lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Antoine Riard

Posted on: October 19, 2023 17:22 UTC

The email discusses a specific mitigation mentioned in an attached paper, which can be found at the link provided.

The mitigation is referred to as "defensive fee-rebroadcasting" and is discussed in subsection 3.4 of the paper. The sender mentions that when there is a backlog in the mempool and the defensive fractional fee HTLC-timeout gets stuck, it gives an advantage to the attacker. They also suggest that an attacker could replace-cycle multiple honest HTLC-timeouts with a single malicious HTLC-preimage, paying the absolute fee but only incurring the RBF penalty. The sender admits to not testing this specific behavior, but notes that the "fees" math doesn't appear to be in favor of the defenders. The email concludes with a farewell.