Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Matt Morehouse

Oct 19, 2023/16:23 UTC

The email discusses a proposed defense mechanism against an attack on the Lightning Network. The author suggests that an honest node could aggressively fee-bump and retransmit the HTLC-timeout as the CLTV delta deadline approaches. This strategy involves increasing the fee by 1/10th of the HTLC value for each non-confirmation, starting within 10 blocks of the deadline.

The author refers to this approach as a "scorched earth" approach, as it may incur significant fees for the honest node. However, they argue that it would be even more costly for the attacker, as each replacement attempt would need to burn at least as much as the HTLC-timeout fees. Additionally, the attacker would need to perform a replacement every time the honest node fee bumps.

The email suggests that this fee-bumping policy would provide sufficient defense against the attack, even if the attacker is replacement-cycling directly in miners' mempools and the victim has no visibility into the attack. It implies that by employing this strategy, the honest node can effectively protect itself and make the attack economically unfeasible for the attacker.

Overall, the email explores a potential solution to counter an attack on the Lightning Network by utilizing aggressive fee-bumping and retransmission of the HTLC-timeout as the CLTV delta deadline approaches.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback