|
83 | 83 | ## Bug Fixes |
84 | 84 | * Fixed a rare case where a BOLT 12 payment may be made duplicatively if the |
85 | 85 | node crashes while processing a BOLT 12 `invoice` message (#3313). |
86 | | - * Fixed a bug where a counterparty can cause funds of ours to be locked up |
87 | | - by broadcasting a revoked commitment transaction and following HTLC |
88 | | - transactions in specific formats when using an anchor channel. The funds can |
89 | | - be recovered by upgrading to 0.1 and replaying the counterparty's broadcasted |
90 | | - transactions (using `Confirm::transactions_confirmed`) (#3537). |
91 | 86 | * Fixed a bug where a malicious sender could cause a payment `Event` to be |
92 | 87 | generated with an `OfferId` using a payment with a lower amount than the |
93 | 88 | corresponding BOLT 12 offer would have required. The amount in the |
|
159 | 154 | will have `balance_msat` equal to `next_outbound_htlc_limit_msat` (#3243). |
160 | 155 |
|
161 | 156 | ## Security |
162 | | -0.1 fixes a funds-theft vulnerability when paying BOLT 12 offers. |
| 157 | +0.1 fixes a funds-theft vulnerability when paying BOLT 12 offers as well as a |
| 158 | +funds-lockup denial-of-service issue for anchor channels. |
163 | 159 | * When paying a BOLT 12 offer, if the recipient responds to our |
164 | 160 | `invoice_request` with an `invoice` which had an amount different from the |
165 | 161 | amount we intended to pay (either from the `offer` or the `amount_msats` |
166 | 162 | passed to `ChannelManager::pay_for_offer`), LDK would pay the amount from the |
167 | 163 | `invoice`. As a result, a malicious recipient could cause us to overpay the |
168 | 164 | amount we intended to pay (#3535). |
| 165 | + * Fixed a bug where a counterparty can cause funds of ours to be locked up |
| 166 | + by broadcasting a revoked commitment transaction and following HTLC |
| 167 | + transactions in specific formats when using an anchor channel. The funds can |
| 168 | + be recovered by upgrading to 0.1 and replaying the counterparty's broadcasted |
| 169 | + transactions (using `Confirm::transactions_confirmed`) (#3537). |
169 | 170 | * Various denial-of-service issues in the formerly-alpha `lightning-liquidity` |
170 | 171 | crate have been addressed (#3436, #3493). |
171 | 172 |
|
|
0 commit comments