Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Matt Morehouse
Oct 19, 2023/16:23 UTC
The email discusses a potential defense mechanism against an attacker in a scenario where an honest node aggressively fee-bumps and retransmits the HTLC-timeout as the CLTV delta deadline approaches. The approach, referred to as the "scorched earth" approach, involves the honest node increasing the fee by 1/10th of the HTLC value for each non-confirmation within 10 blocks of the deadline. This strategy may result in considerable fees for the honest node but would cost the attacker even more, as each replacement made by the attacker needs to burn at least as much as the HTLC-timeout fees. Additionally, the attacker would need to perform a replacement every time the honest node fee bumps.
The suggested fee-bumping policy aims to provide sufficient defense against the attacker, even if the attacker is replacement-cycling directly in miners' mempools and the victim has no visibility into the attack. By implementing this strategy, the honest node can potentially deter the attacker and incur higher costs for them. The email does not provide further details or examples related to this defense mechanism.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback