Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Posted by Matt Corallo

Oct 23, 2023/16:09 UTC

In an email conversation, Peter Todd brings up the point that although the proposed change may not seem significant in terms of its impact on lightning's trust model, it is still a valuable improvement considering the inherently chain-spammy nature of the system. He mentions that in force-close cases, there are often repeated failures in several HTLCs (Hash Time-Locked Contracts). However, he suggests that instead of rushing to fix lightning, it would be more effective to address the issue at the ecosystem level to ensure a comprehensive solution.

Peter emphasizes the need for caution in implementing policy restrictions, as they should not only avoid disrupting the functionality of the L2 network but also prevent miners from receiving reduced payments. He considers this situation a policy bug that needs to be resolved properly rather than hastily.

Overall, Peter's email highlights the importance of thoroughly addressing the trust model and policy issues within the lightning network, taking into consideration the potential vulnerabilities and their potential impact on users and miners.

Link to Raw Post

Thread Summary (69 replies)

Oct 16 - Nov 17, 2023

Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback