Skip to content

v0.1.4 - May 23, 2025 - "Careful Validation of Bogus States"

Latest
Latest
Compare
Choose a tag to compare
@TheBlueMatt TheBlueMatt released this 25 May 15:56
· 1384 commits to main since this release
v0.1.4
63f41fd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Bug Fixes

  • In cases where using synchronous persistence with higher latency than the
    latency to communicate with peers caused issues fixed in 0.1.2,
    ChannelManagers may have been left in a state which LDK 0.1.2 and later
    would refuse to deserialize. This has been fixed and nodes which experienced
    this issue prior to 0.1.2 should now deserialize fine (#3790).
  • In some cases, when using synchronous persistence with higher latency than
    the latency to communicate with peers, when receiving an MPP payment with
    multiple parts received over the same channel, a channel could hang and not
    make progress, eventually leading to a force-closure due to timed-out HTLCs.
    This has now been fixed (#3680).

Security

0.1.4 fixes a funds-theft vulnerability in exceedingly rare cases.

  • If an LDK-based node funds an anchor channel to a malicious peer, and that
    peer sets the channel reserve on the LDK-based node to zero, the LDK-node
    could overdraw its total balance upon increasing the feerate of the
    commitment transaction. If the malicious peer forwards HTLCs through the
    LDK-based node, this could leave the LDK-based node with no valid commitment
    transaction to broadcast to claim its part of the forwarded HTLC. The
    counterparty would have to forfeit their reserve value (#3796).
Assets 2
Loading