lightning-dev

Combined summary - Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Combined summary - Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

The recent programmer discussions have centered on enhancing security within the Bitcoin and Lightning Network ecosystems, particularly addressing vulnerabilities related to Hash Time Locked Contracts (HTLCs).

A significant vulnerability identified is the potential for replacement cycling attacks on HTLC-preimage transactions. To counter this threat, one suggested solution is implementing new opcodes like OP_CSV_ALLINPUTS that enforce a matching nSequence for all inputs, preventing the use of unconfirmed outputs.

The challenges of communicating vulnerabilities transparently without aiding adversaries were also examined, emphasizing the need for careful disclosure. Innovative ideas such as interleaving presigned transactions based on fees were proposed to minimize risks like mempool split and maintain network consistency. The dialogue further explored the efficiencies of different signing methods in relation to transaction sizes and fee adjustments.

Peter Todd discussed scalability issues, advocating the use of SIGHASH_SINGLE|ANYONECANPAY to consolidate multiple HTLC claims, improving data management for larger nodes. Schnorr signatures received praise for their small size and resulting reductions in latency and blockchain space usage. The Replacement-by-Fee (RBF) mechanism was favored over Child-Pays-for-Parent (CPFP) for its ability to adjust transaction fees after submission, although CPFP might still be beneficial in certain cases.

Several attack scenarios within the LN were scrutinized, highlighting the importance of proactive monitoring and adjusting CLTV delta values by nodes. Questions about the utility of anchor outputs if comprehensive pre-signing practices are in place were raised. SIGHASH_SINGLE|ANYONECANPAY vulnerabilities in anchor channels were recognized, with suggestions pointing towards core-level solutions or external software for block template optimization rather than direct patches to the lightning protocol.

The author corrected a misinterpretation regarding stepping down from lightning development, stressing the importance of community consensus in making changes to Bitcoin's security architecture and expressing a shift in focus to Bitcoin Core development.

In the context of defensive strategies, aggressive fee-bumping is suggested as a temporary mitigation measure against attackers exploiting mempool congestion. The Eclair v0.9.0 release included such mitigations, but there is an understanding that more permanent bitcoin layer solutions are needed to strengthen Layer 2 protocols. Suggestions include introducing a mempool transaction buffer or history and valuing insights from experienced lightning developers.

Mempool scanning effectiveness is limited due to attackers' capabilities to quickly replace transactions, and reliance on unpredictable peer-to-peer network behavior is not seen as reliable. Instead, miners maintaining a transaction history could offer a more stable defense.

The acknowledgment of past language errors and an openness to experiment to uncover security vulnerabilities were mentioned. The "fake channel DoS vector" discovered in August 2023 exemplifies unrevealed security issues impacting these efforts. Technical discussions also outlined the risk of attacks on high-capacity LN channels with lax policies—risks highlighted through controlled experiments but not yet observed on the mainnet. Monitoring tools and aggressive fee-bumping strategies were advised for operators, along with caution when dealing with large volumes of HTLCs from unknown peers.

Performance regressions linked to mempool watching in lnd updates are being addressed in upcoming versions through new RPC calls with bitcoind. The threat of transaction-relay jamming attacks adds to the list of concerns, underlining the necessity for ongoing research and collective efforts to enhance the Lightning Network's security.

For those interested in technical insights, a GitHub test link was provided for detailed examination. The conversations underscore the complexity of securing cryptocurrency transactions and stress the need for systemic improvements at the base layer to safeguard against sophisticated threats.

Discussion History

0
Antoine RiardOriginal Post
October 16, 2023 16:57 UTC
1
October 16, 2023 16:57 UTC
2
October 16, 2023 19:13 UTC
3
October 16, 2023 22:10 UTC
4
October 16, 2023 22:51 UTC
5
October 16, 2023 22:51 UTC
6
October 17, 2023 01:11 UTC
7
October 17, 2023 07:21 UTC
8
October 17, 2023 07:21 UTC
9
October 17, 2023 10:34 UTC
10
October 17, 2023 10:34 UTC
11
October 17, 2023 17:47 UTC
12
October 17, 2023 17:47 UTC
13
October 17, 2023 18:34 UTC
14
October 17, 2023 18:34 UTC
15
October 17, 2023 18:47 UTC
16
October 17, 2023 18:47 UTC
17
October 18, 2023 00:17 UTC
18
October 18, 2023 00:17 UTC
19
October 18, 2023 02:57 UTC
20
October 18, 2023 02:57 UTC
21
October 19, 2023 08:12 UTC
22
October 19, 2023 08:12 UTC
23
October 19, 2023 16:23 UTC
24
October 19, 2023 16:23 UTC
25
October 19, 2023 17:22 UTC
26
October 19, 2023 17:22 UTC
27
October 19, 2023 17:53 UTC
28
October 19, 2023 17:53 UTC
29
October 19, 2023 18:02 UTC
30
October 19, 2023 18:02 UTC
31
October 19, 2023 19:33 UTC
32
October 19, 2023 19:33 UTC
33
October 20, 2023 06:56 UTC
34
October 20, 2023 06:56 UTC
35
October 20, 2023 10:31 UTC
36
October 20, 2023 10:31 UTC
37
October 20, 2023 10:47 UTC
38
October 20, 2023 11:03 UTC
39
October 20, 2023 11:03 UTC
40
October 20, 2023 11:18 UTC
41
October 20, 2023 18:35 UTC
42
October 20, 2023 18:35 UTC
43
October 20, 2023 21:05 UTC
44
October 20, 2023 21:05 UTC
45
October 21, 2023 00:15 UTC
46
October 21, 2023 00:15 UTC
47
October 21, 2023 00:18 UTC
48
October 21, 2023 00:18 UTC
49
October 21, 2023 01:03 UTC
50
October 21, 2023 01:03 UTC
51
October 21, 2023 01:25 UTC
52
October 21, 2023 01:25 UTC
53
October 21, 2023 01:55 UTC
54
October 21, 2023 01:55 UTC
55
October 21, 2023 02:43 UTC
56
October 21, 2023 02:43 UTC
57
October 21, 2023 14:21 UTC
58
October 21, 2023 20:05 UTC
59
October 21, 2023 20:05 UTC
60
October 22, 2023 04:49 UTC
61
October 22, 2023 04:49 UTC
62
October 23, 2023 08:49 UTC
63
October 23, 2023 08:49 UTC
64
October 23, 2023 16:09 UTC
65
October 23, 2023 16:09 UTC
66
October 27, 2023 00:43 UTC
67
October 27, 2023 00:43 UTC
68
November 2, 2023 04:46 UTC
69
November 17, 2023 22:36 UTC