CVE-2022-39389

Name of the Vulnerable Software and Affected Versions Lightning Network Daemon (lnd) versions prior to 0.15.4

Description The issue is related to a block parsing bug that can cause a node to enter a degraded state. In this state, nodes can continue to make payments and forward HTLCs, and close out channels, but opening channels is prohibited and on-chain transaction events will be undetected. This can lead to loss of funds if a CSV expiry is researched during a breach attempt or a CLTV delta expires, forgetting the funds in the HTLC.

Recommendations For versions prior to 0.15.4, upgrade to version 0.15.4 or later to resolve the issue. As a temporary workaround for users unable to upgrade, use the lncli updatechanpolicy RPC call to increase the CLTV value to a very high amount or increase fee policies, preventing nodes from routing through your node and minimizing the risk of exploitation.