Bitcoin Optech Newsletter #124 Bitcoin Optech

This week’s newsletter contains a warning about backdoored VM images.
Also included are our regular sections with summaries of notable
improvements to clients and services, announcements of releases and
release candidates, and changes to popular Bitcoin infrastructure

Action items

  • Backdoored VM images: a user on Reddit posted
    about losing funds after using an AWS image that came with a Bitcoin
    full node already installed and synced to a recent block. Although
    the source of the loss was not fully determined in the thread, it was
    suggested that virtual machine images or other curated collections of
    software, especially those designed for Bitcoin or other
    cryptocurrencies, provide an effective mechanism for delivering
    backdoored software to valuable servers. This is a reminder that you
    should only install software from trustworthy sources. Additionally,
    please remember that your VM provider and their support staff can
    likely access any private keys on your server even if you perfect
    every other aspect of your security. In short, please consider
    performing extra diligence on any software or service to which you
    will entrust the creation of non-reversible Bitcoin transactions.


No significant Bitcoin technical news this week.

Changes to services and client software

In this monthly feature, we highlight interesting updates to Bitcoin
wallets and services.

  • Sparrow Wallet adds payment batching and payjoin:
    Sparrow’s recent 0.9.6 and 0.9.7 releases
    added payment batching and payjoin capabilities respectively.

  • Nunchuk open sources Bitcoin Core backed multisig library:
    The team that developed the Nunchuk desktop application has
    announced libnunchuk, a C++ multisig library that leverages
    Bitcoin Core’s existing codebase.

Releases and release candidates

New releases and release candidates for popular Bitcoin infrastructure
projects. Please consider upgrading to new releases or helping to test
release candidates.

  • C-Lightning 0.9.2rc1 is a release candidate for
    the next maintenance version of C-Lightning. It contains new
    features, updated options, and bug fixes.

Notable code and documentation changes

Notable changes this week in Bitcoin Core,
C-Lightning, Eclair, LND,
Rust-Lightning, libsecp256k1,
Hardware Wallet Interface (HWI), Bitcoin Improvement Proposals
, and Lightning BOLTs.

  • C-Lightning #4168 adds the ability for a plugin to specify that a hook be
    run before or after that of another plugin. Plugin authors wishing to ensure
    their plugin’s relative load ordering in this way should amend their
    getmanifest method’s response as shown here.

  • C-Lightning #4171 updates the hsmtool command with a new
    dumponchaindescriptors parameter that prints the output script
    for the keys and scripts used by
    C-Lightning’s onchain wallet. These descriptors may then be imported
    into a watch-only wallet to track any onchain transactions made
    by the LN node. This feature was requested to help improve integration between BTCPay
    default hot wallet and the optional LN server.

  • Eclair #1599 makes spending more intelligent when considering
    sending a multipath payment to a channel
    counterparty. When the receiver shares a direct channel with the
    spender, the spender knows exactly how much money is available to be
    sent in that channel. With this change, up to that amount can be
    allocated to the initial part of the payment instead of splitting it
    across multiple paths. Any remainder that still needs to be sent can
    still use other paths.

  • LND #4715 adds a --reset-wallet-transactions configuration
    parameter that will remove all onchain transactions from LND’s wallet
    and then start a rescan of the block chain to repopulate the wallet.

  • BOLTs #808 adds a warning that nodes must not release their own
    HTLC preimages unless they’re the final receiver of a payment. This
    warning may help new implementations avoid the premature release of preimages which caused
    CVE-2020-26896 (see Newsletter #121).

—Source link—

What do you think?

How to maximize your Ledger Bankless

Competitive Equilibria Between Staking and On-chain Lending Cryptoeconomic Systems