Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Matt Morehouse
Oct 19, 2023/16:23 UTC
The email discusses a proposed defense mechanism against an attack on the Lightning Network. The author suggests that an honest node could aggressively fee-bump and retransmit the HTLC-timeout as the CLTV delta deadline approaches. This strategy involves increasing the fee by 1/10th of the HTLC value for each non-confirmation, starting within 10 blocks of the deadline.
The author refers to this approach as a "scorched earth" approach, as it may incur significant fees for the honest node. However, they argue that it would be even more costly for the attacker, as each replacement attempt would need to burn at least as much as the HTLC-timeout fees. Additionally, the attacker would need to perform a replacement every time the honest node fee bumps.
The email suggests that this fee-bumping policy would provide sufficient defense against the attack, even if the attacker is replacement-cycling directly in miners' mempools and the victim has no visibility into the attack. It implies that by employing this strategy, the honest node can effectively protect itself and make the attack economically unfeasible for the attacker.
Overall, the email explores a potential solution to counter an attack on the Lightning Network by utilizing aggressive fee-bumping and retransmission of the HTLC-timeout as the CLTV delta deadline approaches.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback