Open in app

Sign in

Write

Sign in

Warning about update to LND 0.5.1

BTCPay Server
4 min readDec 7, 2018

--

Today, we’re pushing an update for LND implementation in BTCPay to the 0.5.1 version.

However, for a minority of users this update can go wrong and could potentially leave a portion of users with the LND on-chain wallet empty, even if it has funds. The funds in channels are not affected.

As a precaution, we advise you to sweep your LND on-chain wallet before updating your BTCPay Server.

If you forget to sweep before the update, and you are part of the affected users, there is sadly no good workaround to fix the situation, other than opening an GitHub issue in the LND repository and wait for technical help.

Details of the issue

A bug discovered in LND 0.5, would, in some situation not show some UTXOs belonging to your wallet. In other words, your LND wallet balance would be lower than it really is.

LND 0.5.1 fix this bug, but as an added precaution, it scans all the blocks of your wallet from the birthday of your wallet.

Now, most BTCPay Server nodes (Azure and LunaNode setup) are pruned with a target size of 60GB. It means that your node, as of today (7th of December 2018), have blocks until December 2017. So this update will likely work as expected.

However, some users may have pruned more aggressively and the rescan of LND 0.5.1 might not work.

This means that your LND wallet would show empty after the update, and there is no way to recover this situation that does not involve highly technical skills. Even downgrading to 0.5 will fail.

As a precaution, we advise you to sweep your LND on-chain wallet before updating your BTCPay Server.

How to withdraw the funds from your LND on-chain wallet

Here is how you can seep your funds from the on-chain wallet.

Method 1: Command Line

SSH log in into your virtual machine.

sudo su -
bitcoin-lncli.sh walletbalance

You will see:

{
 “total_balance”: “4881725”,
 “confirmed_balance”: “4854503”,
 “unconfirmed_balance”: “27222”
}

Now do

bitcoin-lncli.sh sendcoins youraddresshere amount

In our example, that would be

bitcoin-lncli.sh sendcoins 3ErjiZd9Y9V9NpyXpBf22sk2zw8LarZEMn 4854503

Method 2: Zap or other wallets

If you’re using a wallet as a GUI for your BTCPay Lightning Network node, you can withdraw the funds that way. In this example, we will show you how to do it in Zap wallet.

Your wallet balance equals A-B (A is your entire balance, B is network balance - what you have in channels)

Now that you know the wallet balance, go to “Pay” and then enter the amount and your on-chain address and withdraw the on-chain funds from your wallet.

Alternatively, if by any chance you’re running two Lightning Network nodes, you can send the funds to your second node while upgrading.

Now that you’ve done that, you can update your BTCPay Server.

Root cause of this situation

The first reason is that BTCPay Server, for UX reasons, does not allow the user to backup his LND seed to restore on a different wallet (we use noseedbackup=1).
We’ve chosen to do it that way because we consider it is hard to explain to users that backing up your seed does not necessarily mean that you will recover all your funds (some funds are locked into channels).

While LND team believes it is better to get back some of the funds instead of losing all the funds, we believe it gives our users a false sense of security which may incentivize them to put too much money in a lightning node.

BTCPay Server believes a better course of action is to warn the user to not be reckless and to not put too much money inside his lightning node.

The second reason is that LND behaves differently than c-lightning.
C-Lightning does not have this seed setup, and we prefer not having node specific implementation logic inside BTCPay server code to increase compatibility with other lightning implementation.

Now, LND team is taking two assumptions:

  1. Users does not run on a pruned node (this is not officially supported nor documented)
  2. Users have access to their seed

Those two assumptions are sensible but are assumptions BTCPay Server is not following. We use pruned node because there is no economical way to host a lightning node with the full chain. And we do not give users their seed, because it is giving them a false sense of security. (as explained previously)

Conclusion

BTCPay Server will not, in the medium term, allow users to backup their seed to recover in case of a crash of the Lightning node. So please don’t be too reckless.

In the long term we hope that either:

  1. Implementations of BOLT protocols reach a consensus on the way to handle restore which works cross-implementation. (As far as we know, Eltoo offers better solutions but needs consensus changes in Bitcoin)
  2. Somebody codes the necessary feature to allow users to backup the relevant files of LND or c-lightning, as well as the code to restore from the BTCPay interface.

LND is currently working on a way to recover all money from a seed and a channel information file. This is a step in the right direction. But until it is done, and until BTCPay does expose this capability through the interface, you need to be careful, and not put too much money in your lightning wallet.

Additional note

After the update, LND very often renew the macaroon. If you don’t manage to reconnect to LND, follow the instructions on this link.

Bitcoin
Lnd

--

--

BTCPay Server

Written by BTCPay Server

371 Followers

Payment Processor for Sovereign individuals

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams