TLDR

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Matt Morehouse

Oct 20, 2023/18:35 UTC

The email discusses the idea of applying a presigned fee multiplier to HTLC spends in order to prevent replacement cycles. The suggestion is to modify HTLC scripts so that both parties can only spend the HTLC via presigned second-stage transactions, which would be signed with SIGHASH_ALL. This modification would prevent attackers from adding inputs to their presigned transaction, making a replacement cycling attack impossible. However, implementing this solution would require more bookkeeping and result in less fee granularity when claiming HTLCs on chain.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Antoine Riard

Oct 16, 2023 /16:57 UTC

Antoine Riard

Oct 16, 2023 /16:57 UTC

Peter Todd

Oct 16, 2023 /19:13 UTC

Matt Morehouse

Oct 16, 2023 /22:10 UTC

Olaoluwa Osuntokun

Oct 16, 2023 /22:51 UTC

Olaoluwa Osuntokun

Oct 16, 2023 /22:51 UTC

Antoine Riard

Oct 17, 2023 /01:11 UTC

ziggie

Oct 17, 2023 /07:21 UTC

ziggie

Oct 17, 2023 /07:21 UTC

ZmnSCPxj

Oct 17, 2023 /10:34 UTC

ZmnSCPxj

Oct 17, 2023 /10:34 UTC

Antoine Riard

Oct 17, 2023 /17:47 UTC

Antoine Riard

Oct 17, 2023 /17:47 UTC

Antoine Riard

Oct 17, 2023 /18:34 UTC

Antoine Riard

Oct 17, 2023 /18:34 UTC

Antoine Riard

Oct 17, 2023 /18:47 UTC

Antoine Riard

Oct 17, 2023 /18:47 UTC

Matt Corallo

Oct 18, 2023 /00:17 UTC

Matt Corallo

Oct 18, 2023 /00:17 UTC

Antoine Riard

Oct 18, 2023 /02:57 UTC

Antoine Riard

Oct 18, 2023 /02:57 UTC

Bastien TEINTURIER

Oct 19, 2023 /08:12 UTC

Bastien TEINTURIER

Oct 19, 2023 /08:12 UTC

Matt Morehouse

Oct 19, 2023 /16:23 UTC

Matt Morehouse

Oct 19, 2023 /16:23 UTC

Antoine Riard

Oct 19, 2023 /17:22 UTC

Antoine Riard

Oct 19, 2023 /17:22 UTC

Matt Morehouse

Oct 19, 2023 /17:53 UTC

Matt Morehouse

Oct 19, 2023 /17:53 UTC

Matt Corallo

Oct 19, 2023 /18:02 UTC

Matt Corallo

Oct 19, 2023 /18:02 UTC

Antoine Riard

Oct 19, 2023 /19:33 UTC

Antoine Riard

Oct 19, 2023 /19:33 UTC

Antoine Riard

Oct 20, 2023 /06:56 UTC

Antoine Riard

Oct 20, 2023 /06:56 UTC

Peter Todd

Oct 20, 2023 /10:31 UTC

Peter Todd

Oct 20, 2023 /10:31 UTC

Peter Todd

Oct 20, 2023 /10:47 UTC

Peter Todd

Oct 20, 2023 /11:03 UTC

Peter Todd

Oct 20, 2023 /11:03 UTC

Jochen Hoenicke

Oct 20, 2023 /11:18 UTC

Matt Morehouse

Oct 20, 2023 /18:35 UTC

Matt Morehouse

Oct 20, 2023 /18:35 UTC

Matt Corallo

Oct 20, 2023 /21:05 UTC

Matt Corallo

Oct 20, 2023 /21:05 UTC

Peter Todd

Oct 21, 2023 /00:15 UTC

Peter Todd

Oct 21, 2023 /00:15 UTC

Olaoluwa Osuntokun

Oct 21, 2023 /00:18 UTC

Olaoluwa Osuntokun

Oct 21, 2023 /00:18 UTC

Matt Corallo

Oct 21, 2023 /01:03 UTC

Matt Corallo

Oct 21, 2023 /01:03 UTC

Peter Todd

Oct 21, 2023 /01:25 UTC

Peter Todd

Oct 21, 2023 /01:25 UTC

Matt Corallo

Oct 21, 2023 /01:55 UTC

Matt Corallo

Oct 21, 2023 /01:55 UTC

Peter Todd

Oct 21, 2023 /02:43 UTC

Peter Todd

Oct 21, 2023 /02:43 UTC

Nagaev Boris

Oct 21, 2023 /14:21 UTC

Antoine Riard

Oct 21, 2023 /20:05 UTC

Antoine Riard

Oct 21, 2023 /20:05 UTC

Nadav Ivgi

Oct 22, 2023 /04:49 UTC

Nadav Ivgi

Oct 22, 2023 /04:49 UTC

David A. Harding

Oct 23, 2023 /08:49 UTC

David A. Harding

Oct 23, 2023 /08:49 UTC

Matt Corallo

Oct 23, 2023 /16:09 UTC

Matt Corallo

Oct 23, 2023 /16:09 UTC

Peter Todd

Oct 27, 2023 /00:43 UTC

Peter Todd

Oct 27, 2023 /00:43 UTC

Antoine Riard

Nov 2, 2023 /04:46 UTC

Antoine Riard

Nov 17, 2023 /22:36 UTC

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

Built with 🧡 by the Bitcoin Dev Project

View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback