bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 17, 2023 18:34 UTC
The email discusses a scenario involving channels and transactions in the context of Bitcoin programming.
It mentions that without one party, referred to as "C," claiming it, another party, "B," forces the channel onchain. It states that HTLC-timeout transactions do not confirm and explains that this is because they are replaced by C's HTLC-preimage, which remains valid even after the HTLC timelock has expired. The email provides a link to a test for reference.
The email also mentions that party "A" drops the A====B channel onchain in an attempt to recover the HTLC funds. It clarifies that there is no need to consider fee rates or mempool congestion because the exploit lies in the replacement mechanism itself, specifically in a simple scenario.
Furthermore, the email discusses feerates and how CPFPs (Child-Pays-for-Parent) can be used to bump feerates for commitment transactions with low feerates. It notes that C is able to use the knowledge of the preimage, as its own incoming HTLC was already confirmed as claimed by A. It states that C broadcasts an HTLC-success transaction at block height 144, but does so at every block between blocks 100 and 144 to replace B's HTLC-timeout transaction.
Lastly, the email briefly mentions the concept of presigned transactions and why B cannot feebump the HTLC-timeout for anchor output channels, mentioning the use of sighash_single | anyonecanpay on C's signature.
Note: The farewell part of the email has been ignored as per the given rules.