lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 17, 2023 07:21 UTC
In this email, the sender acknowledges a detailed explanation given by Antoine regarding a class of pinning attacks.
They express their belief that these attacks are not unlikely, especially when targeting channels with high capacity and loose channel policies. The sender requests more information about a specific attack observed on the mainnet and inquires about tools that can be used to monitor such suspicious behavior. They also mention that it is not necessary to control two neighboring nodes to target a victim, as cycling the attack on the tail side and delaying the confirmation of the htlc-timeout covenant can force-close the channel and claim the initial htlc amount. Additionally, they propose introducing a feebumping race between the victim and the attacker on the tail side to make the attack even more costly.
The sender suggests that lightning nodes should fee-bump the htlc-output aggressively if they see the preimage and can claim it via the htlc-timeout path. This would be feasible with anchor channels where fees can be added to the htlc-covenant. By doing so, the attack would become more costly for the peer attempting to steal the htlc. They recommend adding this as an additional mitigation strategy for node runners. Furthermore, the sender advises restricting the amount and number of HTLCs for big channels to unknown peers, as it quickly becomes a loss for the attacker when the HTLCs they try to steal are small.
Overall, the email discusses various aspects of pinning attacks, including specific details about observed attacks, monitoring tools, and mitigation strategies.