bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 18, 2023 02:57 UTC
The email discusses various mitigations for lightning attacks in the context of disclosure mails.
One of the mentioned mitigations is bumping CLTV delta, which allows node operators to intervene and re-broadcast time-sensitive transactions on other interfaces. This can be particularly useful if the primary interface is eclipsed. Another mitigation mentioned is transaction re-signing, which imposes an economic cost on the attack in terms of fees or feerates.
The effectiveness of the economic cost in deterring attacks is uncertain and requires further analysis. However, the deployment of stratum v2, which increases the number of miners and their individual block templates, could make the attack more challenging. In this scenario, the attacker would need to continuously replace channels counterparties transactions in multiple miners' mempools. One potential mitigation proposed is the implementation of a replacement buffer or transaction history at the mempool level. However, its robustness is yet to be determined.
The email also suggests seeking input from individuals such as Tadge and Rusty, who have been involved in the early design of lightning, for additional ideas on mitigations. It is worth noting that fees are acknowledged as a difficult issue in the original paper referenced in the email.
Overall, the email highlights the importance of implementing mitigations beyond just mempool scanning and transaction re-signing/re-broadcasting to address lightning attacks effectively.