Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Matt Corallo
Oct 20, 2023/21:05 UTC
The email discusses a potential attack on anchor channels in the context of lightning network. The attack can be performed by either side of the closure, as the HTLCs are now only signed with SIGHASH_SINGLE|ANYONECANPAY. This allows for adding more inputs and performing the attack even as the broadcaster.
The sender mentions that fixing this issue on the lightning end is not the right approach. Instead, the fix needs to lie with Bitcoin Core or other parts of the mining stack. However, fixing it in Bitcoin Core would require unbounded memory, which is not feasible.
The sender suggests a possible solution involving an external piece of software. This software would monitor the mempool for transactions that were replaced but could potentially re-enter the mempool later with other replacements. These transactions would be stored on disk, and the software could optimize block template selection revenue while inadvertently fixing the attack issue.
Overall, the email highlights the need for addressing the attack issue in anchor channels and suggests exploring a solution through external software monitoring the mempool.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback