Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Bastien TEINTURIER

Oct 19, 2023/08:12 UTC

Antoine's work on the issue has been acknowledged and appreciated. It is confirmed that Eclair v0.9.0 includes the mentioned mitigations. Since the early versions, Eclair has been monitoring the mempool for preimages, with reliance on Bitcoin Core's ZMQ notifications for incoming transactions. This ensures that the HTLC success transaction is visible, even if it gets immediately replaced (as long as the ZMQ limits are not exceeded). However, Matt suggests that further fundamental work is required at the bitcoin layer to enhance the resilience of Layer 2 protocols against such attacks.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback