lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Original Postby Olaoluwa Osuntokun
Posted on: October 16, 2023 22:51 UTC
In the email, the sender expresses gratitude to Antoine for their write-up and diligence in reporting an issue to various implementations.
They also mention the collaboration on mitigations and attack scenarios. There is a clarification that all relevant mitigations were implemented in lnd v0.16.1-beta, which was released on April 24th, 2023 [1]. However, there have been some performance regressions due to these mitigations, specifically related to mempool watching. To address this, in version 0.17.1, they plan to use the new gettxspendingprevout
RPC call with bitcoind to further reduce load.
[1] Link: (not provided)