Description
The package splitting logic in OnchainTxHandler.update_claims_view_from_matched_tx scans confirmed transactions for any spends that conflict with the current package templates. If a conflicting spend for one of the package inputs is found, it splits that input out of the package and attempts to claim the remaining package inputs in a new transaction. Unfortunately the logic to detect conflicts stops once it finds the first conflicting package, so if the counterparty confirms a transaction conflicting with two packages, we fail to split up the second package. As a result, the transaction we create and broadcast for the second package will contain an already-spent input and can never be mined.
The offending line is here:
In currently released versions of LDK, this bug can be exploited to lock up a victim node's liquidity.
After #3340 the bug can be exploited to steal funds. Note that only v0.1.0-beta1 is vulnerable to the theft attack, and no official (non-beta) releases are vulnerable.
As discussed with @TheBlueMatt and @wpaulino, the bug will be fixed prior to the official v0.1.0 release.