bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 23, 2023 08:49 UTC
In an email thread, Nadav Ivgi raises a concern about the proposed solution to a problem.
He disagrees with Riard's description of the replacement cycle and presents an alternative approach.
Nadav explains that in Riard's scenario, Bob broadcasts an HTLC-timeout transaction with input A and input B for fees, and output X. Mallory then replaces this transaction with an HTLC-preimage transaction using input A, input C for fees, and output Y. Finally, Mallory replaces the transaction that created input C, thereby removing the HTLC-preimage from the mempool.
However, Nadav suggests an alternative approach. In this approach, Bob also broadcasts an HTLC-timeout transaction. Mallory replaces this transaction with an HTLC-preimage transaction using input A, input C for fees, and output Y. But instead of removing the preimage by replacing the transaction that created input C, Mallory uses input C to create a new transaction that does not include input A, effectively removing the preimage from the mempool.
Nadav highlights that the original scenario requires input C to come from an unconfirmed transaction, making OP_CSV_ALLINPUTS effective. However, in the alternative scenario, input C can come from a confirmed transaction, rendering OP_CSV_ALLINPUTS ineffective.
The email excerpt ends with Dave signing off.