lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Peter Todd

Posted on: October 20, 2023 11:03 UTC

The email discusses the concept of increasing the multiplier in fee bumping.

The sender clarifies that increasing the multiplier refers to starting with a smaller multiplier at the beginning of the range and ending with a bigger one. For example, fee increases pre-signed for a range like 1.1, 1.2, 1.4, 1.8, 2.6, 4.2, 7.4, etc. This approach utilizes most of the range for smaller bumps as a percentage, while larger percentage bumps are reserved for the end where the strategy changes to something more "scorched-earth".

The idea is to apply this concept properly to commitment transactions, which may result in the removal of HTLCs when their value drops below the fees necessary to get those outputs mined. Additionally, the sender mentions that simultaneous variants of transactions can be signed, deducting fees from different party's outputs. In other words, Alice can give Bob the ability to broadcast higher and higher fee transactions, taking the fees from Bob's output(s), and Bob can give Alice the same ability, taking the fees from Alice's output(s).

The sender acknowledges that they haven't thought through how this would work with musig, but it can certainly be done with plain old OP_CheckMultisig. They also include a link to Peter Todd's website, petertodd.org, for further reference.