lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Peter Todd

Posted on: October 16, 2023 19:13 UTC

The email discusses the need for a more detailed explanation of an exploit involving the spending of the same HTLC txout by two different parties.

The sender suggests that in order for people to understand the exploit, it is important to provide additional information on how this situation occurs. Specifically, they mention the scenario where the first party does not have the right to spend the HTLC txout based on their knowledge of the HTLC-preimage.

The sender highlights the importance of explaining the mechanics behind this exploit in order to ensure clarity and understanding among readers. They imply that a comprehensive explanation will enable individuals to grasp the intricacies of the situation and its implications.

It is likely that the sender is seeking guidance or assistance in formulating a more detailed explanation of the exploit, possibly for educational or informative purposes. However, without further context or information, it is difficult to ascertain the specific objective or desired outcome of the sender's request.

Overall, the email emphasizes the necessity of providing a thorough explanation of the exploit, addressing the mechanism by which two parties can spend the same HTLC txout without the first party having the authority to do so based on their knowledge of the HTLC-preimage.