lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 17, 2023 18:47 UTC
In a recent email, the sender apologizes for a typo and acknowledges that English is not their native language.
They mention a previous email from August 11, 2023, where they discussed conducting experiments related to Lightning infrastructure vulnerabilities.
The sender expresses their willingness to participate in these experiments and suggests adjusting the disclosure date based on the learnings gained. However, they note that the number of experts worldwide who have the necessary knowledge and understanding of Lightning is limited to those listed on the disclosure emails. Additionally, at the time of the email, there were other undisclosed security issues, such as the "fake channel DoS vector" revealed on August 23, 2023.
Due to these factors, the experiments mentioned were not conducted.