This tool will detect if your node has been victim of the invalid funding tx attack.
Note the default location of eclair.sqlite is:
- on Windows:
C:\Users\<username>\.eclair\mainnet\eclair.sqlite - on Linux:
/home/<username>/.eclair/mainnet/eclair.sqlite
Ask for help on gitter if needed.
Usage
java -jar checkfunding.jar --db eclair.sqliteHelp
$ java -jar checkfunding.jar --help
checkfunding 1.0
Usage: checkfunding [options]
--db <eclair.sqlite> path to eclair.sqlite
--conf <eclair.conf> path to eclair.conf
--help prints this usage text
This utility will detect if your node has been victim of CVE-2019-13000.
Please see the thread on https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-August/002130.html for more details on the vulnerability.
NB: This tool will only work if you have been using released versions of Eclair. If you are on e.g. latest master, please contact support.
Example: checkfunding --db /path/to/eclair.sqlite --conf /path/to/eclair.conf
Verifying signatures
You will need gpg and our release signing key E434ED292E85643A. Note that you can get it:
- from our website: https://acinq.co/pgp/padioupm.asc
- from github user @pm47, a committer on eclair: https://api.github.com/users/pm47/gpg_keys
To import our signing key:
$ gpg --import padioupm.asc
To verify the release file checksums and signatures:
$ gpg -d SHA256SUMS.asc > SHA256SUMS.stripped
$ sha256sum -c SHA256SUMS.stripped