summaryrefslogtreecommitdiff
path: root/3f/d1f82d467245422cf13a29d92c56f082829f5b
blob: ca97a47d992f03462c1afc59da1826cb704f43df (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
Delivery-date: Fri, 20 Jun 2025 05:36:29 -0700
Received: from mail-oi1-f184.google.com ([209.85.167.184])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBC3PT7FYWAMRBQVL2XBAMGQEYKKZZBY@googlegroups.com>)
	id 1uSayq-0007CE-IT
	for bitcoindev@gnusha.org; Fri, 20 Jun 2025 05:36:29 -0700
Received: by mail-oi1-f184.google.com with SMTP id 5614622812f47-408d7eb6072sf1132896b6e.1
        for <bitcoindev@gnusha.org>; Fri, 20 Jun 2025 05:36:28 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1750422982; cv=pass;
        d=google.com; s=arc-20240605;
        b=VtNhQgskACd7kGXCkN9vAmU1V47bbJZyISVoBARUhAPMne/CIBYeIlPCnWlCHVOXvH
         L3p8oa7W6PWvZiU3xI2UOzxpUQMREzZJSYhoWQa8FMfBcteodwXn1AFWZHsVkFhTGRwV
         bAg16Ki0PIEHXI+/jFT47Q9AP7qetUEQ6N0n+FIJk1Hf0y/AT1gOGV2EUm8nWf1uWu11
         MXhuRrnUIenaci1tfOcUexz+g4fSP8jlbj8D+ofkDDgJAlpajIQfxenD6ihTV7nNt+wb
         LbcRpguQb5vTgSB1IcJJhXAm9+MngbE+sf9vXEvK0IEkjZIvvXo01LMsYn3cz66i05fr
         GBmQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:sender:dkim-signature
         :dkim-signature;
        bh=5N/iFU8Q5SX/qvvatztlUosen2KnM//PFfN7+iHM70g=;
        fh=ejBCk8Ch/T72jyFYoSy3GSKhoGIl0YR5TSOZbMvZyDg=;
        b=S38fbYEjxAF8llsAQ1iLheP29M/qf2sv19OLj8qljsSvlNqxzAZ3sGXNkpu6c4jN37
         0gVcIH6BjoE1Z90DehBd+sE7s8nblgcjbMlmlmvctsj4zaPUd/uJ38HkpyFTf0jS7Ly0
         MlKZpeHLUBiSlm4rweEwgrDbFZU6uKsQjQREN6DlFMBtCaNwldxemkR4sL0TCsh1s14/
         urazWzuD0ohYEBEKudidY9LHUySK9brhmAeiCTFWSn2tqxXikPDqrOGdJXOl+GunKLZW
         RBGAki0pAr03UTcxdBNSwlFPvuApewDn9W6wkeEsow3MW2pnP6aQ0XM+/Dw5eCO0WlUT
         pbHw==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=hh0Ak3y6;
       spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1030 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1750422982; x=1751027782; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=5N/iFU8Q5SX/qvvatztlUosen2KnM//PFfN7+iHM70g=;
        b=FgbHtaRgaLE5B3IKx7kweaFqWihTy74IgtQp5F25e2gKNjdBBHUdZ/cTd6pvRJUkCE
         J9ubAATWt+2XnhhVf6pvh1S/KOy6J+gAQCfHuIOjKlHbvzehdHkYSTuTx/GSpOtFEAza
         P3nlL9wK4r23YtL9WMBiFTsNA1dJX4xFEh7s3P/U5+Oj7xb5F3JmSIdK6oLQDr8xJG7n
         rL/fvFi5QNXQJthIXi913fC6CqLL/Tw1CfXFslF+EYNLdvO7polmj4O2lUnYPkcjXiUU
         DA1ImG5YCRh2MnVP9xlOojBQDEtxBxinF3uA5ttW0ACeq2JxOqyD54ztxMQMCmONmq3L
         acSw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1750422982; x=1751027782; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=5N/iFU8Q5SX/qvvatztlUosen2KnM//PFfN7+iHM70g=;
        b=U6dv9Egp81ilwhEHgu+A35/SAoih4wyDPosu7BizFdpltr6YxfDLsLLy7WY3FCqf8Q
         leAsMdLb7wdNy0X+cSRaWiK0eh/l6/Z9MTtjtnurfWqGfH+M7+mf2vG0SKdpdLb0A3Ia
         AyeUQnAYgIKPQxAOKTPkuG/bW3ykJYceL3Af3Uxn4CXNFgVGHKRg3O/lod6BZz/uNFlk
         /YjbEQV5NVQ/cur0lFoLiiCZsYvMYR7Ch49CUmQcU0qsHZFV/TbqSG8FFamBNcaLbp+Y
         QSFpWItxfJQhF4cgIRAl2gY9FB2AiGnvuyxiIbwV0DN3iQowJcPFHQDzZW1a1CJbkW7m
         bJbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1750422982; x=1751027782;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:x-beenthere:x-gm-message-state:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=5N/iFU8Q5SX/qvvatztlUosen2KnM//PFfN7+iHM70g=;
        b=jQFpRuTu2O9TYW78p7COfTbpA3DBLnLdI1e1qpgcXIE78OXgW/Mn+9FoxRdgvUxsAW
         632bcTzyKNLrXEdruu21laUFHyMNufhPE9GyyHI12Vxijvb/iYhAC2bm9AS7TwvSRFu7
         610+6Gs7K/ZSvUm+io49tTL4s+lY52prP2ImoskxXIDbwcngHIRnKE4SLOgh8oL0BQqW
         KhTwXf+sN0bBQc8vLSA4ENYkKlREPNHQcy5OoImtu25PDG7HWwm7wm6hDUkwyFErbtzB
         r1FYoWGa6BuSty1fUyup+lUI3+4lQQDemfTaDgusooHE8niGfdzTMkzfP9t9NiRb25gt
         uXVw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCWsTc3CKBBVV+tHUaq+PQrEUAaCffWerw0N4eXjVDzZu7mlFi5RIvTF3vdufk8K6HNcpY6ZYuXrwHj8@gnusha.org
X-Gm-Message-State: AOJu0YzNSf5o1V57BSG0grKElfC9CWEf22NVhMkdmY4GgrFj2+ptjQbu
	ETWng5cCQeXwwBNbK1f1RBqoOx/D/1C5BoawZuQZ30w63M4oiAV2xKva
X-Google-Smtp-Source: AGHT+IGvL/B9sso/nJWOpDE3BIRGDlOP0dsYNdWPDSnBL4kGyIDDUwRjhlgQTM3XhW829Cz+lZwtOg==
X-Received: by 2002:a05:6808:2201:b0:403:50e7:83e1 with SMTP id 5614622812f47-40ac6f1cc46mr1960569b6e.11.1750422981894;
        Fri, 20 Jun 2025 05:36:21 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZfCCxpORnP0TAG78bkP5TC1t5MrgBaA/15DihUO2XzioQ==
Received: by 2002:a05:6820:8503:b0:60b:7c03:4a7c with SMTP id
 006d021491bc7-6114fdfa993ls247266eaf.1.-pod-prod-01-us; Fri, 20 Jun 2025
 05:36:18 -0700 (PDT)
X-Received: by 2002:a05:6808:1a03:b0:409:f8e:72a5 with SMTP id 5614622812f47-40ac6ff2128mr2289347b6e.35.1750422978081;
        Fri, 20 Jun 2025 05:36:18 -0700 (PDT)
Received: by 2002:a54:4109:0:b0:403:484c:9068 with SMTP id 5614622812f47-40aa3513fabmsb6e;
        Wed, 18 Jun 2025 21:57:02 -0700 (PDT)
X-Received: by 2002:a05:6830:699a:b0:739:fa45:5918 with SMTP id 46e09a7af769-73a363f02a7mr12120920a34.28.1750309021550;
        Wed, 18 Jun 2025 21:57:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1750309021; cv=none;
        d=google.com; s=arc-20240605;
        b=AQA0xT6N1cDgMy1GZiFcFIooFGxSYW0BVkJM/Op9PFQv9+qGSdY8sK9OC0oNaBfwbA
         iMIujNFesBTxPcLqCHzp7W5C5mfRQrJNz7B2uWNc0p9lt/1m9IC5K5hj6fI2SOzkCTX5
         OudeZqxHGWFwUNhUAQYm9TEaG0sYRt1UweRzg2Q6lG3Ie+LRevrUqqDjkQi9DJ7eEzrt
         Iyg9QwZh9PCcSpjSU1LnlcRSAsuVBfUlny/CG7OhEaGMs3+0smqbW87Z0q2mmgZuCGzz
         HdRZHw5vJiFiaH05zMFhR3Pv/4Z7mth/DxRBmuihAmoGiWjQhu9D8t5uhXGFx8WEWOjC
         J/2Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=qGPRsuUxyo3UkhdYYdrKjS0XyvbkgOV1ubzqCjmrirQ=;
        fh=ORh+iEPmgboQ22R142U1OIJuGECSCHd3LBJEERtwxbc=;
        b=ILHB7yka9+3fxTpd3WSdZDEy7C+p/MptLRjXSa/MnBdbyUXooMszgq3Ap6YOqYUEEW
         AEtQzHwevOCfJ2PAHkyBk0HETpsTmy0w4dfamrspiyt3FUgzhPxzk22/qF7cbp0NqH5J
         yvmN8+fPOUGrbGkMlMfeO8JiPV5CcFCEhGDSOZFBsbnKVw9qRn5oZzd+1seMmKGOzcUa
         55Gbc7qK2vfKx92GImhs08kfg3ixOOaIEZztJoK67cdli3rBRfG7h0uESBrxxxtxwqn0
         nsShfWf10x29CDYcCriA6bUUujuKDg5b1exC2DbJ6AQuvpR2gbwQtg3Dymxhhpt9NRDe
         pGjw==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=hh0Ak3y6;
       spf=pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1030 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com. [2607:f8b0:4864:20::1030])
        by gmr-mx.google.com with ESMTPS id 46e09a7af769-73a284fe45asi71830a34.3.2025.06.18.21.57.01
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 18 Jun 2025 21:57:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1030 as permitted sender) client-ip=2607:f8b0:4864:20::1030;
Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-312116d75a6so234297a91.3
        for <bitcoindev@googlegroups.com>; Wed, 18 Jun 2025 21:57:01 -0700 (PDT)
X-Gm-Gg: ASbGncvGLTtaUXxnB2T7zUbrXHuPgUMZguFSf6usTIt0gn7bqLWqiWlDhm5umjbu8kL
	CZ/rtmesLkpsep5LRFUEJTVe1vRe/7RqQLEvQORzW+Rnzrz2ww0d5g82R1Cfj+kCtVYXVhDoo4s
	KsZtW7uko+biwM3ze0SubO6kAwZc9a96BKEMlBanEUvdo=
X-Received: by 2002:a17:90b:350a:b0:2ee:6d08:7936 with SMTP id
 98e67ed59e1d1-313f1d58ba9mr27984791a91.20.1750309020415; Wed, 18 Jun 2025
 21:57:00 -0700 (PDT)
MIME-Version: 1.0
References: <fe76185f-8d9c-41b2-ab15-117d7787a204n@googlegroups.com> <1b4a4871c6531da5a7fdcf67cd218848@dtrt.org>
In-Reply-To: <1b4a4871c6531da5a7fdcf67cd218848@dtrt.org>
From: Antoine Riard <antoine.riard@gmail.com>
Date: Thu, 19 Jun 2025 05:56:49 +0100
X-Gm-Features: AX0GCFslmAAoRWvntokM9flfT1Q63FPMOX91AIrjJkkIaRt39koiMchmz-AZ2no
Message-ID: <CALZpt+GUH93TcjKevHu+hrd45fvrDGvhY7tYXEPror0fw27CXA@mail.gmail.com>
Subject: Re: [bitcoindev] Full-Disclosure: CVE-2025-27586 "No Santa Claus
 under the Lightning Sun"
To: "David A. Harding" <dave@dtrt.org>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="00000000000068bd8a0637e59352"
X-Original-Sender: antoine.riard@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20230601 header.b=hh0Ak3y6;       spf=pass
 (google.com: domain of antoine.riard@gmail.com designates 2607:f8b0:4864:20::1030
 as permitted sender) smtp.mailfrom=antoine.riard@gmail.com;       dmarc=pass
 (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;       dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

--00000000000068bd8a0637e59352
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Dave,

Thanks for your thoughts on the subject.

I don't know if I were among the first one to stumble on
this problem. Of course, I wouldn't be surprised if some
people who worked at that time on implementing anchor output
such as Johan Toras Halseth or Joost Jager might have mentioned
it publicly or semi-privately. Of course, if there are more
links where it could have been discussed, please pointed out
to me, though with my memory of the conv circa 2020 about
anchor outputs, I'm not aware of them.

About the pull request you're pointing out
(https://github.com/lightningnetwork/lnd/pull/4908), it should be
said that the original anchor output pull request didn't mention
anything about fee-bumping reserves mngt (
https://github.com/lightning/bolts/pull/688/files).
Only a "MUST contribute sufficient fee to ensure timely inclusion in
a block". It's like "danke schon, aber was?".

By the time of this pull LND pull request, anchor output was already
deployed on the network (under the broken `option_anchor_output`)
in early beta. I'm not going to make a rant in LN development if
we ship first the cars, then we go to wonder if we have shipped the
seat belts too. That would be too easy and too free...

Share with you off-list more details.

Best,
Antoine
OTS hash: dc78f072e3cd20c0efeea728e83b5f1b121824836543f0cda346a3c7dd5a36fa

Le mer. 18 juin 2025 =C3=A0 03:16, David A. Harding <dave@dtrt.org> a =C3=
=A9crit :

> On 2025-06-12 09:03, Antoine Riard wrote:
> > This class of attacks dubbed "fee-bumping reserves exhaustion attacks"
> > [...]
> > ## Timeline
> >
> > - 2022-07-11: Report of the finding to XXX, Bastien Teinturier
> > (Eclair), Lisa Neigut
>
> Hi Antoine,
>
> I read your post twice but everything in it seems obvious.  What am I
> missing?  It's obvious that (1) exogenous fee bumping requires keeping
> an independent reserve of sufficient funds and (2) that the amount of
> the reserve can vary depending on transaction size and prevalent
> feerates.  The earliest description of that problem I found is from more
> than a year before your report (
> https://github.com/lightningnetwork/lnd/pull/4908 ), but I suspect I
> could find other even earlier discussion if I looked harder.
>
> Is there more to this vulnerability report that I'm missing?
>
> Thanks,
>
> -Dave
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CALZpt%2BGUH93TcjKevHu%2Bhrd45fvrDGvhY7tYXEPror0fw27CXA%40mail.gmail.com.

--00000000000068bd8a0637e59352
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi Dave,<br><br>Thanks for your thoughts on the subject.<b=
r><br>I don&#39;t know if I were among the first one to stumble on<br>this =
problem. Of course, I wouldn&#39;t be surprised if some<br>people who worke=
d at that time on implementing anchor output<br>such as Johan Toras Halseth=
 or Joost Jager might have mentioned<br>it publicly or semi-privately. Of c=
ourse, if there are more<br>links where it could have been discussed, pleas=
e pointed out<br>to me, though with my memory of the conv circa 2020 about<=
br>anchor outputs, I&#39;m not aware of them.<br><br>About the pull request=
 you&#39;re pointing out<br>(<a href=3D"https://github.com/lightningnetwork=
/lnd/pull/4908">https://github.com/lightningnetwork/lnd/pull/4908</a>), it =
should be<br>said that the original anchor output pull request didn&#39;t m=
ention<br>anything about fee-bumping reserves mngt (<a href=3D"https://gith=
ub.com/lightning/bolts/pull/688/files">https://github.com/lightning/bolts/p=
ull/688/files</a>).<br>Only a &quot;MUST contribute sufficient fee to ensur=
e timely inclusion in<br>a block&quot;. It&#39;s like &quot;danke schon, ab=
er was?&quot;.<br><br>By the time of this pull LND pull request, anchor out=
put was already<br>deployed on the network (under the broken `option_anchor=
_output`)<br>in early beta. I&#39;m not going to make a rant in LN developm=
ent if<br>we ship first the cars, then we go to wonder if we have shipped t=
he<br>seat belts too. That would be too easy and too free...<br><br>Share w=
ith you off-list more details.<br><br>Best,<br>Antoine<br>OTS hash: dc78f07=
2e3cd20c0efeea728e83b5f1b121824836543f0cda346a3c7dd5a36fa</div><br><div cla=
ss=3D"gmail_quote gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_at=
tr">Le=C2=A0mer. 18 juin 2025 =C3=A0=C2=A003:16, David A. Harding &lt;<a hr=
ef=3D"mailto:dave@dtrt.org">dave@dtrt.org</a>&gt; a =C3=A9crit=C2=A0:<br></=
div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bor=
der-left:1px solid rgb(204,204,204);padding-left:1ex">On 2025-06-12 09:03, =
Antoine Riard wrote:<br>
&gt; This class of attacks dubbed &quot;fee-bumping reserves exhaustion att=
acks&quot;<br>
&gt; [...]<br>
&gt; ## Timeline<br>
&gt; <br>
&gt; - 2022-07-11: Report of the finding to XXX, Bastien Teinturier<br>
&gt; (Eclair), Lisa Neigut<br>
<br>
Hi Antoine,<br>
<br>
I read your post twice but everything in it seems obvious.=C2=A0 What am I =
<br>
missing?=C2=A0 It&#39;s obvious that (1) exogenous fee bumping requires kee=
ping <br>
an independent reserve of sufficient funds and (2) that the amount of <br>
the reserve can vary depending on transaction size and prevalent <br>
feerates.=C2=A0 The earliest description of that problem I found is from mo=
re <br>
than a year before your report ( <br>
<a href=3D"https://github.com/lightningnetwork/lnd/pull/4908" rel=3D"norefe=
rrer" target=3D"_blank">https://github.com/lightningnetwork/lnd/pull/4908</=
a> ), but I suspect I <br>
could find other even earlier discussion if I looked harder.<br>
<br>
Is there more to this vulnerability report that I&#39;m missing?<br>
<br>
Thanks,<br>
<br>
-Dave<br>
</blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CALZpt%2BGUH93TcjKevHu%2Bhrd45fvrDGvhY7tYXEPror0fw27CXA%40mail.g=
mail.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/=
d/msgid/bitcoindev/CALZpt%2BGUH93TcjKevHu%2Bhrd45fvrDGvhY7tYXEPror0fw27CXA%=
40mail.gmail.com</a>.<br />

--00000000000068bd8a0637e59352--