Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted by Matt Corallo
Oct 23, 2023/16:09 UTC
In an email conversation, Peter Todd brings up the point that although the proposed change may not seem significant in terms of its impact on lightning's trust model, it is still a valuable improvement considering the inherently chain-spammy nature of the system. He mentions that in force-close cases, there are often repeated failures in several HTLCs (Hash Time-Locked Contracts). However, he suggests that instead of rushing to fix lightning, it would be more effective to address the issue at the ecosystem level to ensure a comprehensive solution.
Peter emphasizes the need for caution in implementing policy restrictions, as they should not only avoid disrupting the functionality of the L2 network but also prevent miners from receiving reduced payments. He considers this situation a policy bug that needs to be resolved properly rather than hastily.
Overall, Peter's email highlights the importance of thoroughly addressing the trust model and policy issues within the lightning network, taking into consideration the potential vulnerabilities and their potential impact on users and miners.
TLDR
Join Our Newsletter
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
Explore all Products
We'd love to hear your feedback on this project?
Give Feedback