bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 20, 2023 21:05 UTC

The email discusses a vulnerability in the Lightning Network related to anchor channels.

It mentions that the attack can be performed by either side of the closure, as the HTLCs are now only signed SIGHASH_SINGLE|ANYONECANPAY. This means that more inputs can be added and the attack can even be performed by the broadcaster. However, fixing this issue on the lightning end is not the right approach. The real fix should come from Bitcoin Core or other parts of the mining stack.

Fixing this issue in Bitcoin Core is not a simple task because it would require unbounded memory to keep enough history. However, the email suggests that an external piece of software could be created to monitor the mempool for transactions that were replaced out but could potentially re-enter later with other replacements. This software could optimize the revenue of block template selection and inadvertently fix the issue.

Overall, the email highlights the need for a solution to this vulnerability in the Lightning Network, which ultimately lies with Bitcoin Core or other components of the mining stack.