#LightningNetwork vulnerability as explained on X platform by @mononautical;
The thread discusses a newly discovered vulnerability in the Lightning Network known as the "lightning replacement cycling attack." In this attack, the attacker collaborates with a channel partner to steal funds from a Lightning Network user, referred to as Bob. The attack relies on the ability to replace certain transactions in the #mempool with higher fee transactions. Here's a summary of how the attack works:
1. Lightning Network payments are secured using Hash/Time Lock Contracts (HTLCs) that allow conditional payments between sender and receiver.
2. When a payment is routed through multiple channels, HTLCs are used at each hop, protecting the payment with the same hashlock.
3. The attack targets Bob, who has an outgoing HTLC to Carol and an incoming HTLC from Alice, both with different expiration block heights (T and T+Δ).
4. When the outgoing HTLC to Carol expires at block height T, Bob is forced to time it out on-chain by broadcasting a commitment transaction to close the channel and then sending an "htlc-timeout" transaction to reclaim his funds.
5. Unbeknownst to Bob, Alice and Carol have prepared for the attack. They broadcast unrelated low-fee transactions (the "cycle parent" and "cycle child") and then, when they see Bob's "htlc-timeout" transaction in the mempool, they broadcast an "htlc-preimage" transaction, which spends both the HTLC output and an output from the cycle parent with a higher fee rate.
6. The "htlc-preimage" transaction replaces both the cycle child and Bob's "htlc-timeout" transaction in the mempool, allowing the attackers to take the preimage and redeem the incoming HTLC from Alice.
7. The attackers then repeat the cycle to eject Bob's "htlc-timeout" transaction every time he rebroadcasts it, potentially leaving Bob out of pocket for the entire payment value.