bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 16, 2023 22:10 UTC
The email discusses two main ways of spending an "offered" HTLC txout.
The first option involves a presigned multisig covenant transaction that pays to the offerer, also known as the HTLC-timeout transaction. This option can only be spent by the offerer since they hold the presigned covenant. The second option requires a preimage and the receiver's signature, and can only be spent by the receiver.
To understand the exact script used for these options, a link is provided to the GitHub repository: https://github.com/lightning/bolts/blob/master/03-transactions.mdoffered-htlc-outputs.
In summary, the email explains the two methods of spending an "offered" HTLC txout and provides a link to the specific script used for reference.