bitcoin-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Original Postby Matt Morehouse
Posted on: October 20, 2023 18:35 UTC
The email suggests applying the concept of a presigned fee multiplier to prevent replacement cycling attacks in HTLC spends.
The proposed solution involves modifying HTLC scripts so that both parties can only spend the HTLC via presigned second-stage transactions, which are always signed with SIGHASH_ALL. By doing so, the attacker is prevented from adding inputs to their presigned transaction, thus making a replacement cycling attack impossible. However, implementing this solution would require more bookkeeping and result in less fee granularity when claiming HTLCs on chain.