mirror of https://github.com/lightninglabs/loop
loop+loopout: validate hash of swap invoice
This commit fixes a possible exploit by the loop server, where - in a loop out - the server could claim money off-chain, without publishing an on-chain swap htlc. The server could do this by responding with a regular invoice, whose hash is different than the hash in the NewLoopOutSwap request. To prevent the exploit, we validate that the hash of the swap invoice is equal to the hash the client generated.pull/70/head
parent
6da8494a0f
commit
8d7a272fdd
Loading…
Reference in New Issue