[Lightning-dev] Reuse of payment_hash in lightning invoices

[Andrea RASPITZU]

Good morning list,

I wanted to know your thoughts about the reuse of payment_hash in lightning
invoices, currently BOLT11 uses as example a donation invoice which seems
to be "permanent" i.e the payment_hash isn't changing after having received
a donation.I believe the reuse of known payment_hash is a security issue
because an intermediary node routing a donation for the second time already
knows the preimage, thus it can decide to pull the htlc from downstream
without actually forwarding it to upstream (can respond with a
htlc_fulfill). For example a malicious receiver can provide an invoice with
assisted routes where among those he/she controls a node and that node
won't forward to the htlc but steal the funds instead (the preimage is
known to the intermediate node as well), thus it will be claimed that the
payment hasn't been received. If the above is correct then there should be
at least a warning in the spec regarding the reuse of payment_hash in
invoices.

Cheers, Andrea.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190103/34c9d848/attachment.html>