TLDR

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Antoine Riard

Oct 19, 2023/17:22 UTC

The email discusses a paper on the topic of mitigation, specifically focusing on subsection 3.4 which discusses defensive fee-rebroadcasting. The author mentions that when there is a mempool backlog and the defensive fractional fee HTLC-timeout becomes stuck, it gives an advantage to the attacker. Additionally, the author suggests that an attacker can replace-cycle multiple honest HTLC-timeouts with a single malicious HTLC-preimage, paying the absolute fee while only incurring the RBF penalty. Although the author has not tested this specific behavior, they note that the "fees" math does not seem to favor the defenders.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Antoine Riard

Oct 16, 2023 /16:57 UTC

Antoine Riard

Oct 16, 2023 /16:57 UTC

Peter Todd

Oct 16, 2023 /19:13 UTC

Matt Morehouse

Oct 16, 2023 /22:10 UTC

Olaoluwa Osuntokun

Oct 16, 2023 /22:51 UTC

Olaoluwa Osuntokun

Oct 16, 2023 /22:51 UTC

Antoine Riard

Oct 17, 2023 /01:11 UTC

ziggie

Oct 17, 2023 /07:21 UTC

ziggie

Oct 17, 2023 /07:21 UTC

ZmnSCPxj

Oct 17, 2023 /10:34 UTC

ZmnSCPxj

Oct 17, 2023 /10:34 UTC

Antoine Riard

Oct 17, 2023 /17:47 UTC

Antoine Riard

Oct 17, 2023 /17:47 UTC

Antoine Riard

Oct 17, 2023 /18:34 UTC

Antoine Riard

Oct 17, 2023 /18:34 UTC

Antoine Riard

Oct 17, 2023 /18:47 UTC

Antoine Riard

Oct 17, 2023 /18:47 UTC

Matt Corallo

Oct 18, 2023 /00:17 UTC

Matt Corallo

Oct 18, 2023 /00:17 UTC

Antoine Riard

Oct 18, 2023 /02:57 UTC

Antoine Riard

Oct 18, 2023 /02:57 UTC

Bastien TEINTURIER

Oct 19, 2023 /08:12 UTC

Bastien TEINTURIER

Oct 19, 2023 /08:12 UTC

Matt Morehouse

Oct 19, 2023 /16:23 UTC

Matt Morehouse

Oct 19, 2023 /16:23 UTC

Antoine Riard

Oct 19, 2023 /17:22 UTC

Antoine Riard

Oct 19, 2023 /17:22 UTC

Matt Morehouse

Oct 19, 2023 /17:53 UTC

Matt Morehouse

Oct 19, 2023 /17:53 UTC

Matt Corallo

Oct 19, 2023 /18:02 UTC

Matt Corallo

Oct 19, 2023 /18:02 UTC

Antoine Riard

Oct 19, 2023 /19:33 UTC

Antoine Riard

Oct 19, 2023 /19:33 UTC

Antoine Riard

Oct 20, 2023 /06:56 UTC

Antoine Riard

Oct 20, 2023 /06:56 UTC

Peter Todd

Oct 20, 2023 /10:31 UTC

Peter Todd

Oct 20, 2023 /10:31 UTC

Peter Todd

Oct 20, 2023 /10:47 UTC

Peter Todd

Oct 20, 2023 /11:03 UTC

Peter Todd

Oct 20, 2023 /11:03 UTC

Jochen Hoenicke

Oct 20, 2023 /11:18 UTC

Matt Morehouse

Oct 20, 2023 /18:35 UTC

Matt Morehouse

Oct 20, 2023 /18:35 UTC

Matt Corallo

Oct 20, 2023 /21:05 UTC

Matt Corallo

Oct 20, 2023 /21:05 UTC

Peter Todd

Oct 21, 2023 /00:15 UTC

Peter Todd

Oct 21, 2023 /00:15 UTC

Olaoluwa Osuntokun

Oct 21, 2023 /00:18 UTC

Olaoluwa Osuntokun

Oct 21, 2023 /00:18 UTC

Matt Corallo

Oct 21, 2023 /01:03 UTC

Matt Corallo

Oct 21, 2023 /01:03 UTC

Peter Todd

Oct 21, 2023 /01:25 UTC

Peter Todd

Oct 21, 2023 /01:25 UTC

Matt Corallo

Oct 21, 2023 /01:55 UTC

Matt Corallo

Oct 21, 2023 /01:55 UTC

Peter Todd

Oct 21, 2023 /02:43 UTC

Peter Todd

Oct 21, 2023 /02:43 UTC

Nagaev Boris

Oct 21, 2023 /14:21 UTC

Antoine Riard

Oct 21, 2023 /20:05 UTC

Antoine Riard

Oct 21, 2023 /20:05 UTC

Nadav Ivgi

Oct 22, 2023 /04:49 UTC

Nadav Ivgi

Oct 22, 2023 /04:49 UTC

David A. Harding

Oct 23, 2023 /08:49 UTC

David A. Harding

Oct 23, 2023 /08:49 UTC

Matt Corallo

Oct 23, 2023 /16:09 UTC

Matt Corallo

Oct 23, 2023 /16:09 UTC

Peter Todd

Oct 27, 2023 /00:43 UTC

Peter Todd

Oct 27, 2023 /00:43 UTC

Antoine Riard

Nov 2, 2023 /04:46 UTC

Antoine Riard

Nov 17, 2023 /22:36 UTC

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

Built with 🧡 by the Bitcoin Dev Project

View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback