A newly identified vulnerability, CVE-2024-55563, has been discovered within the Bitcoin network’s transaction-relay mechanism, posing significant risks to the stability of the Lightning Network. This vulnerability, known as a “transaction-relay jamming attack,” allows attackers to exploit weaknesses in Bitcoin full nodes by flooding them with excessive junk transactions. These transactions overwhelm the processing capabilities of the nodes, hindering their ability to relay legitimate transactions. The disruption can have far-reaching consequences on the Lightning Network, which is designed to facilitate faster and cheaper transactions on the Bitcoin blockchain.
The vulnerability report highlights two primary attack vectors: the High-Overflow Attack and the Low-Overflow Attack. The High-Overflow Attack targets Bitcoin’s fee-rate prioritization mechanism. By introducing a large number of high-fee transactions, attackers can effectively bury lower-fee transactions, delaying or preventing their propagation across the network. This can be especially detrimental to time-sensitive transactions, which are crucial for maintaining the proper functioning of Lightning channels. In contrast, the Low-Overflow Attack exploits the MAX_PEER_TX_ANNOUNCEMENTS limit, which restricts the number of transactions a node can announce to its peers. Attackers can force nodes to exceed this limit, causing them to drop legitimate transactions and disrupting the flow of information in the network.
The exploitation of this vulnerability could have severe consequences for the Bitcoin network and the Lightning Network. Financially, attackers could block the propagation of critical transactions, potentially seizing funds locked within Lightning channels. Payment disruptions could also occur, leading to failures and delays in transactions, which would undermine the reliability of the Lightning Network. Furthermore, the jamming attack could cause network degradation by overwhelming Bitcoin’s infrastructure, resulting in slower transaction confirmation times and higher fees. This could damage the overall user experience and hinder the adoption of the Lightning Network as a scalable solution for everyday Bitcoin transactions.
To address this vulnerability, experts recommend several mitigation strategies, including randomized transaction rebroadcasts and the over-provisioning of transaction-relay throughput. However, the vulnerability report stresses the need for a more robust and comprehensive solution integrated into the base layer of the Bitcoin protocol. By addressing this issue at the protocol level, the Bitcoin network and Lightning Network can become more resilient against such attacks, ensuring continued reliability and stability for users and businesses relying on these networks for fast, secure, and efficient transactions.
Reference:
