Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Olaoluwa Osuntokun

Oct 16, 2023/22:51 UTC

The email starts with the sender expressing gratitude to Antoine for his excellent write-up and diligence in reporting an issue to various implementations. The sender also appreciates Antoine's efforts in game planning with them regarding mitigations and attack scenarios.

The sender then clarifies that all relevant mitigations for lnd were already implemented in lnd v0.16.1-beta, which was released on April 24th, 2023. However, there were some performance regressions introduced due to these mitigations, specifically related to mempool watching.

To address this, in version 0.17.1 of lnd, they plan to utilize the new gettxspendingprevout RPC call with bitcoind. This implementation will further reduce the load and improve performance.

It is important to note that the email does not provide any links or additional information to include in the summary.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback