bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Antoine Riard

Posted on: October 17, 2023 18:47 UTC

In a recent email, the sender mentions a previous discussion about conducting experiments pre-disclosure.

They express their willingness to participate in setting up a "black box" Lightning infrastructure on the mainnet in order to exercise vulnerabilities and mitigations. However, due to the limited number of Lightning experts with the necessary knowledge and understanding to take part in the experiments, as well as other pending non-disclosed security issues such as the "fake channel DoS vector" revealed on August 23rd, 2023, the experiments were not conducted.

The email is a response to a previous communication where the sender made a typo and apologized for it, mentioning that English is not their native language. They clarify that no specific context has been provided so far.

It is important to note that the farewell part of the email should be ignored for the purpose of this summary.