bitcoin-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 23, 2023 16:09 UTC

In an email sent by Peter Todd, he acknowledges a fair point made regarding the inherent spam-like nature of chain transactions.

He mentions that in cases where force-close occurs, there is often a repeated failure in several HTLCs (Hashed Time-Lock Contracts).

Peter then brings the discussion back to the trust model of Lightning Network, stating that this change does not significantly alter the existing trust model. He points out that even before this change, a malicious peer with enough effort could potentially steal funds. The additional risk introduced by this change is just one more way for them to do so.

He emphasizes the need to take a cautious approach rather than rushing to fix lightning. Instead, he suggests addressing the issue at the ecosystem level to ensure a comprehensive solution. Additionally, he raises concerns about a policy restriction that not only disrupts the L2 network but also reduces miners' earnings, considering it a policy bug.

It is important to note that the farewell part of the email has been omitted from this summary.