bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 18, 2023 00:17 UTC

There is confusion surrounding the issue and its mitigations.

The deployed mitigations are not expected to fully resolve the problem; some argue that they merely serve as a public relations statement. Two mitigations are discussed: mempool scanning and transaction re-signing/re-broadcasting.

Mempool scanning involves regularly checking the mempool of a local node to detect the replacement cycle midway. However, this method only works if the first transaction is observed before it is replaced by the second transaction. Currently, most lightning nodes run on machines with a Bitcoin node at the same IP address, making it easy for an attacker to connect to the local node and quickly execute the replacement attack without the victim noticing. Additionally, mining pools face similar discoverability, allowing an attacker to target a miner's node directly, limiting the reach of the intermediate transaction and preventing the victim from discovering it.

The second mitigation, re-signing and re-broadcasting the victim's transaction in an attempt to get it to miners even if it has been removed, may be effective against lazy attackers who have not completed their attack system. However, if the attacker has control over a significant majority of the network's hashrate, they can aggressively cycle through replacements, significantly reducing the chances of the victim's transaction being confirmed.

These mitigations, while potentially helpful in certain scenarios, do not serve as a comprehensive solution to the issue. The ultimate fix will require miners to keep a history of transactions they have seen and retry them when they may enter the mempool due to attacks like these.