Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Antoine Riard

Oct 17, 2023/18:34 UTC

The email discusses a scenario involving channels in the Bitcoin network, specifically the A, B, and C channels. The main focus is on the replacement mechanism of HTLC (Hash Time-Locked Contract) transactions and the exploitation that can occur within this mechanism.

In the scenario, A attempts to recover the funds from the A====B channel through the HTLC mechanism. However, the exploit lies in the replacement mechanism itself, rather than the fee rates or mempool congestion. This means that the fee rates and mempool congestion are not relevant considerations in this case.

C broadcasts an HTLC-success transaction at block height 144 and does so at every block between blocks 100 and 144. This high feerate transaction is used to replace B's HTLC-timeout transaction. It is worth noting that B can feebump the HTLC-timeout for anchor output channels thanks to sighash_single | anyonecanpay on C's signature.

To understand the details and technical aspects of this scenario, you can refer to the test provided at the following link: GitHub Test Link.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback