Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Antoine Riard
Oct 16, 2023/16:57 UTC
A new transaction-relay jamming attack has been discovered in lightning channels, posing security risks to HTLC traffic. Major lightning implementations have introduced mitigations to prevent this attack, which involves replacing honest HTLC-timeout transactions with higher fee HTLC-preimage transactions. The attacker evicts the honest transaction from the mempool using replacement transactions with higher fees, potentially leading to a loss of funds for the lightning node. Various strategies have been implemented to mitigate these attacks, including aggressive rebroadcasting, local-mempool preimage monitoring, and adjusting the default CLTV delta. However, other bitcoin applications using time-sensitive paths or multi-party transactions may also be vulnerable to denial-of-service vectors under network mempool congestion. The email highlights the need for further research and development in the area of package malleability pinning attacks, as well as ongoing investigation into the security of lightning implementations and potential vulnerabilities in other bitcoin applications.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback