bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Bastien TEINTURIER

Posted on: October 19, 2023 08:12 UTC

In the email, Antoine expresses gratitude to Bastien for his work on a particular issue.

Bastien confirms that the latest version of Eclair, v0.9.0, includes the described mitigations. He explains that Eclair has been monitoring the mempool for preimages since its early versions, relying on Bitcoin Core's ZMQ notifications for incoming transactions. This ensures that they can observe the HTLC success transaction, even if it is quickly replaced, as long as they do not exceed the ZMQ limits.

However, Matt raises a point that more fundamental work needs to be done at the bitcoin layer to enhance the resilience of Layer 2 protocols against this type of attacks.

Overall, the email acknowledges Antoine's contribution, confirms the inclusion of mitigations in Eclair, and recognizes the need for further improvements at the bitcoin layer to address these attacks.