bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 20, 2023 10:31 UTC
The email discusses the issue of failing to use RBF (Replace-By-Fee) in pre-signed transactions.
The sender suggests that the correct approach is to pre-sign multiple different transactions to cover various fee ranges for bumping fees. By increasing the fee by 2x each time, pre-signing 10 different replacement transactions can cover a fee range of 1024x. This approach can be further improved by increasing the multiplier towards the end of the range.
The sender emphasizes that increasing per-tx (temporary) storage and bandwidth costs by ~10x or even ~100x is not a significant concern in the context of a highly scalable protocol like Lightning. They argue that there is no reason for B->C transactions to get stuck and consider it a major flaw in the Lightning protocol that needs to be addressed. They also suggest applying this fix to other aspects of the Lightning protocol, such as channel opens.
The email includes a link to Peter Todd's website (https://petertodd.org) and mentions his email address (peter[at]petertodd.org).