TL;DR – the kind of attack described does not allow the attacker to “take full control” of the lightning network as is being said on twitter. In fact, we have yet to see it take place “in the wild” precisely because it is too difficult to create an environment for it to take place.
People love to take swipes at the lightning network precisely because it is something that functions correctly without much issue to speak of.
The thread that caught my attention and “drew me in” figuratively speaking, lead to this “leaked” email log:
I believe that this dev left, in principle, because in a 1-on-1 transaction basis, at mempool heights, when many people are making tons of transactions, it is possible to steal funds from another user. However, the amount of planning necessary to make this take place, outweighs the amount of effort to put in to the attack. Additionally, the attacker has to post their own funds to make this attack take place. – cause for concern… – sensationalist / flat out lie. – Shinobi, lightning dev, just telling the situation like it is.
Once again, to emphasize, I’m not an expert on this topic, but I feel as though the dev in question who left, Antoin Riard, chose to do so because he was not happy with the situation was being handled.
And finally, I invite /u/eyeloft and shinobi (if possible) to come in here and lend their perspectives.
EDIT: suggested fixes have also been sent out to the mailing list:
submitted by /u/sgtslaughterTV
[link] [comments]