bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Peter Todd

Posted on: October 20, 2023 10:31 UTC

The main issue highlighted in the email is the failure to utilize a concept called Replace-By-Fee (RBF) in pre-signed transactions.

The sender suggests that the appropriate approach to pre-signed transactions is to have a sufficient number of different transactions pre-signed to accommodate various fee requirements. By increasing the fee by a factor of 2 each time, pre-signing 10 different replacement transactions would cover a fee range of 1024x. It is also suggested that the multiplier could be adjusted towards the end of the range for further improvement.

The sender emphasizes that the increase in per-transaction storage and bandwidth costs, which may be around 10x or even 100x, should not present significant challenges within the context of a highly scalable protocol like Lightning. Therefore, there is no valid reason for transactions from B to C to become stuck. This issue is considered a major flaw in the Lightning protocol that requires fixing. Additionally, the proposed fix should be applied to other aspects of the lightning protocol, such as channel opens.

In order to gain more insight into this topic and understand the sender's perspective better, you can visit the website mentioned in the email: https://petertodd.org.