an external Lightning Address to your StackerNews account.

We at LN Markets are also firm believers that, while full self-custody should always be preferred, hybrid approaches also have their benefits. In said approaches, a platform or service taking custody of users funds should make it as easy as possible for users to withdraw to the safety of their self-custodial solution. That's why we also released a similar feature back in November 2022, which lets you automatically withdraw to a Lightning Address whenever a take-profit or stop-loss is hit, or whenever an option you bought expires. Visit your settings to enable it!

Mercury Layer Goes Blind

Mercury Layer got a big update last week: the coordinator is now blind to the details of what it signs, thus increasing privacy guarantees for Mercury statechains' users.

For a reminder about what statechains are and how they work, here is a short intro we gave a year ago. For the needs of this article, it is enough to know that a statechain is shared UTXO between a user and central coordinator, the ownership of which can be transferred off-chain with the assistance of the coordinator. Every time a transfer occurs, the coordinator cosigns Bitcoin transactions that can later be used by the user to unilaterally exit the statechain - just like commitment transactions in Lightning. Now, thanks to a "blinded variant of the Musig2 protocol", the coordinator doesn't know what shared UTXO it is signing for, and hence can't track users when they exit the statechain.

Wallets & Tools

PeerSwap Web UI

There's now a pretty cool Web UI for PeerSwap, with support for Lightning <> Onchain swaps, as well as the (increasingly popular) Lightning <> Liquid swaps. Pretty cool!

PeerSwap is a protocol that lets node runners perform atomic swaps with their channel partners. For example, if a channel between Alice and Bob ends up with all the liquidity on Bob's side, and they both agree that a 50/50 repartition would be better, Alice and Bob can perform an atomic swap where Bob sends half of the channel capacity to Alice on Lightning through their shared channel, while Alice sends the same amount to Bob in an on-chain Bitcoin/Liquid transaction. PeerSwaps usually cost less than going through a swap provider/coordinator, since they don't involve any third party.

Send Nodes (Into The Cloud)

The next one is a bit of a niche, but I found it cool enough to warrant inclusion in this week edition.

Autonode is a tool that lets you automate the installation of new Bitcoin and Lightning nodes, i.e. effortlessly spin new nodes without having to manually go through the installation process for every new instance. It uses cloud-init, a widely adopted and recognized standard for customizing and deploying cloud instances, making it super easy to deploy nodes to your favorite cloud provider (although it is also fairly easy to deploy locally, including on Raspberry Pis).

Autonode comes with all the software you expect from a modern node (Bitcoin Core, an Electrs server, a Core Lightning node, etc.) and the installation details (notably software versions) can be fine-tuned using a template generator.

Ecash Lightning Address Server

Lightning Address servers for ecash mints popped everywhere last week, with Hermes for Fedimint and Cashu Address for, you guessed it, Cashu. When using such a Lightning Address, the sever will receive Lightning payments on your behalf and give you the same amount in ecash.

An interesting property of ecash is that you can tie a token to a public key, so that they can only be redeemed by the desired user[1]. In this context, this gives the nice property that the Lightning Address server can ask the mint to create tokens that only the intended recipient can redeem. However, this doesn't remove the trust required in the Lightning Address server, since it can still steal from the recipient by getting the sats from the sender and never notifying the receiver. But such as setup still seems better than your regular custodial Lightning Address system, since you at least benefit from the privacy guarantees brought by chaumian ecash.

Spec & Implems

DoS Vulnerability In Core Lightning v23.02 to v23.05.2

Matt Morehouse disclosed a DoS attack vector in Core Lightning versions 23.02 to 23.05.2, which could enable a remote attacker to crash a Core Lightning node in around 30 seconds. The vulnerability was fixed in v23.08, released in August 2023.

A bit of context is necessary to fully grasp how the attack might work. In Core Lightning, the main daemon (i.e. "background process") called lightningd is responsible for orchestrating the node's operations, notably by launching task-specific sub-daemons handling things such as managing the opening of a new channel (openingd) or operating an established channel (channeld).

The attack vector arises from a race condition between two different flows (the channel open and the peer connection flows), which both try to start the same channeld sub-daemon, resulting in a crash of the whole node when the peer connection flow tries to launch the daemon after it's already been launched by the channel open flow. In order to actually trigger the race condition, the attacker still needs to delay the operations of the peer connection flow enough to have the time to open a new channel before the peer connection flow ends. This can be achieved by slowing down the latter with many peer connections[2], for example by leveraging a fake channels DoS attack.

To learn more about the technicalities of the vulnerability, how it was introduced, the timeline of its discovery or it could have been prevented, visit Matt's disclosure. In the meantime, make sure you're at least running version 23.08 of Core Lightning and, if not, upgrade asap.

Closing Bit

Aveugle ne voyant ni l'entrée ni l'issue
Bienheureux ignorant des visées et des buts
Tu bois tranquille au creux du sein réconfortant
Du Secret préservé par ton oeil prévoyant.

  1. More precisely, claiming the token requires a valid signature that corresponds to the public key. This condition is enforced by the mint. ↩︎

  2. More precisely, by overloading the chanbackup plugin, which is responsible for checking for existing channels with a peer when a peer connects, with many peer connections. ↩︎

Privacy Policy