bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 20, 2023 11:18 UTC
The email discusses a potential attack scenario in which the attacker double-spends the timeout HTLC (Hash Time-Locked Contract) transaction of the victim with a pre-image revealing HTLC transaction.
The initial explanation of the attack was found to be confusing, so the sender provides their understanding of the attack.
According to their understanding, the attack begins by double-spending the victim's timeout HTLC transaction with a pre-image revealing HTLC transaction. This is not considered an attack because the victim can still safely receive their incoming HTLC using the pre-image, as the timeout hasn't expired yet.
The key aspect of the attack lies in the fact that the attacker double-spends their own transaction before it is included in the blockchain. The third transaction involved in the attack only double-spends some input controlled by the attacker, which is also used by the pre-image HTLC transaction.
In an ideal condition, the victim remains unaware of the pre-image transaction and does not know the actual pre-image. The attacker's focus is on attacking the mempool of the mining nodes. The victim may not even realize that their transaction has been replaced and might only be confused as to why it has not been mined.
It is important to note that this summary aims to provide a clear explanation of the main points discussed in the email, without relying on phrases referring to the context. The tone is formal and informative, adhering to grammatical rules and providing proper spacing after punctuation.