bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Nadav Ivgi

Posted on: October 22, 2023 04:49 UTC

The email suggests addressing a specific issue by introducing a new opcode called OP_CSV_ALLINPUTS.

This opcode would require all inputs to have a matching nSequence, and it would be used in the HTLC (Hashed Timelock Contract) preimage branch. The intention is to prevent the usage of unconfirmed outputs in the HTLC-preimage-spending transaction, thus protecting it against a replacement cycling attack.

By implementing OP_CSV_ALLINPUTS, unconfirmed outputs would be completely excluded from the transaction, ensuring that only confirmed inputs are used. This would provide an additional layer of security against potential attacks.

Alternatively, the email proposes using a different opcode called OP_CSV_OTHERINPUTS. With this approach, the HTLC output itself could be spent immediately via the preimage branch, while requiring that any other inputs added for fees are confirmed.

Overall, the suggestion aims to enhance the security and reliability of transactions involving HTLCs by imposing stricter requirements on input confirmation status. The proposed opcodes, OP_CSV_ALLINPUTS and OP_CSV_OTHERINPUTS, offer possible solutions to mitigate the risk of replacement cycling attacks.