lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: November 17, 2023 22:36 UTC
The discussion in the email revolves around a security vulnerability in the Lightning Network, specifically an attack vector concerning HTLC (Hashed Time-Locked Contracts) transactions within the Bitcoin mempool.
The sender, Antoine, points out that an attacker can exploit this by overbidding on the fee of the parent transaction of an HTLC-preimage. This would allow the attacker to replace the parent and potentially delay the confirmation of the replacement transaction for economic gain or even batch attack multiple targets.
Antoine explains that attackers can blind a defender's mempool by broadcasting a conflicting parent transaction, thus partitioning the defender's view of the network from the rest of the nodes. Since the mempool is part of a distributed system favoring higher fee transactions, network issues such as jitter and propagation delay are deemed irrelevant by Antoine in this context. He highlights that despite policy differences across Bitcoin implementations, the peer-to-peer transaction relay can be taken advantage of by an attacker through mass connections, filling up inbound slots of nodes at low cost.
Furthermore, Antoine challenges the belief that executing such an attack requires extremely precise timing, arguing that the probability is actually in the attacker's favor due to the average 10-minute block interval in Bitcoin. He notes that while miners could theoretically broadcast preimage replacement transactions to mitigate the attack, this mechanism is not commonly used in the current mining ecosystem and its resilience to denial-of-service attacks is questionable.
To counteract the threat, Antoine suggests that Lightning Network nodes could duplicate their mempool-monitoring to watchtower backends, which assumes that these are running on a full node. This mitigation increases the difficulty for an attacker as they would need to partition each new watchtower's mempool during an attack. However, he admits that sophisticated attackers could still neutralize this strategy.
In conclusion, Antoine recommends that developers of Lightning Network software implement the suggested mitigation, particularly for those implementations that are used by high-value routing nodes or Lightning Service Providers (LSPs), in order to enhance the robustness against such replacement attacks.