bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Peter Todd

Posted on: October 20, 2023 11:03 UTC

The email discusses the concept of increasing the multiplier in the context of feebumping with fee increases.

The idea is to start with a smaller multiplier at the beginning of the range and end with a bigger one. This approach allows for using most of the range for smaller bumps as a percentage, while reserving larger percentage bumps for the end when the strategy changes to something more aggressive ("scorched-earth").

Applying this idea properly to commitment transactions would involve removing HTLCs from replacements when their value drops below the fees necessary to get those outputs mined. It is also mentioned that simultaneous variants of transactions can be signed, deducting fees from different party's outputs. For example, Alice can give Bob the ability to broadcast higher and higher fee transactions, taking the fees from Bob's output(s), and vice versa. The email acknowledges that the compatibility of this approach with musig has not been fully considered, but it can be implemented with plain old OP_CheckMultisig.

To access more information on this topic, you can visit Peter Todd's website at https://petertodd.org.