Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Matt Corallo
Oct 20, 2023/21:05 UTC
The email discusses a potential attack on anchor channels in the context of Bitcoin Core and lightning network. The attack can be performed on pre-anchor channels, where the HTLCs are signed with SIGHASH_SINGLE|ANYONECANPAY. However, with anchor channels, the attack can be performed by either side of the closure. The email suggests that fixing this issue on the lightning end is not the right approach, as it is ultimately a problem with the transaction broadcast ordering and the optimal set of transactions for fee revenue.
The author highlights that the fix for this issue should lie with Bitcoin Core or other parts of the mining stack. Fixing it in the Bitcoin Core stack would require unbounded memory, which is not feasible. However, the author proposes the idea of using external software to monitor the mempool for transactions that were replaced out but could potentially re-enter the mempool later with other replacements. This software could optimize the revenue of block template selection and unintentionally fix the issue.
Overall, the email raises the concern of an attack on anchor channels and suggests that the solution should be implemented at the Bitcoin Core level. The proposal involves using external software to monitor the mempool and optimize block template selection.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback