From martin.habovstiak at gmail.com Sun Jul 16 18:11:58 2023 From: martin.habovstiak at gmail.com (=?UTF-8?Q?Martin_Habov=C5=A1tiak?=) Date: Sun, 16 Jul 2023 20:11:58 +0200 Subject: [Lightning-dev] Potential vulnerability in Lightning backends: BOLT-11 "payment hash" does not commit to payment! In-Reply-To: References: <1utFohrCmGSLedGY8Pa6YSKkdKCPYDyESnIARlBdGBaRopJdElTn4NH004prS53mjhqbWYthLhVwoBZGf76bIrUlvVwKLKemPfJuJb6YqYw=@protonmail.com> <6cf3228cd9f8055f4aab54e47ed347b1@dtrt.org> Message-ID: Yeah, my point was to not have to setup any other instance of LND. I'm just testing LND <-> app integration - whether the app receives payments from LND. So another similar flag to do self-payment without going through network would be ideal. D?a ne 16. 7. 2023, 19:32 Olaoluwa Osuntokun nap?sal(a): > lnd supports paying invoices it generates, you just need to set the > `allow_self_payment` field using this > API: https://lightning.engineering/api-docs/api/lnd/router/send-payment-v2 > . > > This _does_ end up actually finding a circular route through the network > though, it's most commonly used to implement circular rebalancing. > > However if you set up another node, and then fund bi-lateral "trusted > channels" (so zero conf channel that will never actually confirm as the > funding point will never exist on chain), then you gain the ability to pay > invoices without doing the actual network route. This doesn't need any > other > external software, and also gives you all the normal payment/invoice > records > you'd expect for normal payments. > > Another way to accomplish the same thing would be to use the > `"allow-circular-route` flag, which'll let you double back on the same > channel (incoming+outgoing channel is the same for the route). > > -- Laolu > > On Sat, Jul 15, 2023 at 8:22?PM fiatjaf wrote: > >> On Thu, Jul 13, 2023 at 3:47?AM David A. Harding wrote: >> > My question is whether you think it would be worthwhile to ask >> > developers of the underlying LN node implementations you use to support >> > self-payment of their own invoices (if they don't already). >> >> As far as I know no Lightning node has this ability, which is very >> unfortunate. >> If possible this should definitely be implemented. It would be the >> biggest feature for custodial Lightning service providers of all kinds >> since always. >> _______________________________________________ >> Lightning-dev mailing list >> Lightning-dev at lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev >> > _______________________________________________ > Lightning-dev mailing list > Lightning-dev at lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: