lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Matt Corallo

Posted on: October 23, 2023 16:09 UTC

In an email sent by Peter Todd, he acknowledges that while the proposed change may not have a significant impact on the trust model of lightning, it still holds some value given the spammy nature of the chain.

He further adds that in cases of force-close, there are often instances of repeated failures in several HTLCs.

Peter emphasizes that the focus should not solely be on fixing lightning but rather addressing the issue at the ecosystem level. He highlights the need to avoid a policy restriction that not only disrupts the L2 network but also affects miners' earnings. According to him, this is a policy bug that needs to be fixed correctly and not rushed into.

The email provides insights into the discussion surrounding potential changes in the lightning network's trust model. It emphasizes the importance of considering the broader ecosystem and avoiding hasty fixes that could have unintended consequences. To fully comprehend the details and context of the conversation, refer to the original email by Peter Todd.