lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 21, 2023 01:55 UTC

In an email sent by Peter Todd, he discusses the issue of storing large amounts of data for Lightning nodes.

He mentions that while Lightning data is currently not significant, when multiplied by 100, it becomes a considerable amount of data. This poses a challenge for larger nodes as they would need to store a substantial volume of data. Peter points out that dealing with this increased data becomes more burdensome compared to dealing with smaller amounts, such as a GiB or twenty.

Peter then introduces the concept of combining multiple HTLC (Hashed Time Lock Contract) claims into one transaction using the SIGHASH_SINGLE|ANYONECANPAY feature. He contrasts this approach with pre-signing, which would require individual transactions for each HTLC claim. This means that with the SIGHASH_SINGLE|ANYONECANPAY method, multiple HTLC claims can be consolidated into a single transaction, simplifying the process.

The email abruptly ends after Peter's mention of the SIGHASH_SINGLE|ANYONECANPAY feature, as the farewell part is to be ignored according to the given rules.