bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Antoine Riard

Posted on: October 17, 2023 17:47 UTC

The email discusses the possibility of a potential attack on Lightning Network (LN) channels with high capacity and loose channel policies.

The sender clarifies that no such attack has been observed on the mainnet, but they have conducted a demo attack in restricted development circles to experiment with different scenarios.

The risk of exposure exists if an attacker targets channels with high capacity and loose channel policies. It is noted that there is no way to configure the cap for the total value of outbound HTLC (Hashed Time-Locked Contract) in-flight, which is the flow affected by the attack. To observe the existence of such an attack, one can look at mempool logs and the amount of HTLC outputs being systematically conflicted out with a specific sequence.

The attack described is not akin to a pinning attack, as there is no transaction pinned in network mempools. It can occur without network mempool congestion. The attacker can control two neighboring nodes to target the victim. By cycling the attack on the tail side and delaying the confirmation of the HTLC-timeout covenant, the peer at the front of the victim will force-close the channel and claim their timeout-path, canceling back the initial HTLC amount to the attacker's initial node.

Implementations of Local-mempool preimage monitoring have been done by Eclair and LND as mitigations against old school pinning attacks and replacement cycling attacks, respectively. However, this mechanism is not implemented by Core-Lightning or LDK.

The email suggests a defensive fee mitigation strategy where, upon seeing the preimage and being able to claim the output via the HTLC-timeout path, aggressive fee-bumping of the HTLC-output should be done in addition to claiming it on the incoming. This strategy is feasible only with anchor channels where fees can be added to the HTLC-covenant. By cycling this process multiple times, the attacker will incur heavy losses, making the attack more costly.

It is mentioned that the attack becomes less viable when the HTLCs being targeted by the attacker are small. This is due to the lack of a way at the specification level to negotiate a cap on the total value of outbound HTLC in-flight.

Overall, the email discusses the potential risks and countermeasures related to attacks on LN channels with high capacity and loose channel policies. It provides insights into monitoring tools, attack scenarios, and defensive strategies.