lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 20, 2023 21:05 UTC

The email discusses a potential attack on anchor channels in the context of lightning network.

The attack can be performed by either side of the closure, as the HTLCs are now only signed with SIGHASH_SINGLE|ANYONECANPAY. This allows for adding more inputs and performing the attack even as the broadcaster.

The sender mentions that fixing this issue on the lightning end is not the right approach. Instead, the fix needs to lie with Bitcoin Core or other parts of the mining stack. However, fixing it in Bitcoin Core would require unbounded memory, which is not feasible.

The sender suggests a possible solution involving an external piece of software. This software would monitor the mempool for transactions that were replaced but could potentially re-enter the mempool later with other replacements. These transactions would be stored on disk, and the software could optimize block template selection revenue while inadvertently fixing the attack issue.

Overall, the email highlights the need for addressing the attack issue in anchor channels and suggests exploring a solution through external software monitoring the mempool.