TLDR

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Matt Morehouse

Oct 20, 2023/18:35 UTC

The email suggests applying the concept of a presigned fee multiplier to prevent replacement cycling attacks in HTLC spends. The proposed solution involves modifying HTLC scripts so that both parties can only spend the HTLC via presigned second-stage transactions, which are always signed with SIGHASH_ALL. By doing so, the attacker is prevented from adding inputs to their presigned transaction, thus making a replacement cycling attack impossible. However, implementing this solution would require more bookkeeping and result in less fee granularity when claiming HTLCs on chain.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Antoine Riard

Oct 16, 2023 /16:57 UTC

Antoine Riard

Oct 16, 2023 /16:57 UTC

Peter Todd

Oct 16, 2023 /19:13 UTC

Matt Morehouse

Oct 16, 2023 /22:10 UTC

Olaoluwa Osuntokun

Oct 16, 2023 /22:51 UTC

Olaoluwa Osuntokun

Oct 16, 2023 /22:51 UTC

Antoine Riard

Oct 17, 2023 /01:11 UTC

ziggie

Oct 17, 2023 /07:21 UTC

ziggie

Oct 17, 2023 /07:21 UTC

ZmnSCPxj

Oct 17, 2023 /10:34 UTC

ZmnSCPxj

Oct 17, 2023 /10:34 UTC

Antoine Riard

Oct 17, 2023 /17:47 UTC

Antoine Riard

Oct 17, 2023 /17:47 UTC

Antoine Riard

Oct 17, 2023 /18:34 UTC

Antoine Riard

Oct 17, 2023 /18:34 UTC

Antoine Riard

Oct 17, 2023 /18:47 UTC

Antoine Riard

Oct 17, 2023 /18:47 UTC

Matt Corallo

Oct 18, 2023 /00:17 UTC

Matt Corallo

Oct 18, 2023 /00:17 UTC

Antoine Riard

Oct 18, 2023 /02:57 UTC

Antoine Riard

Oct 18, 2023 /02:57 UTC

Bastien TEINTURIER

Oct 19, 2023 /08:12 UTC

Bastien TEINTURIER

Oct 19, 2023 /08:12 UTC

Matt Morehouse

Oct 19, 2023 /16:23 UTC

Matt Morehouse

Oct 19, 2023 /16:23 UTC

Antoine Riard

Oct 19, 2023 /17:22 UTC

Antoine Riard

Oct 19, 2023 /17:22 UTC

Matt Morehouse

Oct 19, 2023 /17:53 UTC

Matt Morehouse

Oct 19, 2023 /17:53 UTC

Matt Corallo

Oct 19, 2023 /18:02 UTC

Matt Corallo

Oct 19, 2023 /18:02 UTC

Antoine Riard

Oct 19, 2023 /19:33 UTC

Antoine Riard

Oct 19, 2023 /19:33 UTC

Antoine Riard

Oct 20, 2023 /06:56 UTC

Antoine Riard

Oct 20, 2023 /06:56 UTC

Peter Todd

Oct 20, 2023 /10:31 UTC

Peter Todd

Oct 20, 2023 /10:31 UTC

Peter Todd

Oct 20, 2023 /10:47 UTC

Peter Todd

Oct 20, 2023 /11:03 UTC

Peter Todd

Oct 20, 2023 /11:03 UTC

Jochen Hoenicke

Oct 20, 2023 /11:18 UTC

Matt Morehouse

Oct 20, 2023 /18:35 UTC

Matt Morehouse

Oct 20, 2023 /18:35 UTC

Matt Corallo

Oct 20, 2023 /21:05 UTC

Matt Corallo

Oct 20, 2023 /21:05 UTC

Peter Todd

Oct 21, 2023 /00:15 UTC

Peter Todd

Oct 21, 2023 /00:15 UTC

Olaoluwa Osuntokun

Oct 21, 2023 /00:18 UTC

Olaoluwa Osuntokun

Oct 21, 2023 /00:18 UTC

Matt Corallo

Oct 21, 2023 /01:03 UTC

Matt Corallo

Oct 21, 2023 /01:03 UTC

Peter Todd

Oct 21, 2023 /01:25 UTC

Peter Todd

Oct 21, 2023 /01:25 UTC

Matt Corallo

Oct 21, 2023 /01:55 UTC

Matt Corallo

Oct 21, 2023 /01:55 UTC

Peter Todd

Oct 21, 2023 /02:43 UTC

Peter Todd

Oct 21, 2023 /02:43 UTC

Nagaev Boris

Oct 21, 2023 /14:21 UTC

Antoine Riard

Oct 21, 2023 /20:05 UTC

Antoine Riard

Oct 21, 2023 /20:05 UTC

Nadav Ivgi

Oct 22, 2023 /04:49 UTC

Nadav Ivgi

Oct 22, 2023 /04:49 UTC

David A. Harding

Oct 23, 2023 /08:49 UTC

David A. Harding

Oct 23, 2023 /08:49 UTC

Matt Corallo

Oct 23, 2023 /16:09 UTC

Matt Corallo

Oct 23, 2023 /16:09 UTC

Peter Todd

Oct 27, 2023 /00:43 UTC

Peter Todd

Oct 27, 2023 /00:43 UTC

Antoine Riard

Nov 2, 2023 /04:46 UTC

Antoine Riard

Nov 17, 2023 /22:36 UTC

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

Built with 🧡 by the Bitcoin Dev Project

View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback