lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Antoine Riard

Posted on: October 17, 2023 18:34 UTC

The email discusses the channel interactions between three parties, A, B, and C, in the context of HTLC (Hash Time Locked Contract) transactions.

It explains that when C does not claim a particular transaction, B forces the B====C channel on-chain. The HTLC-timeout transaction is replaced by C's HTLC-preimage, which remains valid even after the HTLC timelock between B and C has expired. This HTLC-preimage is then replaced itself.

The email also mentions that A drops the A====B channel on-chain in order to recover the HTLC funds. It clarifies that there is no need to consider fee rates or mempool congestion, as the exploit lies in the replacement mechanism itself.

Furthermore, the email discusses low feerates and how CPFPs (Child-Pays-For-Parent) can be used to bump the commitment transaction. It notes that C is able to use the knowledge of the preimage because its own incoming HTLC has already been confirmed as claimed by A.

The email then highlights that C broadcasts an HTLC-success transaction at block height 144, but does so at every block between blocks 100 and 144 to replace B's HTLC-timeout transaction. It also mentions that B cannot feebump it because the HTLC-success transaction is presigned in this case, and explains why B cannot feebump the HTLC-timeout for anchor output channels.

Overall, the email provides detailed insights into the interactions between A, B, and C in relation to HTLC transactions and the replacement mechanism involved.