Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Nadav Ivgi
Oct 22, 2023/04:49 UTC
One suggestion in the email is to address a potential issue with unconfirmed outputs in the HTLC (Hash Time Locked Contract) preimage-spending transaction. The proposal is to introduce a new opcode called OP_CSV_ALLINPUTS, which would require all inputs to have a matching nSequence. By using 1 OP_CSV_ALLINPUTS in the HTLC preimage branch, it would effectively prevent the use of unconfirmed outputs in the transaction.
The purpose of this approach is to protect against a replacement cycling attack. It's worth noting that an alternative option could be to use OP_CSV_OTHERINPUTS instead, which would allow the HTLC output itself to be spent immediately via the preimage branch and only require confirmation for additional inputs added for fees.
It is important to carefully consider the implications and potential trade-offs of implementing such a change. Additionally, further analysis and discussion may be needed to determine the best approach and any potential drawbacks or limitations.
Overall, the suggestion aims to enhance the security and reliability of HTLC preimage-spending transactions by addressing the potential vulnerability associated with unconfirmed outputs. Further research and evaluation are required to determine the feasibility and potential impact of implementing this proposed solution.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback