Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Antoine Riard

Nov 17, 2023/22:36 UTC

The discussion in the email revolves around a security vulnerability in the Lightning Network, specifically an attack vector concerning HTLC (Hashed Time-Locked Contracts) transactions within the Bitcoin mempool. The sender, Antoine, points out that an attacker can exploit this by overbidding on the fee of the parent transaction of an HTLC-preimage. This would allow the attacker to replace the parent and potentially delay the confirmation of the replacement transaction for economic gain or even batch attack multiple targets.

Antoine explains that attackers can blind a defender's mempool by broadcasting a conflicting parent transaction, thus partitioning the defender's view of the network from the rest of the nodes. Since the mempool is part of a distributed system favoring higher fee transactions, network issues such as jitter and propagation delay are deemed irrelevant by Antoine in this context. He highlights that despite policy differences across Bitcoin implementations, the peer-to-peer transaction relay can be taken advantage of by an attacker through mass connections, filling up inbound slots of nodes at low cost.

Furthermore, Antoine challenges the belief that executing such an attack requires extremely precise timing, arguing that the probability is actually in the attacker's favor due to the average 10-minute block interval in Bitcoin. He notes that while miners could theoretically broadcast preimage replacement transactions to mitigate the attack, this mechanism is not commonly used in the current mining ecosystem and its resilience to denial-of-service attacks is questionable.

To counteract the threat, Antoine suggests that Lightning Network nodes could duplicate their mempool-monitoring to watchtower backends, which assumes that these are running on a full node. This mitigation increases the difficulty for an attacker as they would need to partition each new watchtower's mempool during an attack. However, he admits that sophisticated attackers could still neutralize this strategy.

In conclusion, Antoine recommends that developers of Lightning Network software implement the suggested mitigation, particularly for those implementations that are used by high-value routing nodes or Lightning Service Providers (LSPs), in order to enhance the robustness against such replacement attacks.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback