Lightning Network Error Code Reference
Reference guide to Lightning Network error codes: BOLT-defined failure codes, onion routing errors, HTLC failures, common causes, and troubleshooting steps.
Lightning Network Error Codes
Lightning Network error codes are defined across multiple BOLT specifications and serve two distinct purposes: signaling payment routing failures back to the sender (BOLT #4 onion failure codes) and communicating peer-to-peer channel errors between directly connected nodes (BOLT #1 error and warning messages). Understanding these codes is essential for debugging failed payments, diagnosing channel issues, and building reliable Lightning applications.
This reference covers every failure code in the current specification, explains the bit-flag system used to classify failures, maps common developer-facing errors to their BOLT-level codes, and provides troubleshooting guidance for each.
How Failure Codes Are Structured
BOLT #4 failure codes are 16-bit integers. The top four bits are flags that classify the error, while the lower 12 bits identify the specific failure. The final code is constructed by OR-ing the flags with the base error number. For example, unknown_next_peer has base number 10 and the PERM flag (0x4000), producing a final code of 0x400A (16394 decimal).
| Flag | Hex Mask | Bit | Meaning |
|---|---|---|---|
| BADONION | 0x8000 | 15 | Onion packet was unparsable by the processing node |
| PERM | 0x4000 | 14 | Permanent failure: retrying the same route will not succeed |
| NODE | 0x2000 | 13 | Failure at the node level (otherwise channel-level) |
| UPDATE | 0x1000 | 12 | A channel forwarding parameter was violated; a channel_update may be attached |
These flags tell the sender how to react. A PERM failure means the sender should not retry on the same route. An UPDATE failure indicates that the sender's routing graph is stale and should be refreshed. A NODE failure means the entire node should be avoided, not just the specific channel. BADONION failures indicate corrupted onion routing packets.
BOLT #4 Onion Failure Codes
These failure codes travel inside encrypted return packets via update_fail_htlc (message type 131) and are decrypted by the payment sender. They are the primary error codes you encounter when a Lightning payment fails mid-route. Each code includes data fields that help the sender diagnose the issue.
| Code (Hex) | Code (Dec) | Name | Flags | Cause |
|---|---|---|---|---|
0x2002 | 8194 | temporary_node_failure | NODE | General transient failure at the processing node (overloaded, restarting, etc.) |
0x6002 | 24578 | permanent_node_failure | PERM | NODE | Processing node has a permanent error: do not route through it |
0x6003 | 24579 | required_node_feature_missing | PERM | NODE | Node requires a feature bit not present in the onion payload |
0xC004 | 49156 | invalid_onion_version | BADONION | PERM | Onion version byte not recognized by the processing node |
0xC005 | 49157 | invalid_onion_hmac | BADONION | PERM | Onion HMAC verification failed: corrupted or tampered packet |
0xC006 | 49158 | invalid_onion_key | BADONION | PERM | Ephemeral key in the onion packet could not be parsed |
0x1007 | 4103 | temporary_channel_failure | UPDATE | Channel cannot handle this HTLC right now (usually insufficient capacity) |
0x4008 | 16392 | permanent_channel_failure | PERM | Channel is permanently unable to forward HTLCs |
0x4009 | 16393 | required_channel_feature_missing | PERM | Channel requires features not present in the onion payload |
0x400A | 16394 | unknown_next_peer | PERM | The short_channel_id in the onion does not match any channel from the processing node |
0x100B | 4107 | amount_below_minimum | UPDATE | HTLC amount is below the channel's htlc_minimum_msat |
0x100C | 4108 | fee_insufficient | UPDATE | Forwarding fee included in the HTLC does not meet the channel's requirement |
0x100D | 4109 | incorrect_cltv_expiry | UPDATE | CLTV expiry delta between incoming and outgoing HTLCs is below the channel's cltv_expiry_delta |
0x100E | 4110 | expiry_too_soon | UPDATE | CLTV expiry on the outgoing HTLC is too close to the current block height |
0x400F | 16399 | incorrect_or_unknown_payment_details | PERM | Final node: unknown payment hash, wrong payment secret, insufficient amount, or expired CLTV |
0x0012 | 18 | final_incorrect_cltv_expiry | (none) | CLTV expiry in the HTLC is less than the value specified in the onion |
0x0013 | 19 | final_incorrect_htlc_amount | (none) | Amount in the HTLC is less than the value specified in the onion |
0x1014 | 4116 | channel_disabled | UPDATE | Forwarding channel has been disabled (peer offline or manually disabled) |
0x0015 | 21 | expiry_too_far | (none) | CLTV expiry extends unreasonably far into the future |
0x4016 | 16406 | invalid_onion_payload | PERM | Decrypted per-hop onion payload has malformed or incomplete TLV data |
0x0017 | 23 | mpp_timeout | (none) | Not all parts of a multi-part payment arrived within the timeout window |
0xC018 | 49176 | invalid_onion_blinding | BADONION | PERM | Error within a blinded path segment: actual failure is hidden for privacy |
Note: Three legacy codes have been deprecated.invalid_realm(0x4001) was removed in 2024 when the realm byte was dropped from the onion format.incorrect_payment_amount(0x4010) andfinal_expiry_too_soon(0x0011) were merged intoincorrect_or_unknown_payment_detailsto prevent payment probing attacks.
Peer-to-Peer Error Messages (BOLT #1)
Separate from onion failure codes, BOLT #1 defines error (type 17) and warning (type 1) messages for direct peer-to-peer communication. These are not payment-path failures: they signal channel-level problems between two directly connected nodes.
An error message is fatal: the receiving node MUST fail the referenced channel (or all channels with the peer if the channel_id is all zeros). This triggers a unilateral force close. A warning message is non-fatal: it should be logged and may prompt a graceful shutdown negotiation but does not require immediate channel closure.
Common triggers for peer-to-peer error messages include:
- Invalid or non-standard signatures on commitment transactions
- Channel reserve requirement violations
- Funding transaction not confirmed within the expected window
- Protocol version or feature negotiation failures
- HTLC limit or dust threshold violations
- Unrecoverable internal errors at either node
Common Developer Errors and Their Codes
The error messages surfaced by Lightning node implementations (LND, CLN, Eclair, LDK) often use human-readable strings rather than raw BOLT codes. The following table maps common developer-facing errors to their underlying BOLT failure codes.
| Error Message | BOLT Code | Troubleshooting |
|---|---|---|
| "No route found" | N/A (client-side) | Pathfinding failed before sending any HTLC. Check that the destination is reachable, your node's graph is synced, and you have sufficient outbound liquidity |
| "Insufficient local balance" | temporary_channel_failure (0x1007) | The outgoing channel lacks capacity for this HTLC. Open additional channels, rebalance with a circular rebalance, or use multi-path payments to split across channels |
| "Unknown payment hash" | incorrect_or_unknown_payment_details (0x400F) | The recipient does not recognize the payment hash. Verify the invoice is current and the preimage has not already been claimed |
| "Invoice expired" | incorrect_or_unknown_payment_details (0x400F) | The invoice CLTV has passed. Request a new invoice from the recipient |
| "Fee too low" | fee_insufficient (0x100C) | Your routing graph has stale fee data. Update channel policies and retry. The attached channel_update contains current fee parameters |
| "CLTV delta too low" | incorrect_cltv_expiry (0x100D) | The timelock delta between hops is below the channel's required minimum. Update your graph with the latest channel policies |
| "Channel disabled" | channel_disabled (0x1014) | The forwarding channel is offline or manually disabled. Exclude it from route calculations and retry on an alternate path |
| "Next hop unknown" | unknown_next_peer (0x400A) | The channel referenced in your route no longer exists (closed or never opened). Refresh your routing graph |
| "MPP timeout" | mpp_timeout (0x0017) | Some parts of a multi-part payment did not arrive in time. Retry the full payment: partial amounts are automatically refunded via HTLC timeout |
| "Onion decryption failed" | invalid_onion_hmac (0xC005) | Packet corruption or a node using incompatible onion construction. Retry on a different path. If persistent, the intermediate node may be malicious |
| "Channel force closed" | error (type 17, BOLT #1) | Peer sent a fatal error message. Check your node logs for the specific reason. Common causes: stale commitment state, signature verification failure, or watchtower-detected breach attempt |
| "Amount below minimum" | amount_below_minimum (0x100B) | HTLC amount is below the channel's htlc_minimum_msat. Increase the payment amount or route through channels with lower minimums |
Troubleshooting Payment Failures
When a payment fails, the encrypted failure message travels back through each hop of the onion route until it reaches the sender. The sender decrypts the failure to determine which node returned the error and why. Use the Lightning invoice decoder to inspect invoice parameters and verify that payment details are correct before debugging routing issues.
Temporary vs. Permanent Failures
If a failure code lacks the PERM flag (bit 14), the issue may resolve on its own. For temporary_channel_failure (0x1007), the most common Lightning error, the channel may regain capacity after pending HTLCs settle. Retry after a brief delay or let your node's pathfinder select an alternate route. For PERM failures like unknown_next_peer (0x400A), the sender should immediately remove the failing channel from its routing graph and not retry on the same path.
UPDATE Failures and Stale Routing Data
Failure codes with the UPDATE flag (bit 12) indicate that the sender's routing graph contains outdated channel parameters. The failure message may include a channel_update with the current fee rate, CLTV delta, or minimum HTLC size. Your node should apply this update before recalculating a route. If you see frequent UPDATE failures, your node may not be receiving gossip messages efficiently: check peer connectivity and gossip sync status.
BADONION Failures
BADONION failures (bit 15) mean the onion packet itself was corrupted or malformed. These are always permanent. They can indicate a bug in the sender's onion construction, network-level packet corruption, or a malicious intermediate node stripping or modifying the onion. Since the onion cannot be parsed, the failing node sends the error via update_fail_malformed_htlc (message type 135) instead of the standard encrypted failure path.
Blinded Path Errors
Blinded paths, introduced for receiver privacy in BOLT 12, use the catch-all code invalid_onion_blinding (0xC018) for any error within the blinded segment. This deliberately hides the actual failure reason to prevent the sender from learning which hop within the blinded path failed. If you encounter this error, retry with the same or an alternate blinded path: you cannot diagnose the specific issue from the sender's perspective.
Error Handling Architecture
The Lightning Network uses two distinct error systems that operate at different layers of the protocol stack:
- BOLT #4 onion failure codes are encrypted and travel backward through the payment path inside
update_fail_htlcmessages. Only the original sender can decrypt and read them. Intermediate nodes cannot see failure codes from downstream hops - BOLT #1 error/warning messages are plaintext and exchanged directly between two connected peers. They affect the channel between those peers specifically
This separation is fundamental to Lightning's privacy model. A forwarding node learns that an HTLC failed downstream (it receives update_fail_htlc) but cannot read why: the failure reason is encrypted to the sender's key. For a deeper look at how onion routing protects payment privacy, see our research on onion routing and Lightning privacy.
Deprecated and Removed Codes
As the BOLT specifications evolve, some failure codes are deprecated or removed. Implementations may still encounter these codes from older nodes on the network:
invalid_realm(0x4001): removed in 2024 when the realm byte was dropped from the onion format. Older nodes may still return this for malformed onionsincorrect_payment_amount(0x4010): deprecated in favor ofincorrect_or_unknown_payment_details(0x400F) to prevent probing attacks that could distinguish "wrong amount" from "unknown hash"final_expiry_too_soon(0x0011): also merged into 0x400F for the same anti-probing reason
The consolidation of these codes into a single incorrect_or_unknown_payment_details response was a deliberate privacy improvement. Previously, an attacker could probe whether a node was the final destination of a payment by sending payments with correct hashes but wrong amounts: if the node returned "wrong amount" instead of "unknown hash," the attacker confirmed it was the intended recipient.
Frequently Asked Questions
What does temporary_channel_failure mean on Lightning Network?
temporary_channel_failure (0x1007) is the most common Lightning payment error. It means a forwarding channel cannot handle the HTLC at this moment, usually because it lacks sufficient outbound capacity. The failure is transient: the channel may have capacity after pending HTLCs resolve. Your node should automatically retry on an alternate route. If you see this error repeatedly on your own channels, consider rebalancing or opening additional channels.
How do I fix "unknown_next_peer" errors?
unknown_next_peer (0x400A) means your routing graph references a channel that the processing node does not have. The channel was likely closed since your graph was last updated. Ensure your node is syncing gossip data from well-connected peers, and consider using route hints when paying invoices from nodes with private channels. This is a permanent failure: do not retry on the same route.
Why do Lightning payments fail with "incorrect or unknown payment details"?
incorrect_or_unknown_payment_details (0x400F) is a catch-all code returned by the final node. It intentionally combines multiple failure reasons (unknown payment hash, wrong payment secret, insufficient amount, expired invoice) into a single response to prevent probing attacks. Check that the invoice has not expired, the payment amount matches what the recipient expects, and you are using the correct payment secret from the invoice.
What is the difference between BOLT #1 errors and BOLT #4 failure codes?
BOLT #1 error (type 17) and warning (type 1) messages are plaintext messages exchanged directly between two connected peers. They affect the channel relationship between those nodes and can trigger force closes. BOLT #4 failure codes are encrypted onion messages that travel backward through a multi-hop payment route: only the original sender can read them. BOLT #1 errors handle channel-level problems; BOLT #4 codes handle payment routing failures.
How do blinded path errors work on Lightning?
When a payment fails within a blinded path, the error is replaced with the generic invalid_onion_blinding (0xC018) code. This prevents the sender from learning which specific hop in the blinded segment failed or why. The tradeoff is reduced debuggability in exchange for stronger receiver privacy: the sender cannot map the internal structure of the blinded route. This code was introduced alongside BOLT 12 offers.
What causes mpp_timeout errors?
mpp_timeout (0x0017) occurs when a multi-part payment recipient does not receive all payment parts within a reasonable time. The recipient holds partial HTLCs waiting for the remaining parts, and if they do not arrive, all parts are failed back. This typically happens when one payment shard encounters routing failures while others succeed. Retry the entire payment: partial amounts are returned to the sender via standard HTLC timeout mechanisms.
Can I see the raw failure code from a failed Lightning payment?
Yes. Most Lightning node implementations expose failure details in their APIs. In LND, check lncli payinvoice output or query lncli trackpayment for the failure_reason field. In CLN, use lightning-cli pay which returns structured failure data including the failing node and error code. LDK exposes failure information through its PaymentPathFailed event. The raw hex failure code maps directly to the BOLT #4 codes listed in this reference.
This reference is for informational purposes only and does not constitute financial or technical advice. Error codes are based on the current BOLT specifications and may change as the protocol evolves. Always consult the latest BOLT specification repository for authoritative definitions.
Build with Spark
Integrate bitcoin, Lightning, and stablecoins into your app with a few lines of code.
Read the docs →