bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 19, 2023 16:23 UTC
The email discusses a potential defense mechanism against an attacker in a scenario where an honest node aggressively fee-bumps and retransmits the HTLC-timeout as the CLTV delta deadline approaches.
The approach, referred to as the "scorched earth" approach, involves the honest node increasing the fee by 1/10th of the HTLC value for each non-confirmation within 10 blocks of the deadline. This strategy may result in considerable fees for the honest node but would cost the attacker even more, as each replacement made by the attacker needs to burn at least as much as the HTLC-timeout fees. Additionally, the attacker would need to perform a replacement every time the honest node fee bumps.
The suggested fee-bumping policy aims to provide sufficient defense against the attacker, even if the attacker is replacement-cycling directly in miners' mempools and the victim has no visibility into the attack. By implementing this strategy, the honest node can potentially deter the attacker and incur higher costs for them. The email does not provide further details or examples related to this defense mechanism.