Recent security issues affecting the Liquid and Lightning Network on BTC have highlighted problems with using “second layer” solutions to handle common transactions. In June, developer James Prestwich disclosed a problem with Liquid that saw 870 BTC briefly stuck in limbo, saying Liquid’s claimed “trustless” nature and security model were flawed.
Blockstream’s Liquid network and Lightning Labs’ Lightning Network are “sidechains” that function as transaction layers that interact with—but are separate to—the main BTC blockchain. Liquid handles fast transactions between exchanges, while Lightning handles smaller, everyday payments for BTC. Both lose records of the transactions they make, as they are designed to make tracing more difficult.
The complexities involved in building and maintaining these additional layers (which both involve additional hardware) mean they come with their own sets of security issues, creating extra weak links in the BTC transaction process.
Liquid’s timelock inconsistency issue
Prestwich highlighted an issue that saw 870 BTC frozen in a Liquid moderation queue after timelock on a large UTXO expired for 40 minutes. Blockstream said it was due to “an inconsistency between the timelock parameters used by the functionary HSMs (hardware security modules) and the functionary servers. Due to this bug, some timelocks are occasionally being refreshed shortly after expiry, instead of before expiry as designed.”
Blockstream acknowledged the issue was a “bug,” and later published a blog post describing how its team was dealing with the problem. No funds had been lost and the Liquid Federation, a consortium of exchanges which oversees Liquid, kept a series of emergency backup keys in “extreme cold storage distributed around the world” to use in the event of any mishap.
COVID lockdowns prevented physical testing
Blockstream CEO Adam Back said the problem was “a known issue,” but one that had already been fixed for the next version and didn’t present a loss-of-funds risk. Lockdowns arising from the COVID-19 pandemic, he added, had slowed physical testing on Liquid’s servers before deploying a patch.
this is a known issue. the coins are auto-swept forward as part of the HSM peg process. funds are safe as keys are offline and geo-distributed. we were planning to address via HSM upgrade, which is a manual hands on process for security, but covid lock-downs made that difficult.
— Adam Back (@adam3us) June 26, 2020
Flooding and looting Lightning Network
Another recently published article described a potential attack vector on BTC’s primary payment channel, the Lightning Network.
In a paper titled “Flood & Loot: A Systemic Attack On The Lightning Network,” Hebrew University of Jerusalem researchers Jona Harris and Aviv Zohar describe how an attacker could hypothetically overload the network with transactions all at once, triggering the closure of many payment channels faster than the BTC blockchain could settle them. The method could potentially also lead to theft of funds.
Lightning Network is a “payment layer” that records BTC transactions off-chain, then settles them in bulk on the BTC blockchain at a later time. This is intended to take pressure off the 1-4MB block-limited BTC network by handling large volumes of smaller-sized transactions, leaving on-chain transactions only for large fund transfers at higher fees.
Lightning was beta-released in March 2018, after the 2017 BTC-BCH split as a “solution” to BTC’s inability to handle more than 3-7 transactions per second, and to keep fees low. According to some, creating payment layers first necessitated fixing BTC’s “transaction malleability” issue with Segregated Witness (SegWit), which removed signature data from transaction blocks and fundamentally altered the way BTC transactions functioned.
Liquid’s proponents tout its “trustless” nature and “confidentiality” features, which are designed to hide specific details of transactions—e.g. the amount—from public view. As Prestwich pointed out, the exchange consortium model requires a certain degree of trust in private companies to oversee the network.
Layers upon layers, all off-chain
Anyone who got involved in BTC in its early days should feel swindled if payment/swap layers are to be how “Bitcoin” works on a day-to-day basis. Enthusiasts were interested in a digital asset where all transactions were stored on a public and auditable blockchain, one that had enough capacity to be the world’s primary payment network. The software protocol handled daily operations and transaction processors (miners) kept the network operating and secure. Users were promised fast, cheap transactions at any size and volume. Early Bitcoin wasn’t sold as a static vault backing spendable proxy tokens, nor was the blockchain described as a settlement layer only.
The evidence of this promise is in early Bitcoin apps, which included on-chain dice games and merchant point-of-sale systems. Most of the former are long gone, while many POS devices sit gathering dust on shop counters. BTC is a very bad payment system, it is too slow and too expensive.
If BTC could handle smart contracts, as BSV does, asset swaps could be performed on-chain also. Moreover, Liquid only needs to exist thanks to the popularity of trading and price speculation—the main way most blockchain digital assets ever get used.
Bitcoin is meant to function now the same way it functioned a decade ago. It was supposed to scale on-chain. Somewhere along the way, BTC got mired in mythical new priorities like “decentralization,” “censorship resistance” and price bubbles, and the original vision was lost. Luckily, Satoshi’s vision survives to this day—but as BSV, not BTC.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.