Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Peter Todd
Oct 27, 2023/00:43 UTC
The email discusses a potential attack scenario and proposes the use of OP_Expire to avoid it. The sender clarifies that they are not claiming the attack is easy to execute, but rather pointing out that there may be cases where it happens accidentally. They give an example of a node with a HTLC-preimage that is offline and then comes online at the right time to broadcast a HTLC-preimage redemption transaction with a higher fee than the timeout transaction.
If the other node goes offline at the right time, after broadcasting the timeout transaction, it may not notice the HTLC-preimage in the mempool and fail to redeem it. The sender suggests that using OP_Expire would prevent this situation by making it impossible to redeem the HTLC-preimage after the timeout.
The sender includes a link to Peter Todd's website (https://petertodd.org) and their email address (peter@petertodd.org).
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback