lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Olaoluwa Osuntokun

Posted on: October 16, 2023 22:51 UTC

The email starts with the sender expressing gratitude to Antoine for his excellent write-up and diligence in reporting an issue to various implementations.

The sender also appreciates Antoine's efforts in game planning with them regarding mitigations and attack scenarios.

The sender then clarifies that all relevant mitigations for lnd were already implemented in lnd v0.16.1-beta, which was released on April 24th, 2023. However, there were some performance regressions introduced due to these mitigations, specifically related to mempool watching.

To address this, in version 0.17.1 of lnd, they plan to utilize the new gettxspendingprevout RPC call with bitcoind. This implementation will further reduce the load and improve performance.

It is important to note that the email does not provide any links or additional information to include in the summary.