lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby David A. Harding

Posted on: October 23, 2023 08:49 UTC

In an email sent by Nadav Ivgi, he discusses the shortcomings of an approach described by Riard regarding the replacement cycle in a transaction.

Nadav presents two different scenarios.

The first scenario outlined by Nadav follows this sequence: Bob broadcasts an HTLC-timeout with input A, input B for fees, and output X. Mallory then replaces the HTLC-timeout with an HTLC-preimage using input A, input C for fees, and output Y. Finally, Mallory replaces the transaction that created input C, effectively removing the HTLC-preimage from the mempool.

However, Nadav suggests an alternative approach. In this alternative scenario, Bob still broadcasts an HTLC-timeout with input A, input B for fees, and output X. Mallory then replaces the HTLC-timeout with an HTLC-preimage using input A, input C for fees, and output Y. The crucial difference is that Mallory now uses input C to replace the HTLC-preimage with a transaction that does not include input A, thereby removing the preimage from the mempool.

Nadav highlights that the original scenario only works if input C comes from an unconfirmed transaction, making OP_CSV_ALLINPUTS effective. However, in the alternative scenario, even if input C comes from a confirmed transaction, OP_CSV_ALLINPUTS becomes ineffective.

This email provides valuable insights into the different approaches in handling the replacement cycle in a transaction and highlights the limitations of the OP_CSV_ALLINPUTS method.