Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Antoine Riard
Oct 17, 2023/18:47 UTC
In a recent email, the sender apologizes for a typo and acknowledges that English is not their native language. They mention a previous email from August 11, 2023, where they discussed conducting experiments related to Lightning infrastructure vulnerabilities.
The sender expresses their willingness to participate in these experiments and suggests adjusting the disclosure date based on the learnings gained. However, they note that the number of experts worldwide who have the necessary knowledge and understanding of Lightning is limited to those listed on the disclosure emails. Additionally, at the time of the email, there were other undisclosed security issues, such as the "fake channel DoS vector" revealed on August 23, 2023.
Due to these factors, the experiments mentioned were not conducted.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback