bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Olaoluwa Osuntokun

Posted on: October 16, 2023 22:51 UTC

The email begins with the sender expressing gratitude to Antoine for his excellent write-up and diligent efforts in reporting an issue to various implementations.

The sender also acknowledges Antoine's involvement in game planning regarding mitigations and attack scenarios.

The sender then provides a clarification, stating that all relevant mitigations in lnd were implemented by version 0.16.1-beta, which was released on April 24th, 2023. However, the sender mentions that some performance regressions were introduced due to these mitigations, specifically related to mempool watching. To address this, the sender states that in version 0.17.1, they will start using the new gettxspendingprevout RPC call with bitcoind to further reduce the load.

It is important to note that the email does not provide any links or additional information.