Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Antoine Riard
Oct 18, 2023/02:57 UTC
The email discusses the various mitigations mentioned in the disclosure mails related to Lightning Network attacks. In addition to mempool scanning and transaction re-signing/re-broadcasting, the third mitigation mentioned is bumping CLTV delta. Bumping CLTV delta is considered a basic line of defense against many Lightning attacks as it allows node operators to intervene and re-broadcast their time-sensitive transactions on other interfaces, such as a secondary full-node if the first one is eclipsed.
The second mitigation mentioned is transaction re-signing, which, if done correctly, imposes an economic cost in terms of fees/feerates on the attack. However, it is unclear whether this cost holds true in game theory. Deploying stratum v2, which increases the number of miners capable of creating their own block templates, could make the attack more difficult as the attacker would need to continuously replace channels' counterparties transactions in multiple miners' mempools. Implementing a replacement buffer or maintaining a history of transactions at the mempool level could potentially mitigate this attack, but its effectiveness is yet to be determined.
The email mentions that the original paper highlighted fees as a challenging issue. The sender is unsure if individuals like Tadge or Rusty, who were involved in the early design of Lightning, have additional ideas regarding mitigations for these attacks.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback