lightning-dev

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 / CVE-2023-40234 "All your mempool are belong to us"

Original Postby Antoine Riard

Posted on: October 17, 2023 18:34 UTC

The email discusses a scenario involving channels in the Bitcoin network, specifically the A, B, and C channels.

The main focus is on the replacement mechanism of HTLC (Hash Time-Locked Contract) transactions and the exploitation that can occur within this mechanism.

In the scenario, A attempts to recover the funds from the A====B channel through the HTLC mechanism. However, the exploit lies in the replacement mechanism itself, rather than the fee rates or mempool congestion. This means that the fee rates and mempool congestion are not relevant considerations in this case.

C broadcasts an HTLC-success transaction at block height 144 and does so at every block between blocks 100 and 144. This high feerate transaction is used to replace B's HTLC-timeout transaction. It is worth noting that B can feebump the HTLC-timeout for anchor output channels thanks to sighash_single | anyonecanpay on C's signature.

To understand the details and technical aspects of this scenario, you can refer to the test provided at the following link: GitHub Test Link.