bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Morehouse

Posted on: October 16, 2023 22:10 UTC

The email discusses two main ways of spending an "offered" HTLC txout.

The first option involves a presigned multisig covenant transaction that pays to the offerer, also known as the HTLC-timeout transaction. This option can only be spent by the offerer since they hold the presigned covenant. The second option requires a preimage and the receiver's signature, and can only be spent by the receiver.

To understand the exact script used for these options, a link is provided to the GitHub repository: https://github.com/lightning/bolts/blob/master/03-transactions.mdoffered-htlc-outputs.

In summary, the email explains the two methods of spending an "offered" HTLC txout and provides a link to the specific script used for reference.