Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Olaoluwa Osuntokun
Oct 16, 2023/22:51 UTC
The email starts with the sender expressing gratitude to Antoine for his excellent write-up and diligence in reporting an issue to various implementations. The sender also appreciates Antoine's efforts in game planning with them regarding mitigations and attack scenarios.
The sender then clarifies that all relevant mitigations for lnd were already implemented in lnd v0.16.1-beta, which was released on April 24th, 2023. However, there were some performance regressions introduced due to these mitigations, specifically related to mempool watching.
To address this, in version 0.17.1 of lnd, they plan to utilize the new gettxspendingprevout RPC call with bitcoind. This implementation will further reduce the load and improve performance.
It is important to note that the email does not provide any links or additional information to include in the summary.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback