Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Matt Morehouse
Oct 19, 2023/17:53 UTC
The email discusses the concept of replacement cycles in the context of reducing the cost of an attack. The defender implements a scorched-earth fee bumping policy to counter the attacker's strategy. This policy ensures that either the HTLC-timeout will confirm in the next block or the attacker must pay more fees than the HTLC-timeout fees to replace it. As the CLTV delta deadline approaches, the fees required for replacement may reach 50%, 80%, or even 100% of the HTLC value under this policy. This makes the attack unprofitable, especially considering that multiple replacements may be necessary as the deadline approaches. The email emphasizes the need to further tune the fee bumping curve to ensure minimal fees when not under attack. However, as the deadline nears, it is recommended to adopt an aggressive approach to both confirm transactions during high mempool congestion and punish replacement-cycling attackers.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback