Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Peter Todd
Oct 27, 2023/00:43 UTC
The email discusses a potential attack scenario in the context of HTLC-preimage redemption transactions. The sender clarifies that they are not making any claims about the ease of executing this attack but acknowledges that there may be cases where it happens accidentally.
One example given is when a node with an HTLC-preimage is offline and then comes online at the right time to broadcast a HTLC-preimage redemption transaction with a higher fee than the timeout transaction. If the other node goes offline after broadcasting the timeout transaction, it may not notice the HTLC-preimage in the mempool and fail to redeem it.
To mitigate this situation, the sender suggests using OP_Expire, which would make it impossible to redeem the HTLC-preimage after the timeout. They provide a link to Peter Todd's website (https://petertodd.org) for further information.
It is important to note that the email does not provide detailed instructions on how to execute the attack or offer a solution beyond the mention of OP_Expire. The main focus is on raising awareness of a potential vulnerability and suggesting a possible safeguard.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback