Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Matt Morehouse

Oct 20, 2023/18:35 UTC

The email discusses the idea of applying a presigned fee multiplier to HTLC spends in order to prevent replacement cycles. The suggestion is to modify HTLC scripts so that both parties can only spend the HTLC via presigned second-stage transactions, which would be signed with SIGHASH_ALL. This modification would prevent attackers from adding inputs to their presigned transaction, making a replacement cycling attack impossible. However, implementing this solution would require more bookkeeping and result in less fee granularity when claiming HTLCs on chain.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback