lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Original Postby Bastien TEINTURIER
Posted on: October 19, 2023 08:12 UTC
Antoine's work on the issue has been acknowledged and appreciated.
It is confirmed that Eclair v0.9.0 includes the mentioned mitigations. Since the early versions, Eclair has been monitoring the mempool for preimages, with reliance on Bitcoin Core's ZMQ notifications for incoming transactions. This ensures that the HTLC success transaction is visible, even if it gets immediately replaced (as long as the ZMQ limits are not exceeded). However, Matt suggests that further fundamental work is required at the bitcoin layer to enhance the resilience of Layer 2 protocols against such attacks.