bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby ziggie1984

Posted on: October 17, 2023 07:21 UTC

In this email, the sender is responding to a previous message from Antoine and expressing their appreciation for the detailed explanation provided.

They mention that pinning attacks, specifically targeting channels with high capacity and loose channel policies, seem plausible. The sender then requests more information about an attack observed on the mainnet and asks if there are any tools available to monitor and record suspicious behavior in parallel with their lightning software.

The sender also highlights that controlling two neighboring nodes is not necessary to target a victim. By cycling the attack on the tail side and delaying the confirmation of the htlc-timeout covenant, the attacker can force-close the channel and claim the timeout-path on the front peer's end. Additionally, they suggest introducing a feebumping race between the victim and the attacker on the tail side to make the attack even more costly.

The sender proposes a solution to aggressively fee-bump their htlc-output when they see the preimage and can claim the output via the htlc-timeout path. They suggest using fees up to 50% of the htlc value in anchor channels to make the attack less profitable for the attacker.

Furthermore, the sender suggests adding another mitigation measure for node runners, which involves restricting the amount and number of HTLCs for big channels to unknown peers. They argue that this would result in a loss for the attacker when attempting to steal small-value HTLCs.

Overall, the email discusses various aspects of pinning attacks, including monitoring tools, attack strategies, and potential mitigations.