Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Antoine Riard

Oct 16, 2023/16:57 UTC

A new transaction-relay jamming attack has been discovered in lightning channels, posing security risks to HTLC traffic. Major lightning implementations have introduced mitigations to prevent this attack, which involves replacing honest HTLC-timeout transactions with higher fee HTLC-preimage transactions. The attacker evicts the honest transaction from the mempool using replacement transactions with higher fees, potentially leading to a loss of funds for the lightning node. Various strategies have been implemented to mitigate these attacks, including aggressive rebroadcasting, local-mempool preimage monitoring, and adjusting the default CLTV delta. However, other bitcoin applications using time-sensitive paths or multi-party transactions may also be vulnerable to denial-of-service vectors under network mempool congestion. The email highlights the need for further research and development in the area of package malleability pinning attacks, as well as ongoing investigation into the security of lightning implementations and potential vulnerabilities in other bitcoin applications.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback