lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby ziggie1984

Posted on: October 17, 2023 07:21 UTC

In this email, the sender, ziggie, is responding to a previous message from Antoine regarding pinning attacks in Lightning Network.

Ziggie acknowledges the possibility of such attacks, especially when targeting channels with high capacity and loose channel policies. They request more details about the observed attack on the mainnet and inquire about any available tools to monitor suspicious behavior.

Ziggie also highlights that it is not necessary to control two neighboring nodes to target a victim. By cycling the attack on the tail side and delaying the confirmation of the htlc-timeout covenant, the peer at the front of the victim's incoming link will force-close the channel and claim their timeout-path in the same manner. This effectively cancels the initial htlc amount back to the attacker's initial node.

Furthermore, Ziggie suggests introducing a feebumping race between the victim and the attacker on the tail side of the attack to make it even more costly. Currently, lightning nodes extract the preimage when they see it in the mempool and do not try to race the transaction output. Ziggie proposes that if the preimage is seen and can be claimed via the htlc-timeout path, aggressive fee-bumping should be done to race the htlc-output along with grabbing the preimage and claiming it on the incoming side. This approach is only feasible with anchor channels where fees can be added to the htlc-covenant.

To further mitigate these attacks, Ziggie suggests restricting the amount and number of HTLCs for big channels to unknown peers. This would limit losses when the HTLCs that the attacker tries to steal are small.

Overall, the email discusses the potential risks and details of pinning attacks in Lightning Network and proposes various strategies to mitigate them.