Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Matt Morehouse

Oct 19, 2023/16:23 UTC

The email discusses a potential solution to defend against an attack on the Lightning Network protocol. The suggestion is to have the honest node aggressively fee-bump and retransmit the HTLC-timeout as the CLTV delta deadline approaches. This approach, known as the "scorched earth" approach, involves increasing the fee by 1/10th of the HTLC value for each non-confirmation within 10 blocks of the deadline.

The purpose of this strategy is to make it more costly for the attacker to replace the HTLC-timeout transactions. Each replacement would require the attacker to burn at least as much as the HTLC-timeout fees. Additionally, the attacker would need to perform a replacement every time the honest node fee bumps.

While this fee-bumping policy may result in considerable fees for the honest node, it is believed to be a sufficient defense against the attacker. Even if the attacker is directly cycling replacements in miners' mempools and the victim has no visibility into the attack, the fee-bumping policy aims to protect the honest node.

By following this approach, the honest node can increase the cost for the attacker and potentially deter them from carrying out the attack. It provides a proactive defense mechanism that aims to safeguard the integrity of the Lightning Network protocol.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback