Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by David A. Harding
Oct 23, 2023/08:49 UTC
In an email sent by Nadav Ivgi, he discusses the shortcomings of an approach described by Riard regarding the replacement cycle in a transaction. Nadav presents two different scenarios.
The first scenario outlined by Nadav follows this sequence: Bob broadcasts an HTLC-timeout with input A, input B for fees, and output X. Mallory then replaces the HTLC-timeout with an HTLC-preimage using input A, input C for fees, and output Y. Finally, Mallory replaces the transaction that created input C, effectively removing the HTLC-preimage from the mempool.
However, Nadav suggests an alternative approach. In this alternative scenario, Bob still broadcasts an HTLC-timeout with input A, input B for fees, and output X. Mallory then replaces the HTLC-timeout with an HTLC-preimage using input A, input C for fees, and output Y. The crucial difference is that Mallory now uses input C to replace the HTLC-preimage with a transaction that does not include input A, thereby removing the preimage from the mempool.
Nadav highlights that the original scenario only works if input C comes from an unconfirmed transaction, making OP_CSV_ALLINPUTS effective. However, in the alternative scenario, even if input C comes from a confirmed transaction, OP_CSV_ALLINPUTS becomes ineffective.
This email provides valuable insights into the different approaches in handling the replacement cycle in a transaction and highlights the limitations of the OP_CSV_ALLINPUTS method.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback