From fiatjaf at gmail.com Thu Jul 13 21:03:11 2023 From: fiatjaf at gmail.com (fiatjaf) Date: Thu, 13 Jul 2023 18:03:11 -0300 Subject: [Lightning-dev] Potential vulnerability in Lightning backends: BOLT-11 "payment hash" does not commit to payment! In-Reply-To: <6cf3228cd9f8055f4aab54e47ed347b1@dtrt.org> References: <1utFohrCmGSLedGY8Pa6YSKkdKCPYDyESnIARlBdGBaRopJdElTn4NH004prS53mjhqbWYthLhVwoBZGf76bIrUlvVwKLKemPfJuJb6YqYw=@protonmail.com> <6cf3228cd9f8055f4aab54e47ed347b1@dtrt.org> Message-ID: <CAEjd=roR=wD8vSBX3ajnmRKacO_TKN8_NGKt=nD1PjOQhH1R4w@mail.gmail.com> On Thu, Jul 13, 2023 at 3:47?AM David A. Harding <dave at dtrt.org> wrote: > My question is whether you think it would be worthwhile to ask > developers of the underlying LN node implementations you use to support > self-payment of their own invoices (if they don't already). As far as I know no Lightning node has this ability, which is very unfortunate. If possible this should definitely be implemented. It would be the biggest feature for custodial Lightning service providers of all kinds since always.