Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Bastien TEINTURIER
Oct 19, 2023/08:12 UTC
In the email, Antoine expresses gratitude to Bastien for his work on a particular issue. Bastien confirms that the latest version of Eclair, v0.9.0, includes the described mitigations. He explains that Eclair has been monitoring the mempool for preimages since its early versions, relying on Bitcoin Core's ZMQ notifications for incoming transactions. This ensures that they can observe the HTLC success transaction, even if it is quickly replaced, as long as they do not exceed the ZMQ limits.
However, Matt raises a point that more fundamental work needs to be done at the bitcoin layer to enhance the resilience of Layer 2 protocols against this type of attacks.
Overall, the email acknowledges Antoine's contribution, confirms the inclusion of mitigations in Eclair, and recognizes the need for further improvements at the bitcoin layer to address these attacks.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback