bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 23, 2023 16:09 UTC
In an email exchange between Peter Todd and Matt, the discussion revolves around the trust model of Lightning Network and a potential vulnerability that allows peers to steal money.
Peter acknowledges that while the vulnerability is not significant in terms of the overall nature of chain-spamming, it is still noteworthy. He mentions that force-close cases often involve repeated failures in multiple HTLCs.
However, Peter emphasizes that this vulnerability does not represent a substantial change in Lightning's trust model. He asserts that a peer who is willing to put in a lot of effort can already potentially steal money in various ways. The newly identified vulnerability simply adds one more method to the existing possibilities. Peter suggests that instead of rushing to fix lightning, a more comprehensive approach should be taken at the ecosystem level to address any policy restrictions without negatively impacting the L2 network or reducing miners' earnings.
Overall, the email exchange highlights the need for a cautious and thoughtful approach in addressing vulnerabilities within the Lightning Network, focusing on comprehensive solutions rather than quick fixes.