bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Antoine Riard

Posted on: October 16, 2023 16:57 UTC

A new transaction-relay jamming attack affecting lightning channels was discovered in December 2022.

This attack exposes lightning routing hops carrying HTLC traffic to loss of funds security risks. Mitigations have been implemented and deployed by major lightning implementations. The attack involves a replacement cycling attack where a malicious channel counterparty broadcasts its HTLC-preimage transaction with a higher fee and triggers a replacement. To mitigate this attack, aggressive rebroadcasting and local-mempool preimage monitoring have been implemented. Adjusting the CLTV Expiry Delta value also increases the odds of success for the attacker. However, no replacement cycling attacks have been observed or reported in the wild or experimented on the Bitcoin mainnet.

Other Bitcoin applications, such as on-chain DLCs, coinjoins, payjoins, wallets with time-sensitive paths, peerswap and submarine swaps, batch payouts, and transaction "accelerators," could potentially be affected by denial-of-service vectors under network mempool congestion. Developers, maintainers, and operators of these applications are encouraged to investigate how replacement cycling attacks might disrupt their transactions.

An open problem related to package malleability pinning attacks is also discussed. Mitigations at the mempool level have been proposed, but replacement cycling attacks seem to offer a new way to neutralize these mitigations.

The discovery and reporting of this attack have been shared with Bitcoin Core developers, Lightning Network maintainers, and other potentially affected projects. The full disclosure of CVEs assigned to this attack is scheduled for October 16, 2023.

In conclusion, while mitigations have been implemented to address the replacement cycling attack on lightning channels, further investigation is required to assess the impact on other Bitcoin applications. The sender emphasizes the importance of not blindly trusting information and encourages technical peers and the Bitcoin community to investigate and dissent on this matter.