bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Original Postby Matt Morehouse
Posted on: October 20, 2023 18:35 UTC
The email discusses a proposal to prevent replacement cycling attacks in HTLC spends by applying the concept of a presigned fee multiplier.
The idea is to modify HTLC scripts so that both parties can only spend the HTLC via presigned second-stage transactions, which are always signed with SIGHASH_ALL. By doing this, the attacker will be unable to add inputs to their presigned transaction, effectively preventing a replacement cycling attack from occurring. However, implementing this approach would require more bookkeeping and result in less fee granularity when claiming HTLCs on chain.