bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby David A. Harding

Posted on: October 23, 2023 08:49 UTC

In an email thread, Nadav Ivgi raises a concern about the proposed solution to a problem.

He disagrees with Riard's description of the replacement cycle and presents an alternative approach.

Nadav explains that in Riard's scenario, Bob broadcasts an HTLC-timeout transaction with input A and input B for fees, and output X. Mallory then replaces this transaction with an HTLC-preimage transaction using input A, input C for fees, and output Y. Finally, Mallory replaces the transaction that created input C, thereby removing the HTLC-preimage from the mempool.

However, Nadav suggests an alternative approach. In this approach, Bob also broadcasts an HTLC-timeout transaction. Mallory replaces this transaction with an HTLC-preimage transaction using input A, input C for fees, and output Y. But instead of removing the preimage by replacing the transaction that created input C, Mallory uses input C to create a new transaction that does not include input A, effectively removing the preimage from the mempool.

Nadav highlights that the original scenario requires input C to come from an unconfirmed transaction, making OP_CSV_ALLINPUTS effective. However, in the alternative scenario, input C can come from a confirmed transaction, rendering OP_CSV_ALLINPUTS ineffective.

The email excerpt ends with Dave signing off.