github.com/lightningnetwork/lnd uses insecure access controls. A lightning node accepting a channel must check that the funding transaction output does indeed open the channel proposed. However, an attacker is able to deny against opening a channel and not pay the peer due to improper validation of the scriptpubkey
.