lightning-dev
Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"
Original Postby Matt Morehouse
Posted on: October 20, 2023 18:35 UTC
The email discusses the idea of applying a presigned fee multiplier to HTLC (Hashed Time Lock Contract) spends in order to prevent replacement cycles.
The proposal suggests modifying HTLC scripts so that both parties can only spend the HTLC via presigned second-stage transactions, which would be signed with SIGHASH_ALL. This modification would prevent attackers from adding inputs to their presigned transaction, making a replacement cycling attack impossible. However, implementing this solution would require more bookkeeping and result in less fee granularity when claiming HTLCs on the blockchain.