lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Posted on: October 18, 2023 00:17 UTC
There seems to be confusion surrounding the issue at hand and its mitigations.
It is important to note that the deployed mitigations are not expected to completely resolve the issue, and some argue that they only serve as a public relations statement. Two mitigations are discussed in the email - mempool scanning and transaction re-signing/re-broadcasting.
Mempool scanning involves regularly checking the mempool of a local node to intercept the replacement cycle midway. However, this method only works if the first transaction is seen before it is replaced by the second transaction. Currently, the majority of lightning nodes run on machines with a Bitcoin node on the same IP address, which makes it easy for an attacker to identify and connect to the local node of the lightning node. By doing so, the attacker can quickly execute the replacement, preventing the victim from detecting it. It is worth noting that this discoverability is also applicable to mining pools. An attacker performing this attack is likely to target a miner's node directly, limiting the reach of the intermediate transaction to only miners, making it impossible for the victim to discover it.
The second mitigation discussed is re-signing and re-broadcasting the victim's transaction in an attempt to ensure it reaches miners even if it has been removed. However, this method is considered inadequate if the attacker has control over a significant portion of the network's hashrate. In such a scenario, the attacker can aggressively and arbitrarily perform the replacement, significantly reducing the probability of the victim's transaction being confirmed.
It should be noted that the above information assumes an idealized scenario. The real-world P2P network has slow nodes and exhibits unpredictable behavior. Therefore, it is possible that these mitigations might accidentally prevent an attack if certain circumstances delay the attacker's intended actions. However, this should not be mistaken for a comprehensive solution to the issue.
Ultimately, the only effective resolution to this problem would be for miners to maintain a history of transactions they have encountered and attempt to include them in the mempool again, allowing them to enter due to an attack like this.