TLDR

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Bastien TEINTURIER

Oct 19, 2023/08:12 UTC

Antoine's work on the issue has been acknowledged and appreciated. It is confirmed that Eclair v0.9.0 includes the mentioned mitigations. Since the early versions, Eclair has been monitoring the mempool for preimages, with reliance on Bitcoin Core's ZMQ notifications for incoming transactions. This ensures that the HTLC success transaction is visible, even if it gets immediately replaced (as long as the ZMQ limits are not exceeded). However, Matt suggests that further fundamental work is required at the bitcoin layer to enhance the resilience of Layer 2 protocols against such attacks.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Antoine Riard

Oct 16, 2023 /16:57 UTC

Antoine Riard

Oct 16, 2023 /16:57 UTC

Peter Todd

Oct 16, 2023 /19:13 UTC

Matt Morehouse

Oct 16, 2023 /22:10 UTC

Olaoluwa Osuntokun

Oct 16, 2023 /22:51 UTC

Olaoluwa Osuntokun

Oct 16, 2023 /22:51 UTC

Antoine Riard

Oct 17, 2023 /01:11 UTC

ziggie

Oct 17, 2023 /07:21 UTC

ziggie

Oct 17, 2023 /07:21 UTC

ZmnSCPxj

Oct 17, 2023 /10:34 UTC

ZmnSCPxj

Oct 17, 2023 /10:34 UTC

Antoine Riard

Oct 17, 2023 /17:47 UTC

Antoine Riard

Oct 17, 2023 /17:47 UTC

Antoine Riard

Oct 17, 2023 /18:34 UTC

Antoine Riard

Oct 17, 2023 /18:34 UTC

Antoine Riard

Oct 17, 2023 /18:47 UTC

Antoine Riard

Oct 17, 2023 /18:47 UTC

Matt Corallo

Oct 18, 2023 /00:17 UTC

Matt Corallo

Oct 18, 2023 /00:17 UTC

Antoine Riard

Oct 18, 2023 /02:57 UTC

Antoine Riard

Oct 18, 2023 /02:57 UTC

Bastien TEINTURIER

Oct 19, 2023 /08:12 UTC

Bastien TEINTURIER

Oct 19, 2023 /08:12 UTC

Matt Morehouse

Oct 19, 2023 /16:23 UTC

Matt Morehouse

Oct 19, 2023 /16:23 UTC

Antoine Riard

Oct 19, 2023 /17:22 UTC

Antoine Riard

Oct 19, 2023 /17:22 UTC

Matt Morehouse

Oct 19, 2023 /17:53 UTC

Matt Morehouse

Oct 19, 2023 /17:53 UTC

Matt Corallo

Oct 19, 2023 /18:02 UTC

Matt Corallo

Oct 19, 2023 /18:02 UTC

Antoine Riard

Oct 19, 2023 /19:33 UTC

Antoine Riard

Oct 19, 2023 /19:33 UTC

Antoine Riard

Oct 20, 2023 /06:56 UTC

Antoine Riard

Oct 20, 2023 /06:56 UTC

Peter Todd

Oct 20, 2023 /10:31 UTC

Peter Todd

Oct 20, 2023 /10:31 UTC

Peter Todd

Oct 20, 2023 /10:47 UTC

Peter Todd

Oct 20, 2023 /11:03 UTC

Peter Todd

Oct 20, 2023 /11:03 UTC

Jochen Hoenicke

Oct 20, 2023 /11:18 UTC

Matt Morehouse

Oct 20, 2023 /18:35 UTC

Matt Morehouse

Oct 20, 2023 /18:35 UTC

Matt Corallo

Oct 20, 2023 /21:05 UTC

Matt Corallo

Oct 20, 2023 /21:05 UTC

Peter Todd

Oct 21, 2023 /00:15 UTC

Peter Todd

Oct 21, 2023 /00:15 UTC

Olaoluwa Osuntokun

Oct 21, 2023 /00:18 UTC

Olaoluwa Osuntokun

Oct 21, 2023 /00:18 UTC

Matt Corallo

Oct 21, 2023 /01:03 UTC

Matt Corallo

Oct 21, 2023 /01:03 UTC

Peter Todd

Oct 21, 2023 /01:25 UTC

Peter Todd

Oct 21, 2023 /01:25 UTC

Matt Corallo

Oct 21, 2023 /01:55 UTC

Matt Corallo

Oct 21, 2023 /01:55 UTC

Peter Todd

Oct 21, 2023 /02:43 UTC

Peter Todd

Oct 21, 2023 /02:43 UTC

Nagaev Boris

Oct 21, 2023 /14:21 UTC

Antoine Riard

Oct 21, 2023 /20:05 UTC

Antoine Riard

Oct 21, 2023 /20:05 UTC

Nadav Ivgi

Oct 22, 2023 /04:49 UTC

Nadav Ivgi

Oct 22, 2023 /04:49 UTC

David A. Harding

Oct 23, 2023 /08:49 UTC

David A. Harding

Oct 23, 2023 /08:49 UTC

Matt Corallo

Oct 23, 2023 /16:09 UTC

Matt Corallo

Oct 23, 2023 /16:09 UTC

Peter Todd

Oct 27, 2023 /00:43 UTC

Peter Todd

Oct 27, 2023 /00:43 UTC

Antoine Riard

Nov 2, 2023 /04:46 UTC

Antoine Riard

Nov 17, 2023 /22:36 UTC

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

Built with 🧡 by the Bitcoin Dev Project

View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback