bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Bastien TEINTURIER

Posted on: October 19, 2023 08:12 UTC

Antoine has been acknowledged for his work on the issue, and it is confirmed that eclair v0.9.0 includes the mentioned mitigations.

Eclair has been monitoring the mempool for preimages since its early versions, using Bitcoin Core's ZMQ notifications for incoming transactions. This ensures that the HTLC success transaction is observed, even if it is quickly replaced, as long as the ZMQ limits are not exceeded. However, Matt suggests that further fundamental work should be done at the bitcoin layer to enhance the resilience of Layer 2 protocols against such attacks. Bastien expresses gratitude for Antoine's contribution.